871761e2556c306e5507c278fee29c3f507d4eb0efac36cb98dc432daa15784f

Resubmissions

23-04-2023 17:07

230423-vm2waagc9v 7

23-04-2023 17:03

230423-vkr83aeg34 7

23-04-2023 16:56

230423-vf3h8sef88 7

Sharing

Copy URL

Twitter E-mail

General

Target

Hexa v1.5.zip
Size

21.5MB
Sample

230423-vf3h8sef88
MD5

fff80170492a9c4a8f4948ded88a36ae
SHA1

f1523517319cb5717cee0f06ae3500dca3be2a07
SHA256

871761e2556c306e5507c278fee29c3f507d4eb0efac36cb98dc432daa15784f
SHA512

7f37c7b76c1adb990f310282902a737b257689ee82141a0c291363399769f5cf63209e0028c112b519af5d2ceb8a09dad92cc1ad32d5ea9e023886d5edea10e5
SSDEEP

393216:hjsBtdiiH+F7w7ifc8Ms68AbEupoQIx+q03woJxKK9S0bj+rTObuHPXvL9Qk:hoBfiiH+hjfcttnAupoNx/awoJxKIS0E

Score

7^/10

Malware Config

Targets

- Target
  
  Hexa v1.5.zip
- Size
  
  21.5MB
- MD5
  
  fff80170492a9c4a8f4948ded88a36ae
- SHA1
  
  f1523517319cb5717cee0f06ae3500dca3be2a07
- SHA256
  
  871761e2556c306e5507c278fee29c3f507d4eb0efac36cb98dc432daa15784f
- SHA512
  
  7f37c7b76c1adb990f310282902a737b257689ee82141a0c291363399769f5cf63209e0028c112b519af5d2ceb8a09dad92cc1ad32d5ea9e023886d5edea10e5
- SSDEEP
  
  393216:hjsBtdiiH+F7w7ifc8Ms68AbEupoQIx+q03woJxKK9S0bj+rTObuHPXvL9Qk:hoBfiiH+hjfcttnAupoNx/awoJxKIS0E
Score

1^/10
behavioral1 behavioral2
- Target
  
  Hexa v1.5/Hexa/Community/Scripts/AdvancedMode.dll
- Size
  
  111B
- MD5
  
  07dcc6ab899f8bab6294f402f0e8050b
- SHA1
  
  8aed7860954031f41561c29f33eaf57dcaf6f0f0
- SHA256
  
  6b9f598b3f655cc079c4534e65aa097209cafa6b158e766f1ab654be4cf13a9b
- SHA512
  
  4b8e19676cb4e300d40a5a83d7cf1fa034e78ab01230bf78d70dc9d4408d0c0578b98bf73ab3ad5d2ffb1b142609ae83fa96164fca92def4b52ad4274975c42c
Score

1^/10
behavioral3 behavioral4
- Target
  
  Hexa v1.5/Hexa/Community/Scripts/CommunityScriptsLoader.dll
- Size
  
  111B
- MD5
  
  07dcc6ab899f8bab6294f402f0e8050b
- SHA1
  
  8aed7860954031f41561c29f33eaf57dcaf6f0f0
- SHA256
  
  6b9f598b3f655cc079c4534e65aa097209cafa6b158e766f1ab654be4cf13a9b
- SHA512
  
  4b8e19676cb4e300d40a5a83d7cf1fa034e78ab01230bf78d70dc9d4408d0c0578b98bf73ab3ad5d2ffb1b142609ae83fa96164fca92def4b52ad4274975c42c
Score

1^/10
behavioral5 behavioral6
- Target
  
  Hexa v1.5/Hexa/Community/Scripts/PreMadeScripts.dll
- Size
  
  111B
- MD5
  
  07dcc6ab899f8bab6294f402f0e8050b
- SHA1
  
  8aed7860954031f41561c29f33eaf57dcaf6f0f0
- SHA256
  
  6b9f598b3f655cc079c4534e65aa097209cafa6b158e766f1ab654be4cf13a9b
- SHA512
  
  4b8e19676cb4e300d40a5a83d7cf1fa034e78ab01230bf78d70dc9d4408d0c0578b98bf73ab3ad5d2ffb1b142609ae83fa96164fca92def4b52ad4274975c42c
Score

