General
-
Target
Hydra.exe
-
Size
3.1MB
-
Sample
231117-3amvlafd45
-
MD5
b84bc71ccbfd1c60ec80f46d4068f057
-
SHA1
72ce9e07d5d8b5783c7a82ed217948c9d8f3c39f
-
SHA256
89041e69e1148566c390112550065c36b795fe219ed47221c41810c5bb8b390c
-
SHA512
390df52eb7f7264be584f7eea3b7d74a371036654acc232303ffa9717969d0c76d4d64f886932858b5053a899af4ef81d53036d582545fa640e733120a9c84a0
-
SSDEEP
49152:evkt62XlaSFNWPjljiFa2RoUYIljwLEuU1k/yCLoGdcTHHB72eh2NT:ev462XlaSFNWPjljiFXRoUYI1w6M
Behavioral task
behavioral1
Sample
Hydra.exe
Resource
win7-20231020-en
Malware Config
Extracted
quasar
1.4.1
Office04
quasardeez.ddns.net:4782
10b0c070-9195-4332-883e-1686f4075485
-
encryption_key
828B07DBE7EF17F6F1013D02AA4C06E87BC2CE2E
-
install_name
Hydra.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
scvhost
-
subdirectory
SubDir
Targets
-
-
Target
Hydra.exe
-
Size
3.1MB
-
MD5
b84bc71ccbfd1c60ec80f46d4068f057
-
SHA1
72ce9e07d5d8b5783c7a82ed217948c9d8f3c39f
-
SHA256
89041e69e1148566c390112550065c36b795fe219ed47221c41810c5bb8b390c
-
SHA512
390df52eb7f7264be584f7eea3b7d74a371036654acc232303ffa9717969d0c76d4d64f886932858b5053a899af4ef81d53036d582545fa640e733120a9c84a0
-
SSDEEP
49152:evkt62XlaSFNWPjljiFa2RoUYIljwLEuU1k/yCLoGdcTHHB72eh2NT:ev462XlaSFNWPjljiFXRoUYI1w6M
-
Quasar payload
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-