General

  • Target

    MolataV57.rar

  • Size

    75.3MB

  • Sample

    241122-g32css1qdr

  • MD5

    e1cdacaeeefa3141437e43049db9fa6e

  • SHA1

    1e4e8b17c7b704f88a1ec2bc9a8ccfa529be8127

  • SHA256

    078a28a3b3b9652db148cc65fd71f95717961dca09ea819c41ee0dd9514e40cd

  • SHA512

    415bb8304ccab94378f2fe295e98e122809ad4a68dfd9bd1c18752f7c1b504893d611e9045720023b57b5ab80074fd43075867cecabfe67bdfae3ea4d683e7e3

  • SSDEEP

    1572864:uBv4cmfewL/fBiw4gSpOCprDLshs8lnUK4Gkd:uBv4Zfs1p8Cp/LSs8l3kd

Malware Config

Targets

    • Target

      MolataV57.rar

    • Size

      75.3MB

    • MD5

      e1cdacaeeefa3141437e43049db9fa6e

    • SHA1

      1e4e8b17c7b704f88a1ec2bc9a8ccfa529be8127

    • SHA256

      078a28a3b3b9652db148cc65fd71f95717961dca09ea819c41ee0dd9514e40cd

    • SHA512

      415bb8304ccab94378f2fe295e98e122809ad4a68dfd9bd1c18752f7c1b504893d611e9045720023b57b5ab80074fd43075867cecabfe67bdfae3ea4d683e7e3

    • SSDEEP

      1572864:uBv4cmfewL/fBiw4gSpOCprDLshs8lnUK4Gkd:uBv4Zfs1p8Cp/LSs8l3kd

    • Hexon family

    • Hexon stealer

      Hexon is a stealer written in Electron NodeJS.

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks