Overview

overview

10

Static

static

3

xkowhook v2.exe

windows7-x64

7

xkowhook v2.exe

windows10-2004-x64

10

Stub.pyc

windows7-x64

3

Stub.pyc

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    xkowhook v2.exe

  • Size

    10.8MB

  • Sample

    240826-p8e1ravdkf

  • MD5

    fad1255f32bd8e586b502d6834f1965a

  • SHA1

    459862ff8a65e2c4846a9ff4c3fff90d3b16fec2

  • SHA256

    f0e3a7604967b28a7902c8a5db1a9e60453a65048359f97d41e2e374de6bbaab

  • SHA512

    334ea48c00484849f86f061e954cb2af65eaea5bc65ca1bdf6ef16d86e88a9021f76cadd4993826e04b327c4d63a2e28e77e8c4fac0b68bcaf45ff1b2dc3de99

  • SSDEEP

    196608:F5t3cANrPA4mtSHeNvX+wfm/pf+xfdkR0ZWKsnarIWOzW0DaqkH:zavvtSUvX+9/pWFGRiBsnarIWeRaDH

Score
10/10
exelastealercollectioncredential_accessdefense_evasiondiscoverypersistenceprivilege_escalationpyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      xkowhook v2.exe

    • Size

      10.8MB

    • MD5

      fad1255f32bd8e586b502d6834f1965a

    • SHA1

      459862ff8a65e2c4846a9ff4c3fff90d3b16fec2

    • SHA256

      f0e3a7604967b28a7902c8a5db1a9e60453a65048359f97d41e2e374de6bbaab

    • SHA512

      334ea48c00484849f86f061e954cb2af65eaea5bc65ca1bdf6ef16d86e88a9021f76cadd4993826e04b327c4d63a2e28e77e8c4fac0b68bcaf45ff1b2dc3de99

    • SSDEEP

      196608:F5t3cANrPA4mtSHeNvX+wfm/pf+xfdkR0ZWKsnarIWOzW0DaqkH:zavvtSUvX+9/pWFGRiBsnarIWeRaDH

    Score
    10/10
    upxexelastealercollectioncredential_accessdefense_evasiondiscoverypersistenceprivilege_escalationpyinstallerspywarestealer

    • Exela Stealer

      Exela Stealer is an open source stealer originally written in .NET and later transitioned to Python that was first observed in August 2023.

      stealerexelastealer

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

      collection

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Network Service Discovery

      Attempt to gather information on host's network.

      discovery

    • Enumerates processes with tasklist

      discovery

    • Hide Artifacts: Hidden Files and Directories

      defense_evasion
    behavioral1behavioral2

    • Target

      Stub.pyc

    • Size

      875KB

    • MD5

      9dbf6a4b30e6043bf50b3aab03003a00

    • SHA1

      4bf06145318775f2d3d179dd5355c38616462d78

    • SHA256

      9d9477ce7b8c679ecca55add74d4d0e397ab09ba73fa9d52dbdee9f7ad585614

    • SHA512

      f553227ffc7b56d9f96d2cec0dc2de60d2a405ae482d6aa405e3c6121e50b6f1d7317450f1ee497379d65178107c10862f4d086e1461f47dfb956b1228adc385

    • SSDEEP

      24576:mASWpGCsTo1NLroilJoNIaEGcMb5E9IgbFReYjCntcOos:mGTkzRcqeFFO7

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Browser Information Discovery

1
T1217

Network Service Discovery

1
T1046

Process Discovery

1
T1057

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Wi-Fi Discovery

1
T1016.002

Lateral Movement

Collection

Clipboard Data

1
T1115

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Tasks