hexon | 644372d31b62c327439aefff7ae0d2d2b09cf8a9963c4d10408731358c1ce879

Sharing

Copy URL

Twitter E-mail

General

Target

DupeMix Setup 1.0.0.exe
Size

75.2MB
Sample

241123-swresstlbj
MD5

afd0ccff8ca6ce275caf9edfc739091d
SHA1

b37ad4adc9cb1bff06ba9ddf80153a93126b807a
SHA256

644372d31b62c327439aefff7ae0d2d2b09cf8a9963c4d10408731358c1ce879
SHA512

62c546fcc2639851e508b43b3271e111b8deafd9e36a08acf99cdf142169e2693301e41a98ba4ec21b59e59a9e62f34a507b67f294cbb07b87fbe78580dd5c2e
SSDEEP

1572864:saJ39Kk9Md8JlB8ceyIS7nqYdd6hIEuZRob8j7yn8QNjBkjsW:spk9M+/vP7nMuvWs7y8Q/k4W

Score

10^/10

Malware Config

Targets

- Target
  
  DupeMix Setup 1.0.0.exe
- Size
  
  75.2MB
- MD5
  
  afd0ccff8ca6ce275caf9edfc739091d
- SHA1
  
  b37ad4adc9cb1bff06ba9ddf80153a93126b807a
- SHA256
  
  644372d31b62c327439aefff7ae0d2d2b09cf8a9963c4d10408731358c1ce879
- SHA512
  
  62c546fcc2639851e508b43b3271e111b8deafd9e36a08acf99cdf142169e2693301e41a98ba4ec21b59e59a9e62f34a507b67f294cbb07b87fbe78580dd5c2e
- SSDEEP
  
  1572864:saJ39Kk9Md8JlB8ceyIS7nqYdd6hIEuZRob8j7yn8QNjBkjsW:spk9M+/vP7nMuvWs7y8Q/k4W
Score

10^/10

discovery hexon credential_access spyware stealer
- Hexon family
  hexon
- Hexon stealer
  Hexon is a stealer written in Electron NodeJS.
  stealer hexon
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/SpiderBanner.dll
- Size
  
  9KB
- MD5
  
  17309e33b596ba3a5693b4d3e85cf8d7
- SHA1
  
  7d361836cf53df42021c7f2b148aec9458818c01
- SHA256
  
  996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
- SHA512
  
  1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
- SSDEEP
  
  192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/app-64.7z
- Size
  
  74.6MB
- MD5
  
  220de7ae6a29b2b20e66ff46605c1b0f
- SHA1
  
  c71eb7e69816d14d5f8d88b6f24ecc597ed8e021
- SHA256
  
  904efd8694afce96461b4076e210d6864ad58ec44986d27a17703155dd26d476
- SHA512
  
  0395cc5819bd221109b705af76f4ee8e1ba7e60a7337aa765657ec0398e0c8779ff860e4d505632085ec1b588dd38243fa1d21fe87234f5d81f7cce67de5eac6
- SSDEEP
  
  1572864:SJ39Kk9Md8JlB8ceyIS7nqYdd6hIEuZRob8j7yn8QNjBkjsD:xk9M+/vP7nMuvWs7y8Q/k4D
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral11 behavioral12
- Target
  
  locales/sv.pak
- Size
  
  376KB
- MD5
  
  bbe0785c5f9591e8a1e7c4830fe949d6
- SHA1
  
  da4f3286079d50e1c04e923529e03e7d334c7fff
- SHA256
  
  0ad84f6f95fd7505862278a7c1c92d00a7e7dd4a765569e9c3086f55c1d7059d
- SHA512
  
  38bab6f3a6c9395d3b57e63168045ad2e8188b2f04751a15253e7226ec3043c9678a77be1eb27a3b2e751934a024f3ffc89fffd9f1e229e19638be318b53e961
- SSDEEP
  
  6144:M4pIcHsEAjiwshcB7xopq/4LLXru9M9SOxDE/xUDvZv5pB5mEgb7:BpIcsV9Bxq5/5mz
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  locales/sw.pak
- Size
  
  394KB
- MD5
  
  ee8da42ffe40fbb916c56390e2cd99e8
- SHA1
  
  6d824f56afe6b3605a881d2c26e69a46e6675347
- SHA256
  
  192e248c7ac4644f8712cf5032da1c6063d70662216ccf084205f902253aa827
- SHA512
  
  7befe72b073000bc35a31323d666fd51d105a188d59c4a85d76ee72b6c8c83a39a1beb935c1079def8e3ffa8c4bf6044cf4f3bef0f1c850c789b57e1144ff714
- SSDEEP
  
  12288:iehLwLk65vqimUwbQuBndO8gJGgnATm5A1vZcsToe4t2ht:isLwZP5Ar
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  locales/ta.pak
- Size
  
  1019KB
- MD5
  
  a8beab6896018a6d37f9b2e5bdd7a78c
- SHA1
  
  64310684247219a14ac3ac3b4c8ebaa602c5f03a
- SHA256
  
  c68b708ba61b3eeab5ae81d9d85d6e9f92e416ecfae92e8de9965608732384df
- SHA512
  
  73b0a31235bf4b7c5ad673f08717f3b4f03bcdf2a91440ee7228aa78c2d15dd2aed32498e23ded78ec35bc731dbe16b6a1c236a170f2a84123a464857686c7b5
- SSDEEP
  
  6144:LXNxfybLQ4iFd2n1E+1lhfi5yzntRMcA2i:rffyblEd21Z13i5yzMcA2i
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  locales/te.pak
- Size
  
