{
	"id": "dd2f6ee9-3152-4c2d-b966-09ba63be7ac1",
	"created_at": "2026-04-06T00:15:50.488589Z",
	"updated_at": "2026-04-10T13:12:38.460047Z",
	"deleted_at": null,
	"sha1_hash": "e939d39e6a442b7fb2101be27ace2d28315d0a87",
	"title": "The Spamhaus Project (@spamhaus@infosec.exchange)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 35785,
	"plain_text": "The Spamhaus Project (@spamhaus@infosec.exchange)\r\nBy The Spamhaus Project\r\nPublished: 2024-02-28 · Archived: 2026-04-05 13:22:18 UTC\r\n❗Spamhaus Researchers observed a new version of \"Xehook Stealer\" downloaded by Smokeloader. The stealer\r\nhas similarities with Agniane Stealer, another malware written by the same author.\r\nIn this case, the stealer is performing a GET request to get the following configuration (Image 1).\r\nBased on its properties, it appears to be targeting cryptocurrency-related domains, as well as applications. This is\r\nfurther confirmed by the embedded configuration inside the stealer where the build ID is \"cryptostage\" with\r\nversion \"2.0.8 Stable\" (Image 2).\r\nHere is the URL and sample hash on @abuse_ch's URLHaus Database:\r\nhttps://urlhaus.abuse.ch/url/2771798/\r\nSource: https://infosec.exchange/@spamhaus/112008862430254522\r\nhttps://infosec.exchange/@spamhaus/112008862430254522\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://infosec.exchange/@spamhaus/112008862430254522"
	],
	"report_names": [
		"112008862430254522"
	],
	"threat_actors": [],
	"ts_created_at": 1775434550,
	"ts_updated_at": 1775826758,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e939d39e6a442b7fb2101be27ace2d28315d0a87.pdf",
		"text": "https://archive.orkl.eu/e939d39e6a442b7fb2101be27ace2d28315d0a87.txt",
		"img": "https://archive.orkl.eu/e939d39e6a442b7fb2101be27ace2d28315d0a87.jpg"
	}
}