hexon | e1034ee929b3787dca92100f3abfb30aad5d08cad9703e3702c31aeacde3bd2d

General

Target

FoxyPunk Setup 1.0.0.exe
Size

75.3MB
Sample

241120-s7cqsaycqg
MD5

7effa019b70e41056cdacdf092c7f3d9
SHA1

12f283669da8b5bdf778507b74b8aa87d72b04a7
SHA256

e1034ee929b3787dca92100f3abfb30aad5d08cad9703e3702c31aeacde3bd2d
SHA512

b9a335b67af023bcac54c89ef35cbb9761ab19c68a01e8be9188c5d20f806e8144a36362efd4813629ad28b7b7b7f921641fc1f366f42f03cd96dbf03eb13643
SSDEEP

1572864:lqJ39Kk9MXIjB8ceyIS7nqYdd6hIEhSmnJZxRBlIiqFWM:lZk9Ms/vP7nMhJnzxRBlawM

Score

10^/10

Malware Config

Targets

- Target
  
  FoxyPunk Setup 1.0.0.exe
- Size
  
  75.3MB
- MD5
  
  7effa019b70e41056cdacdf092c7f3d9
- SHA1
  
  12f283669da8b5bdf778507b74b8aa87d72b04a7
- SHA256
  
  e1034ee929b3787dca92100f3abfb30aad5d08cad9703e3702c31aeacde3bd2d
- SHA512
  
  b9a335b67af023bcac54c89ef35cbb9761ab19c68a01e8be9188c5d20f806e8144a36362efd4813629ad28b7b7b7f921641fc1f366f42f03cd96dbf03eb13643
- SSDEEP
  
  1572864:lqJ39Kk9MXIjB8ceyIS7nqYdd6hIEhSmnJZxRBlIiqFWM:lZk9Ms/vP7nMhJnzxRBlawM
Score

10^/10

hexon credential_access discovery spyware stealer
- Hexon family
  hexon
- Hexon stealer
  Hexon is a stealer written in Electron NodeJS.
  stealer hexon
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates processes with tasklist
  discovery
behavioral1
- Target
  
  FoxyPunk.exe
- Size
  
  154.6MB
- MD5
  
  44ffbfd99f7bcbc3bc44649713a31ad4
- SHA1
  
  6cbdddacfdeb6799a59350899271e20b2ef2c702
- SHA256
  
  9a759e69e6b6f953221ed1e07e928e07d3fd4694e8c5f401169359512f406f74
- SHA512
  
  0dd09330009c8654729cfdcc9cdfb575aba7097f530659d9e69dbe3c6fae0a7a003169226ef20c49dbedc33b711079117157c8fab9510226d3807b60e8a4ed7d
- SSDEEP
  
  1572864:cTmw0ciLNpDPuAvHxJLkY2O6Ea3f9kwZXeT6EivLp1vUAtdjtZn+f4FnIvGaC9dU:3v6E70+Mk
Score

10^/10

hexon credential_access discovery spyware stealer
- Hexon family
  hexon
- Hexon stealer
  Hexon is a stealer written in Electron NodeJS.
  stealer hexon
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates processes with tasklist
  discovery
behavioral2