1^/10
behavioral7 behavioral8
- Target
  
  Hexa v1.5/Hexa/Community/Scripts/ScriptMaker.dll
- Size
  
  111B
- MD5
  
  07dcc6ab899f8bab6294f402f0e8050b
- SHA1
  
  8aed7860954031f41561c29f33eaf57dcaf6f0f0
- SHA256
  
  6b9f598b3f655cc079c4534e65aa097209cafa6b158e766f1ab654be4cf13a9b
- SHA512
  
  4b8e19676cb4e300d40a5a83d7cf1fa034e78ab01230bf78d70dc9d4408d0c0578b98bf73ab3ad5d2ffb1b142609ae83fa96164fca92def4b52ad4274975c42c
Score

1^/10
behavioral10 behavioral9
- Target
  
  Hexa v1.5/Hexa/Community/Scripts/SimpleMode.dll
- Size
  
  111B
- MD5
  
  07dcc6ab899f8bab6294f402f0e8050b
- SHA1
  
  8aed7860954031f41561c29f33eaf57dcaf6f0f0
- SHA256
  
  6b9f598b3f655cc079c4534e65aa097209cafa6b158e766f1ab654be4cf13a9b
- SHA512
  
  4b8e19676cb4e300d40a5a83d7cf1fa034e78ab01230bf78d70dc9d4408d0c0578b98bf73ab3ad5d2ffb1b142609ae83fa96164fca92def4b52ad4274975c42c
Score

1^/10
behavioral11 behavioral12
- Target
  
  Hexa v1.5/Hexa/GPUCache/data_0
- Size
  
  8KB
- MD5
  
  cf89d16bb9107c631daabf0c0ee58efb
- SHA1
  
  3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
- SHA256
  
  d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
- SHA512
  
  8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
- SSDEEP
  
  3:MsFl:/F
Score

1^/10
behavioral13 behavioral14
- Target
  
  Hexa v1.5/Hexa/GPUCache/data_1
- Size
  
  264KB
- MD5
  
  a2f848b51d476a36277d3e11f287c954
- SHA1
  
  b242accfff82d1f57216fe0b39dc970c1da38dc0
- SHA256
  
  9aef81c758b6eafa612eb87224583b55ac141e95cc9a8820ec0f870407f6e7c1
- SHA512
  
  4f23336ae6de9e091f5026765df69238064245310c1ae657d2396aa07d93448ac811cd1590f47a8dc845db7381e41f9af0bb0ed314243276193b39aa4ce56bac
- SSDEEP
  
  3:MsEllllkEthXllkl2zEalld3l:/M/xT02z5b
Score

1^/10
behavioral15 behavioral16
- Target
  
  Hexa v1.5/Hexa/GPUCache/data_2
- Size
  
  8KB
- MD5
  
  0962291d6d367570bee5454721c17e11
- SHA1
  
  59d10a893ef321a706a9255176761366115bedcb
- SHA256
  
  ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
- SHA512
  
  f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
- SSDEEP
  
  3:MsHlDll:/H
Score

1^/10
behavioral17 behavioral18
- Target
  
  Hexa v1.5/Hexa/GPUCache/data_3
- Size
  
  8KB
- MD5
  
  41876349cb12d6db992f1309f22df3f0
- SHA1
  
  5cf26b3420fc0302cd0a71e8d029739b8765be27
- SHA256
  
  e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
- SHA512
  
  e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
- SSDEEP
  
  3:MsGl3ll:/y
Score

1^/10
behavioral19 behavioral20
- Target
  
  Hexa v1.5/Hexa/GPUCache/index
- Size
  
  256KB
- MD5
  
  e35356ad541f2352573193430be31a51
- SHA1
  
  501ec9f344eea9a05e9012bd005bfb09ae7cd56e
- SHA256
  
  e07715fe66503e1b5dc7a56e323a3145b99c86680c61ed2ca6213c3e7ecdbd95
- SHA512
  
  f03ffdf9d748f9c393ae50b73f406c52bdd9f27c3ac32348ceeef4959f94c551a980e11503a55302c87918ba44a2602e7e08c78647ec7abe61afc78bcfd76880
- SSDEEP
  
