SYMBOLCOMMON_NAMEaka. SYNONYMS
win.xehook (Back to overview)

XehookStealer


Xehook is a .NET-based malware targeting Windows systems. It collects data from Chromium and Gecko browsers, supporting over 110 cryptocurrencies and 2FA extensions. CRIL found a potential link between Xehook Stealer, Agniane, and the Cinoshi project, suggesting a progression from a free MaaS model to the development of Xehook Stealer. SmokeLoader binaries were identified as a common vector for distributing Xehook Stealer. Xehook Stealer shares code overlaps with Agniane Stealer, indicating an evolutionary relationship.

References
2024-03-12cybleCyble
Xehook Stealer: Evolution of Cinoshi’s Project Targeting Over 100 Cryptocurrencies and 2FA Extensions (paywall)
XehookStealer

There is no Yara-Signature yet.