xehook | 1f64bc9469a33c77561e22beea18d9bbdd343dae89bc6f02bc85e24873d93f4e | Triage

Submit
Reports

Overview

overview

Static

static

2fa8c24b42...2a.exe

windows7-x64

2fa8c24b42...2a.exe

windows10-2004-x64

Resubmissions

05-05-2024 02:01

240505-cfwftaed23 10

03-03-2024 18:34

240303-w76kmseh68 10

03-03-2024 18:33

240303-w7jqwaeb8v 10

03-03-2024 18:30

240303-w5g49seg83 10

Sharing

General

Target

2fa8c24b42f6542a290d85a9a3723e2a.exe
Size

328KB
Sample

240505-cfwftaed23
MD5

2fa8c24b42f6542a290d85a9a3723e2a
SHA1

d7a518d0d6eae7732a59c6a7c397f0777d111255
SHA256

1f64bc9469a33c77561e22beea18d9bbdd343dae89bc6f02bc85e24873d93f4e
SHA512

764731d7ac9329083fc3a3db505b12c0a0f63ef3de3f07db80ebaab237a698b980961daaaa6b14b49ea63f93d5a848e81de6a50898c36f8609109c3ef70dc6db
SSDEEP

6144:3eY+jinF8jE9sKKegRcd2cS8ADT+5amtQuicddRp:fJf5vr9AuYOp

Score

10^/10

xehook zgrat rat spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2fa8c24b42f6542a290d85a9a3723e2a.exe

Resource

win7-20240221-en

xehook zgrat rat spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

2fa8c24b42f6542a290d85a9a3723e2a.exe

Resource

win10v2004-20240426-en

xehook zgrat rat spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  2fa8c24b42f6542a290d85a9a3723e2a.exe
- Size
  
  328KB
- MD5
  
  2fa8c24b42f6542a290d85a9a3723e2a
- SHA1
  
  d7a518d0d6eae7732a59c6a7c397f0777d111255
- SHA256
  
  1f64bc9469a33c77561e22beea18d9bbdd343dae89bc6f02bc85e24873d93f4e
- SHA512
  
  764731d7ac9329083fc3a3db505b12c0a0f63ef3de3f07db80ebaab237a698b980961daaaa6b14b49ea63f93d5a848e81de6a50898c36f8609109c3ef70dc6db
- SSDEEP
  
  6144:3eY+jinF8jE9sKKegRcd2cS8ADT+5amtQuicddRp:fJf5vr9AuYOp
Score

10^/10

xehook zgrat rat spyware stealer
- Detect Xehook Payload
- Detect ZGRat V1
- Xehook stealer
  Xehook is an infostealer written in C#.
  stealer xehook
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xehookzgratratspywarestealer

behavioral2

xehookzgratratspywarestealer

© 2018-2024

Terms | Privacy