  942KB
- MD5
  
  02415ded02cc7ac25e8f8d0e83365061
- SHA1
  
  5a25bf63ec97dbeb37e64ab3825cbbce6326a5cf
- SHA256
  
  97024f0cfac78e0c738e771beea1e35f5a8eb2b132b3043b59ce4ecd6c153523
- SHA512
  
  54e658c6d432b29b031be278e5b4396ac14b0f85e1f772a0a76c0431d4cbe2370ff2898077837688e2fb9700db1eab7a19e4e350a280a2ffad8176d861d93e45
- SSDEEP
  
  12288:zqfk4UYABx3p1F9SviTlw2cTgCNFO9gr/p54JkQJgw4taJCb8+58XfX0Dxq9OyUn:eM4U4lp5WMfD
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  locales/th.pak
- Size
  
  792KB
- MD5
  
  293ad7c20c22d744e4db0fb001ec45bb
- SHA1
  
  486c9e0732306a45aceb633da2b3ded281197620
- SHA256
  
  d67d68f24d3347e244a7e8c3b63d47f18fcf37258256f48dad785cf98bb560fa
- SHA512
  
  ac2b2dd82095925b3229958e89dcf5283bdce0273734a0c338f5a1aa8b014644806ca517f0fc2003669910e58fedf9c2ca7a009fa3f53d58c07bc5e9191f2e2f
- SSDEEP
  
  12288:z0O3mMkgs3s5UW4HLRflsjj8sKGs1loIG0EeuLADh7Kle9dPu753ohP09XAyFHyW:Y69K5V5q
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  locales/tr.pak
- Size
  
  401KB
- MD5
  
  9f24f44cac0997e1d0a6a419520f3bfe
- SHA1
  
  edb61859cbb5d77c666aac98379d4155188f4ff5
- SHA256
  
  3aff7dcbfb1a244cc29b290376b52cfb3e1f844c98facafea17b4a45ce064b8a
- SHA512
  
  65fbe2d7fea37db59b805d031f6ae85d628a51b254e76e8c2b4ef4b5153527b7e2412ed6a0961d174b8a5581b521b0436160fe5ed252f78303bcfde815733d81
- SSDEEP
  
  6144:TaT6Tj4rfG2a4l1kKJtkOq/7V56sA7WGgeh5X/0+gi1ZavXmAQwiBTVGI:2w0u27leaoy5775X/7
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  locales/uk.pak
- Size
  
  688KB
- MD5
  
  e4c4e3700469704b936460ca1a90fcc0
- SHA1
  
  e809990fc07a1d39fe623046382699e648e343c0
- SHA256
  
  29af2abc75a35bb9e3f9bc6e2904228ba651ea4e0ce8e9c7a2d7e272374b9ebb
- SHA512
  
  68e33f471c5bf2d4ed9cb00ace3e094ef102a5f1566a6e2c8a3007ef7fbd8a24c36eb36b08745f3608e70940444e9fc7a36fabe1a9945d1f00b4f3f28c7bdaf6
- SSDEEP
  
  12288:FkzOqMnty/KiZswU1nbx05kB3IjUUmEg5KuoLNiXElqnOyh:muGN35EEK
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  locales/ur.pak
- Size
  
  602KB
- MD5
  
  d7ec7d551dee1e1ef11be3e2820052f9
- SHA1
  
  d7f2d35841883103c2773fc093a9a706b2fe5d36
- SHA256
  
  05e45371159075048db688564b6bc707e0891303c40f490c3db428b0edd36102
- SHA512
  
  92e2d32fc106812e08163a26f202a5d0e7eb7028a871f3bc6cbc05ee6c7ce287032179322b19e396308968515bf214534a38d93afc259a780ad7ba8432fab56a
- SSDEEP
  
  12288:bXldbsPI8PzGSEHybOAXsA5yzTExbWW7mQYrjuUco/9NjjFpvhl:rLsK8t5bWx
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  locales/vi.pak
- Size
  
  476KB
- MD5
  
  9274866d7c6314f43dd63ed293293e25
- SHA1
  
  4af0e6ec1bcb99588810a9fb69c1dc2bbad892fc
- SHA256
  
  dcbdc6d9e11dd10fc1364c10be5438ce2697f61ec5f32997c43b87238087c4e3
- SHA512
  
  3c8c9e9960a49469af83cae31790a03e41846163c14d3dae45fd92a1a412c82075bdef3317baca02399eb53de0f9164c0a9a17b7cd63e0fa61c3e4617393c42e
- SSDEEP
  
  12288:JqiJKHugsHBM0P5ZwSQ3cXzIJ1758/UIi0+UG3Lzi8Tal:eugsHe0PTwSmezE5Iti0+UKfi8Tal
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  locales/zh-CN.pak
- Size
  
  345KB
- MD5
  
  9d4f54eb5a12cf4c2f34f5f538dff90b
- SHA1
  
  c31b892ce78c733bde0571b6236170103cc9fe7a
- SHA256
  
  58b934a09858f037f1966a495e73d44416180afcdebfaefcee1f5e3377de63f7
- SHA512
  
  46bf6099c50f7959a6f0800ec679b61a78efabe87985cad8dc0d7d0006470a9c61e659bde0258da6cf7ed6104749a157f5ad133f324479c3460a19fc14e31c37
- SSDEEP
  
  6144:ALU9jcaZx79+vKKS/+kTme5zBNCJ7AAmlv:nAaZ+vKKS/ye5zBNCJ7Y
Score

3^/10

discovery
behavioral31 behavioral32