  3:LsFlZlkEllkll/ldo+:LsFaMlEtO
Score

1^/10
behavioral21 behavioral22
- Target
  
  Hexa v1.5/Hexa/HexaBuilder.exe
- Size
  
  17.7MB
- MD5
  
  31f58c41699087b5d3fce3aa878c245b
- SHA1
  
  1faabe7901df291e5a7436b0779a3d41e6c65e25
- SHA256
  
  785b4e96fc1b0eaa7699e806c5adb47c9eb84a5c17e9e52c70f4d1716be07acc
- SHA512
  
  aba3b8aec00ecda59ccce171f75af1553be29eaffa315235da761d2816ec7150104da681be96e5fb45b7508b39c11120ef013608cf72c3d09fd7a8eb62423a55
- SSDEEP
  
  393216:t2u7L/mT9dM/ISWdQuslN/m3pql96/oWOv+9fIWBJHUxjyLNbUy:t2CLeTT6ISWdQu4KyQ/orvSQ00xjqNbP
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral23 behavioral24
- Target
  
  Hexa v1.5/Hexa/HexaUI.config
- Size
  
  438B
- MD5
  
  909df77c711b4133a8f8560483ec2bb3
- SHA1
  
  8df8505ec0a0dd670b4044c641e772f6ded485a1
- SHA256
  
  c49ed8da5765f33cc854cf13ee0c33ed65d4eba6843c24d05e321e3b40f4a68c
- SHA512
  
  0547bae72cd75ad753ddd95c12b7a42b8b3285a3384925cf738c4cc6835c6dd21d16a6206662c4a723fcf348da7e62db3585564782c7daad49b765b43accb28d
Score

3^/10
behavioral25 behavioral26
- Target
  
  Hexa v1.5/Hexa/Hexal.dll
- Size
  
  3.7MB
- MD5
  
  e85fedf3928c13d5a919496a4ba2a4db
- SHA1
  
  d89f8e39e7acfd63ca1e014c6c26aa159669a824
- SHA256
  
  64a2a4edaaa4a1018b9897a48cbbc2c488f253fb4482ba7e7e55b83c9bd8ff7d
- SHA512
  
  1810cff90767d15244c16c14d2e50c1fcdc6e4dfcffa8ae7f9d132df7dc229cc6cc380ebb1b3d1a7b897980a9513c25a32d626fd719f9bc947531d72faca049a
- SSDEEP
  
  98304:4npYPEZDnDDMfUF+G/d0cYVUTkq3Lzl+vk8mxQfq:2pN/DMUFdd0cYVUT33LzIvdbfq
Score

3^/10
behavioral27 behavioral28
- Target
  
  Hexa v1.5/Hexa/Injector.dll
- Size
  
  1.2MB
- MD5
  
  0269c75dcc4b69fa486105f17204440e
- SHA1
  
  2bf825518d3b1dd1eac0efb3a80e070341c2baf9
- SHA256
  
  7f5caf651fc11515459f9fa3bab09b680759403580d261987995cf8fbb8922cc
- SHA512
  
  3229e4685f5c991328ece5902fc1a40c91e37a44f9831bcebced28dd6146465bfba38112da166b10759bf78f1a86e4efbc186ab4b58e316a2737f6f9f7a81b12
- SSDEEP
  
  24576:GtFl9D3JOxiUdnyqyiDZ64176RrZReSB1GOK7V8C/QS1+3VBnTuzf:GtFkQa8416RrZReSBoOs/QSEfnKzf
Score

1^/10
behavioral29 behavioral30
- Target
  
  Hexa v1.5/Hexa/©COPYRIGHT.txt
- Size
  
  31B
- MD5
  
  4643e067d56df3ecbd35129f52a5b199
- SHA1
  
  5b885235ef521486a0cb889325f1d3dc4e493986
- SHA256
  
  991ca9011d036337395149a4d3229c29f060b86f846e4f147fd602448428916d
- SHA512
  
  a3935d7d75b51a68c59d977f340c00035e928c8fe0cccb220019338d23eb49b8b4add1b3b01eeabbfb81d2e0988412aa3b992fe5555c461e5fe73ab4fc82e1fa
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Credentials in Files

T1081

Discovery

Process Discovery

T1057

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Drops startup file

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32