871761e2556c306e5507c278fee29c3f507d4eb0efac36cb98dc432daa15784f

Resubmissions

23/04/2023, 17:07

230423-vm2waagc9v 7

23/04/2023, 17:03

230423-vkr83aeg34 7

23/04/2023, 16:56

230423-vf3h8sef88 7

Sharing

Copy URL

Twitter E-mail

General

Target

Hexa v1.5.zip
Size

21.5MB
Sample

230423-vkr83aeg34
MD5

fff80170492a9c4a8f4948ded88a36ae
SHA1

f1523517319cb5717cee0f06ae3500dca3be2a07
SHA256

871761e2556c306e5507c278fee29c3f507d4eb0efac36cb98dc432daa15784f
SHA512

7f37c7b76c1adb990f310282902a737b257689ee82141a0c291363399769f5cf63209e0028c112b519af5d2ceb8a09dad92cc1ad32d5ea9e023886d5edea10e5
SSDEEP

393216:hjsBtdiiH+F7w7ifc8Ms68AbEupoQIx+q03woJxKK9S0bj+rTObuHPXvL9Qk:hoBfiiH+hjfcttnAupoNx/awoJxKIS0E

Score

7^/10

Malware Config

Targets

- Target
  
  Hexa v1.5.zip
- Size
  
  21.5MB
- MD5
  
  fff80170492a9c4a8f4948ded88a36ae
- SHA1
  
  f1523517319cb5717cee0f06ae3500dca3be2a07
- SHA256
  
  871761e2556c306e5507c278fee29c3f507d4eb0efac36cb98dc432daa15784f
- SHA512
  
  7f37c7b76c1adb990f310282902a737b257689ee82141a0c291363399769f5cf63209e0028c112b519af5d2ceb8a09dad92cc1ad32d5ea9e023886d5edea10e5
- SSDEEP
  
  393216:hjsBtdiiH+F7w7ifc8Ms68AbEupoQIx+q03woJxKK9S0bj+rTObuHPXvL9Qk:hoBfiiH+hjfcttnAupoNx/awoJxKIS0E
Score

1^/10
behavioral1
- Target
  
  Hexa v1.5/Hexa/Community/Scripts/AdvancedMode.dll
- Size
  
  111B
- MD5
  
  07dcc6ab899f8bab6294f402f0e8050b
- SHA1
  
  8aed7860954031f41561c29f33eaf57dcaf6f0f0
- SHA256
  
  6b9f598b3f655cc079c4534e65aa097209cafa6b158e766f1ab654be4cf13a9b
- SHA512
  
  4b8e19676cb4e300d40a5a83d7cf1fa034e78ab01230bf78d70dc9d4408d0c0578b98bf73ab3ad5d2ffb1b142609ae83fa96164fca92def4b52ad4274975c42c
Score

1^/10
behavioral2
- Target
  
  Hexa v1.5/Hexa/Community/Scripts/CommunityScriptsLoader.dll
- Size
  
  111B
- MD5
  
  07dcc6ab899f8bab6294f402f0e8050b
- SHA1
  
  8aed7860954031f41561c29f33eaf57dcaf6f0f0
- SHA256
  
  6b9f598b3f655cc079c4534e65aa097209cafa6b158e766f1ab654be4cf13a9b
- SHA512
  
  4b8e19676cb4e300d40a5a83d7cf1fa034e78ab01230bf78d70dc9d4408d0c0578b98bf73ab3ad5d2ffb1b142609ae83fa96164fca92def4b52ad4274975c42c
Score

1^/10
behavioral3
- Target
  
  Hexa v1.5/Hexa/Community/Scripts/PreMadeScripts.dll
- Size
  
  111B
- MD5
  
  07dcc6ab899f8bab6294f402f0e8050b
- SHA1
  
  8aed7860954031f41561c29f33eaf57dcaf6f0f0
- SHA256
  
  6b9f598b3f655cc079c4534e65aa097209cafa6b158e766f1ab654be4cf13a9b
- SHA512
  
  4b8e19676cb4e300d40a5a83d7cf1fa034e78ab01230bf78d70dc9d4408d0c0578b98bf73ab3ad5d2ffb1b142609ae83fa96164fca92def4b52ad4274975c42c
Score

