Overview

overview

10

Static

static

3

FoxyPunk S....0.exe

windows10-ltsc 2021-x64

10

FoxyPunk S....0.exe

windows11-21h2-x64

10

FoxyPunk.exe

windows10-ltsc 2021-x64

10

FoxyPunk.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FoxyPunk Setup 1.0.0.exe

  • Size

    75.3MB

  • Sample

    241122-ppa8fszrgt

  • MD5

    eae664b9d9b3ea6f3edce39e7ec5f37b

  • SHA1

    227db8f955e6e27b736c48d75c4717fcc15a065e

  • SHA256

    4cef20d3afbba0a91f02d6c1a9740fff94152426e3f7cbf94aaa55530833072d

  • SHA512

    d2baae2a1a1143b4efb2428c2db6dc71ec6e3a282c6dd149ea50be9771a4916faafaee3d4c2053a8f948a6b34f854d5d3f76b13d55b49a478eb67ee445a87d39

  • SSDEEP

    1572864:OyJ39Kk9M0+jB8ceyIS7nqYdd6hIEhSmnJZxRBlIiqFWQ:ORk9M0K/vP7nMhJnzxRBlawQ

Score
10/10
hexoncredential_accessdiscoveryspywarestealer

Malware Config

Targets

    • Target

      FoxyPunk Setup 1.0.0.exe

    • Size

      75.3MB

    • MD5

      eae664b9d9b3ea6f3edce39e7ec5f37b

    • SHA1

      227db8f955e6e27b736c48d75c4717fcc15a065e

    • SHA256

      4cef20d3afbba0a91f02d6c1a9740fff94152426e3f7cbf94aaa55530833072d

    • SHA512

      d2baae2a1a1143b4efb2428c2db6dc71ec6e3a282c6dd149ea50be9771a4916faafaee3d4c2053a8f948a6b34f854d5d3f76b13d55b49a478eb67ee445a87d39

    • SSDEEP

      1572864:OyJ39Kk9M0+jB8ceyIS7nqYdd6hIEhSmnJZxRBlIiqFWQ:ORk9M0K/vP7nMhJnzxRBlawQ

    Score
    10/10
    hexoncredential_accessdiscoveryspywarestealer

    • Hexon family

      hexon

    • Hexon stealer

      Hexon is a stealer written in Electron NodeJS.

      stealerhexon

    • Blocklisted process makes network request

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

      credential_accessstealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

    • Target

      FoxyPunk.exe

    • Size

      154.6MB

    • MD5

      44ffbfd99f7bcbc3bc44649713a31ad4

    • SHA1

      6cbdddacfdeb6799a59350899271e20b2ef2c702

    • SHA256

      9a759e69e6b6f953221ed1e07e928e07d3fd4694e8c5f401169359512f406f74

    • SHA512

      0dd09330009c8654729cfdcc9cdfb575aba7097f530659d9e69dbe3c6fae0a7a003169226ef20c49dbedc33b711079117157c8fab9510226d3807b60e8a4ed7d

    • SSDEEP

      1572864:cTmw0ciLNpDPuAvHxJLkY2O6Ea3f9kwZXeT6EivLp1vUAtdjtZn+f4FnIvGaC9dU:3v6E70+Mk

    Score
    10/10
    hexoncredential_accessdiscoveryspywarestealer

    • Hexon family

      hexon

    • Hexon stealer

      Hexon is a stealer written in Electron NodeJS.

      stealerhexon

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

      credential_accessstealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Enumerates processes with tasklist

      discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks