General
-
Target
Hydrav2.exe
-
Size
76.3MB
-
Sample
231117-yklm3add56
-
MD5
2d977c1ac5c3b3d086365b954fb51813
-
SHA1
6a3b50b67cd62de4f7908c822e3d7f30ede11cd8
-
SHA256
d135f352dfd9a29d227bf2131aaf9370cf7a3622d7471f21c43c4cf89bb4ec36
-
SHA512
f1c3243b6a24e067867b6721830e79955b39df2fd3f79cee0a7a56fb14ee106f5c76c1e28f42d631feb2eeed6ce26b65179fa01064bf3f6385db451b004032e2
-
SSDEEP
1572864:a2MTiQYHJiQkSk8IpG7V+VPhqoHZE7+Hp5tWWlXxTa9k4VTW1alTBRIYg6:aZTixpTkSkB05awoHPJjl3Ty9VTwalTS
Behavioral task
behavioral1
Sample
Hydrav2.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
Hydrav2.exe
Resource
win10v2004-20231023-en
Malware Config
Targets
-
-
Target
Hydrav2.exe
-
Size
76.3MB
-
MD5
2d977c1ac5c3b3d086365b954fb51813
-
SHA1
6a3b50b67cd62de4f7908c822e3d7f30ede11cd8
-
SHA256
d135f352dfd9a29d227bf2131aaf9370cf7a3622d7471f21c43c4cf89bb4ec36
-
SHA512
f1c3243b6a24e067867b6721830e79955b39df2fd3f79cee0a7a56fb14ee106f5c76c1e28f42d631feb2eeed6ce26b65179fa01064bf3f6385db451b004032e2
-
SSDEEP
1572864:a2MTiQYHJiQkSk8IpG7V+VPhqoHZE7+Hp5tWWlXxTa9k4VTW1alTBRIYg6:aZTixpTkSkB05awoHPJjl3Ty9VTwalTS
Score9/10-
Enumerates VirtualBox DLL files
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-