1^/10
behavioral4
- Target
  
  Hexa v1.5/Hexa/Community/Scripts/ScriptMaker.dll
- Size
  
  111B
- MD5
  
  07dcc6ab899f8bab6294f402f0e8050b
- SHA1
  
  8aed7860954031f41561c29f33eaf57dcaf6f0f0
- SHA256
  
  6b9f598b3f655cc079c4534e65aa097209cafa6b158e766f1ab654be4cf13a9b
- SHA512
  
  4b8e19676cb4e300d40a5a83d7cf1fa034e78ab01230bf78d70dc9d4408d0c0578b98bf73ab3ad5d2ffb1b142609ae83fa96164fca92def4b52ad4274975c42c
Score

1^/10
behavioral5
- Target
  
  Hexa v1.5/Hexa/Community/Scripts/SimpleMode.dll
- Size
  
  111B
- MD5
  
  07dcc6ab899f8bab6294f402f0e8050b
- SHA1
  
  8aed7860954031f41561c29f33eaf57dcaf6f0f0
- SHA256
  
  6b9f598b3f655cc079c4534e65aa097209cafa6b158e766f1ab654be4cf13a9b
- SHA512
  
  4b8e19676cb4e300d40a5a83d7cf1fa034e78ab01230bf78d70dc9d4408d0c0578b98bf73ab3ad5d2ffb1b142609ae83fa96164fca92def4b52ad4274975c42c
Score

1^/10
behavioral6
- Target
  
  Hexa v1.5/Hexa/GPUCache/data_0
- Size
  
  8KB
- MD5
  
  cf89d16bb9107c631daabf0c0ee58efb
- SHA1
  
  3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
- SHA256
  
  d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
- SHA512
  
  8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
- SSDEEP
  
  3:MsFl:/F
Score

1^/10
behavioral7
- Target
  
  Hexa v1.5/Hexa/GPUCache/data_1
- Size
  
  264KB
- MD5
  
  a2f848b51d476a36277d3e11f287c954
- SHA1
  
  b242accfff82d1f57216fe0b39dc970c1da38dc0
- SHA256
  
  9aef81c758b6eafa612eb87224583b55ac141e95cc9a8820ec0f870407f6e7c1
- SHA512
  
  4f23336ae6de9e091f5026765df69238064245310c1ae657d2396aa07d93448ac811cd1590f47a8dc845db7381e41f9af0bb0ed314243276193b39aa4ce56bac
- SSDEEP
  
  3:MsEllllkEthXllkl2zEalld3l:/M/xT02z5b
Score

1^/10
behavioral8
- Target
  
  Hexa v1.5/Hexa/GPUCache/data_2
- Size
  
  8KB
- MD5
  
  0962291d6d367570bee5454721c17e11
- SHA1
  
  59d10a893ef321a706a9255176761366115bedcb
- SHA256
  
  ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
- SHA512
  
  f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
- SSDEEP
  
  3:MsHlDll:/H
Score

1^/10
behavioral9
- Target
  
  Hexa v1.5/Hexa/GPUCache/data_3
- Size
  
  8KB
- MD5
  
  41876349cb12d6db992f1309f22df3f0
- SHA1
  
  5cf26b3420fc0302cd0a71e8d029739b8765be27
- SHA256
  
  e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
- SHA512
  
  e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
- SSDEEP
  
  3:MsGl3ll:/y
Score

1^/10
behavioral10
- Target
  
  Hexa v1.5/Hexa/GPUCache/index
- Size
  
  256KB
- MD5
  
  e35356ad541f2352573193430be31a51
- SHA1
  
  501ec9f344eea9a05e9012bd005bfb09ae7cd56e
- SHA256
  
  e07715fe66503e1b5dc7a56e323a3145b99c86680c61ed2ca6213c3e7ecdbd95
- SHA512
  
  f03ffdf9d748f9c393ae50b73f406c52bdd9f27c3ac32348ceeef4959f94c551a980e11503a55302c87918ba44a2602e7e08c78647ec7abe61afc78bcfd76880
- SSDEEP
  
