Overview

overview

10

Static

static

3

Launcher 1.0.0.exe

windows7-x64

7

Launcher 1.0.0.exe

windows10-2004-x64

10

Launcher 1.0.0.exe

windows10-ltsc 2021-x64

10

Launcher 1.0.0.exe

windows11-21h2-x64

10

Resubmissions

13-11-2024 19:25

241113-x47tzaybkk 10

13-11-2024 18:30

241113-w5pjcaxbma 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Launcher 1.0.0.exe

  • Size

    73.7MB

  • Sample

    241113-x47tzaybkk

  • MD5

    50d9fe99f65bb8af4ca058d23ea8de0c

  • SHA1

    041d1b6307b0323cfaac612e7dd912a67abe9fad

  • SHA256

    0afab4b26c198530fcaba9dfa5ee813ea3afc3427cb7cef62e3fb624538bf894

  • SHA512

    e9e7f0db661593425b5638fb832e0e7c0e81db66638fd7c48364faa54eaf40dbdf5239924a586f71158d65b82ff57bf6669a3a643930362f9165280eaa2e8ae2

  • SSDEEP

    1572864:0cMjLpMen/obRHPTqo2fgXo/EGgrFEuiM6uAva1WEC9+I/7:1MjLubtL7Xo/5Y2jMJeui9J7

Score
10/10
hexoncredential_accessdiscoveryspywarestealer

Malware Config

Targets

    • Target

      Launcher 1.0.0.exe

    • Size

      73.7MB

    • MD5

      50d9fe99f65bb8af4ca058d23ea8de0c

    • SHA1

      041d1b6307b0323cfaac612e7dd912a67abe9fad

    • SHA256

      0afab4b26c198530fcaba9dfa5ee813ea3afc3427cb7cef62e3fb624538bf894

    • SHA512

      e9e7f0db661593425b5638fb832e0e7c0e81db66638fd7c48364faa54eaf40dbdf5239924a586f71158d65b82ff57bf6669a3a643930362f9165280eaa2e8ae2

    • SSDEEP

      1572864:0cMjLpMen/obRHPTqo2fgXo/EGgrFEuiM6uAva1WEC9+I/7:1MjLubtL7Xo/5Y2jMJeui9J7

    Score
    10/10
    discoveryhexoncredential_accessspywarestealer

    • Hexon family

      hexon

    • Hexon stealer

      Hexon is a stealer written in Electron NodeJS.

      stealerhexon

    • Blocklisted process makes network request

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

      credential_accessstealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks