hexon | 7174548626e5f82b950da4084ac2b95a218cc357bf284558ecfca1a03ef7eea8

General

Target

FP.zip
Size

75.1MB
Sample

241118-wh26xs1hnb
MD5

3684fdae336e6f15a6fec7776f72351d
SHA1

aba3cbfa331e670623c4ec52f618410e64143537
SHA256

7174548626e5f82b950da4084ac2b95a218cc357bf284558ecfca1a03ef7eea8
SHA512

eeed5c684e91199f573dddf44ba10f9656422154778dd0f45379636ef1ba5924487307fc6a6d26fe0387bd3922c0b18c9686333ee98fdf6d99042900901cbd2f
SSDEEP

1572864:dDTr+XUZlbQDrjsqswIar/6y3VGx4KBGktZhddJvqQ75NT:UXUZl0XjHfr/uBXtLddJvnLT

Score

10^/10

Malware Config

Targets

- Target
  
  FoxyPunk Setup 1.0.0.exe
- Size
  
  75.1MB
- MD5
  
  7b5dd5d82f77b277cdf0d12ab578a5ba
- SHA1
  
  9624d3e69d08b2c3312d0c2ba5f42d31b9167f9c
- SHA256
  
  e969f6d27a483806776f58516716796be745f39c850d32bec0feb963b83ce412
- SHA512
  
  0d3af4e05b2066c2a9e7aa27b9e24041878dc8e1df96b6e5c62ca3e38fcc8b7a9aa8fa84c1845393c4b64c065f658fb01f7f721c7072174848e99c5997378877
- SSDEEP
  
  1572864:xoJ39Kk9MdiZjB8ceyIS7nqYdd6hIEhSmnJZxRBlIiqFWB:xTk9Mkd/vP7nMhJnzxRBlawB
Score

10^/10

hexon credential_access discovery spyware stealer
- Hexon family
  hexon
- Hexon stealer
  Hexon is a stealer written in Electron NodeJS.
  stealer hexon
- Blocklisted process makes network request
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2
- Target
  
  FoxyPunk.exe
- Size
  
  154.6MB
- MD5
  
  44ffbfd99f7bcbc3bc44649713a31ad4
- SHA1
  
  6cbdddacfdeb6799a59350899271e20b2ef2c702
- SHA256
  
  9a759e69e6b6f953221ed1e07e928e07d3fd4694e8c5f401169359512f406f74
- SHA512
  
  0dd09330009c8654729cfdcc9cdfb575aba7097f530659d9e69dbe3c6fae0a7a003169226ef20c49dbedc33b711079117157c8fab9510226d3807b60e8a4ed7d
- SSDEEP
  
  1572864:cTmw0ciLNpDPuAvHxJLkY2O6Ea3f9kwZXeT6EivLp1vUAtdjtZn+f4FnIvGaC9dU:3v6E70+Mk
Score

10^/10

hexon credential_access discovery spyware stealer
- Hexon family
  hexon
- Hexon stealer
  Hexon is a stealer written in Electron NodeJS.
  stealer hexon
- Blocklisted process makes network request
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates processes with tasklist
  discovery
behavioral3 behavioral4