  3:LsFlZlkEllkll/ldo+:LsFaMlEtO
Score

1^/10
behavioral11
- Target
  
  Hexa v1.5/Hexa/HexaBuilder.exe
- Size
  
  17.7MB
- MD5
  
  31f58c41699087b5d3fce3aa878c245b
- SHA1
  
  1faabe7901df291e5a7436b0779a3d41e6c65e25
- SHA256
  
  785b4e96fc1b0eaa7699e806c5adb47c9eb84a5c17e9e52c70f4d1716be07acc
- SHA512
  
  aba3b8aec00ecda59ccce171f75af1553be29eaffa315235da761d2816ec7150104da681be96e5fb45b7508b39c11120ef013608cf72c3d09fd7a8eb62423a55
- SSDEEP
  
  393216:t2u7L/mT9dM/ISWdQuslN/m3pql96/oWOv+9fIWBJHUxjyLNbUy:t2CLeTT6ISWdQu4KyQ/orvSQ00xjqNbP
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral12
- Target
  
  Hexa v1.5/Hexa/HexaUI.config
- Size
  
  438B
- MD5
  
  909df77c711b4133a8f8560483ec2bb3
- SHA1
  
  8df8505ec0a0dd670b4044c641e772f6ded485a1
- SHA256
  
  c49ed8da5765f33cc854cf13ee0c33ed65d4eba6843c24d05e321e3b40f4a68c
- SHA512
  
  0547bae72cd75ad753ddd95c12b7a42b8b3285a3384925cf738c4cc6835c6dd21d16a6206662c4a723fcf348da7e62db3585564782c7daad49b765b43accb28d
Score

3^/10
behavioral13
- Target
  
  Hexa v1.5/Hexa/Hexal.dll
- Size
  
  3.7MB
- MD5
  
  e85fedf3928c13d5a919496a4ba2a4db
- SHA1
  
  d89f8e39e7acfd63ca1e014c6c26aa159669a824
- SHA256
  
  64a2a4edaaa4a1018b9897a48cbbc2c488f253fb4482ba7e7e55b83c9bd8ff7d
- SHA512
  
  1810cff90767d15244c16c14d2e50c1fcdc6e4dfcffa8ae7f9d132df7dc229cc6cc380ebb1b3d1a7b897980a9513c25a32d626fd719f9bc947531d72faca049a
- SSDEEP
  
  98304:4npYPEZDnDDMfUF+G/d0cYVUTkq3Lzl+vk8mxQfq:2pN/DMUFdd0cYVUT33LzIvdbfq
Score

3^/10
behavioral14
- Target
  
  Hexa v1.5/Hexa/Injector.dll
- Size
  
  1.2MB
- MD5
  
  0269c75dcc4b69fa486105f17204440e
- SHA1
  
  2bf825518d3b1dd1eac0efb3a80e070341c2baf9
- SHA256
  
  7f5caf651fc11515459f9fa3bab09b680759403580d261987995cf8fbb8922cc
- SHA512
  
  3229e4685f5c991328ece5902fc1a40c91e37a44f9831bcebced28dd6146465bfba38112da166b10759bf78f1a86e4efbc186ab4b58e316a2737f6f9f7a81b12
- SSDEEP
  
  24576:GtFl9D3JOxiUdnyqyiDZ64176RrZReSB1GOK7V8C/QS1+3VBnTuzf:GtFkQa8416RrZReSBoOs/QSEfnKzf
Score

1^/10
behavioral15
- Target
  
  Hexa v1.5/Hexa/©COPYRIGHT.txt
- Size
  
  31B
- MD5
  
  4643e067d56df3ecbd35129f52a5b199
- SHA1
  
  5b885235ef521486a0cb889325f1d3dc4e493986
- SHA256
  
  991ca9011d036337395149a4d3229c29f060b86f846e4f147fd602448428916d
- SHA512
  
  a3935d7d75b51a68c59d977f340c00035e928c8fe0cccb220019338d23eb49b8b4add1b3b01eeabbfb81d2e0988412aa3b992fe5555c461e5fe73ab4fc82e1fa
Score

1^/10
behavioral16
- Target
  
  Hexa v1.5/Important/Features.txt
- Size
  
  2KB
- MD5
  
  f54ae14ab06c44bfff5bb67ed0eadfae
- SHA1
  
  a7bb01828393fe3d6fd8734a0f55109d2f49dbd8
- SHA256
  
  cd6a95d2e37a8f8d50f9089af92e23182cd6b7beb025a32a10d0ad7d50ac2cd2
- SHA512
  
  4cc493eed26c507199a10e2af98eaa866803e5606d56e2dd76fa70d8a4820df7caae6c391ed706de45b7d2ca023c079930dcb6cd76ebf358f4fd9e96aee7306c
Score

1^/10
behavioral17
- Target
  
  Hexa v1.5/Important/HowTo.txt
- Size
  
  715B
- MD5
  
  aa5b8b1037e1b4cc15bbf208dfed2cd4
- SHA1
  
  d6a3219e07bd0ea107e04eb6f0e817a3561aa406
- SHA256
  
  f9d5093d217842a440dadf607e19ab6de8cd1e58d8450d75552d49972df314f7
- SHA512
  
  026306195a7cd8679c31ce154539261e2c68fa1f7920baaac6c9d88855aac43f12fae8429d2bbb380abcbb7ad2e29d03af4aad2fa0a5a498de52647b1565525a
Score

1^/10
behavioral18
- Target
  
  Hexa v1.5/Important/NotWorking.txt
- Size
  
  957B
- MD5
  
  01b96fd010e68f09ef2a4e66e99ce131
- SHA1
  
  f1aea4b705892c65832df6dac4d6e2fdbb60b9a7
- SHA256
  
  006b655b4f71d5edab670887ae6ea2123d517c552a51bba0e390a16b7f3c845e
- SHA512
  
  529c56b053d58775136b634fc951b7b9179965496438b67b54b68ef7047bf294ce69754db556445c74fce3e5c73c739bc508181ce07827dfec6a1243a511dc2b
Score

1^/10
behavioral19
- Target
  
  Hexa v1.5/Important/ReadMe.txt
- Size
  
  1KB
- MD5
  
  b9bbc30eca1e0a9621fd34c6a23a768a
- SHA1
  
  3d8fb6c9338782ef63380ffa94aa47c3977aa5fd
- SHA256
  
  1aa54994754da4c7efb26d8057e0a77a774fa179dcfcbe831657857aa120b1f9
- SHA512
  
  d2227deafd13cac4f89becce411aed0739e5fdf64910c41c22ee66ecccf4ec49aec5623971e0ff3154aeb71dd9597b10ae7b97e8492fdd33f5127230e284edeb
Score

1^/10
behavioral20
- Target
  
  Hexa v1.5/Important/Support.txt
- Size
  
  130B
- MD5
  
  a4faf8ab29b286071aaf9989631a0826
- SHA1
  
  b0444f9082318b10825820b594c9691e2366b2d6
- SHA256
  
  288578817bbb695a8c74f5d9110c7d3546528dec948e4d923eb2c62a84c58b5e
- SHA512
  
  edcc9db6755e55037655d4a811036d8f882037b00798a53705d28fec9ee39cb113b56361d53e679c97e110dbe9af94e0c422d9077d767d6b8bb684c59efb5e68
Score

1^/10
behavioral21
- Target
  
  Hexa v1.5/Important/©COPYRIGHT.txt
- Size
  
  31B
- MD5
  
  4643e067d56df3ecbd35129f52a5b199
- SHA1
  
  5b885235ef521486a0cb889325f1d3dc4e493986
- SHA256
  
  991ca9011d036337395149a4d3229c29f060b86f846e4f147fd602448428916d
- SHA512
  
  a3935d7d75b51a68c59d977f340c00035e928c8fe0cccb220019338d23eb49b8b4add1b3b01eeabbfb81d2e0988412aa3b992fe5555c461e5fe73ab4fc82e1fa
Score

1^/10
behavioral22
- Target
  
  Hexa v1.5/©COPYRIGHT.txt
- Size
  
  31B
- MD5
  
  4643e067d56df3ecbd35129f52a5b199
- SHA1
  
  5b885235ef521486a0cb889325f1d3dc4e493986
- SHA256
  
  991ca9011d036337395149a4d3229c29f060b86f846e4f147fd602448428916d
- SHA512
  
  a3935d7d75b51a68c59d977f340c00035e928c8fe0cccb220019338d23eb49b8b4add1b3b01eeabbfb81d2e0988412aa3b992fe5555c461e5fe73ab4fc82e1fa
Score

1^/10
behavioral23

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Credentials in Files

T1081

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Drops startup file

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23