hexon | 19d6f5d93cb6c9f12bafcf7c277c7cef3c167108ee5ef501d35241d89675217c | Triage

Submit
Reports

Overview

overview

Static

static

1

yemazo-beta.html

windows11-21h2-x64

Sharing

General

Target

yemazo-beta.html
Size

100KB
Sample

241111-z2jqgazmbk
MD5

b0f7360dba89a9f2c0800c2947cf7f59
SHA1

f28de00c3a7ee1a8c317c496a606faea414feda1
SHA256

19d6f5d93cb6c9f12bafcf7c277c7cef3c167108ee5ef501d35241d89675217c
SHA512

da1dea813deaa98e2674d19ac356bca2f5fe92e3d9c7aafe449d07b894ace0b104506da964ad38682cfaf9a478e15fda4f877544b32a09a28f0d0d79c49a8c29
SSDEEP

768:SrTqj7+J5pBmKAD3WnxaNItFxAkjk8JPdwGEtnDrqmfTA80IRre8KDr5M0jcAxwJ:oXuIPdwG+3fTF0IRrelhIAxy

Score

10^/10

hexon credential_access discovery spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

yemazo-beta.html

Resource

win11-20241007-en

hexon credential_access discovery spyware stealer

windows11-21h2-x64

28 signatures

1800 seconds

Malware Config

Targets

- Target
  
  yemazo-beta.html
- Size
  
  100KB
- MD5
  
  b0f7360dba89a9f2c0800c2947cf7f59
- SHA1
  
  f28de00c3a7ee1a8c317c496a606faea414feda1
- SHA256
  
  19d6f5d93cb6c9f12bafcf7c277c7cef3c167108ee5ef501d35241d89675217c
- SHA512
  
  da1dea813deaa98e2674d19ac356bca2f5fe92e3d9c7aafe449d07b894ace0b104506da964ad38682cfaf9a478e15fda4f877544b32a09a28f0d0d79c49a8c29
- SSDEEP
  
  768:SrTqj7+J5pBmKAD3WnxaNItFxAkjk8JPdwGEtnDrqmfTA80IRre8KDr5M0jcAxwJ:oXuIPdwG+3fTF0IRrelhIAxy
Score

10^/10

hexon credential_access discovery spyware stealer
- Hexon family
  hexon
- Hexon stealer
  Hexon is a stealer written in Electron NodeJS.
  stealer hexon
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates processes with tasklist
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Modify Authentication Process

Privilege Escalation

Defense Evasion

Modify Authentication Process

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Modify Authentication Process

Steal Web Session Cookie

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hexoncredential_accessdiscoveryspywarestealer

© 2018-2024

Terms | Privacy