541a1966114e166cc5807973c227ad72fea6d687ce7c2e70293f794751247427 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

Hydra-1.1.0.Setup.exe

windows10-1703-x64

9

Hydra-1.1.0.Setup.exe

windows10-2004-x64

9

Sharing

General

Target

Hydra-1.1.0.Setup.exe
Size

128.8MB
Sample

240502-rh6f5acf67
MD5

366d719f4ffb6e6378bb8eb0ca5f89c0
SHA1

7ab9d1f32366c7eba513c37ae7304f6c74dd8933
SHA256

541a1966114e166cc5807973c227ad72fea6d687ce7c2e70293f794751247427
SHA512

da1816efa36d0f9e9c8aa0d03cd9cb64851762d83e212d5f91d77d42de91fc23af920922bbf1ca5824a2668d0d4915fc9b024b1dc0abbeb56e6a3e5ed970d5ca
SSDEEP

3145728:QkJG7QPqLxp8O4d4pPU62+0JXWg3/VnRbQvk4H6wWhuyGdgv+m7K2mpHQj/:QkJGUPsxdHt0kg3/VndY5dQ+mO2mpHg

Score

9^/10

discovery execution

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Hydra-1.1.0.Setup.exe

Resource

win10-20240404-es

discovery execution

windows10-1703-x64

17 signatures

300 seconds

Behavioral task

behavioral2

Sample

Hydra-1.1.0.Setup.exe

Resource

win10v2004-20240419-es

discovery execution

windows10-2004-x64

17 signatures

300 seconds

Malware Config

Targets

- Target
  
  Hydra-1.1.0.Setup.exe
- Size
  
  128.8MB
- MD5
  
  366d719f4ffb6e6378bb8eb0ca5f89c0
- SHA1
  
  7ab9d1f32366c7eba513c37ae7304f6c74dd8933
- SHA256
  
  541a1966114e166cc5807973c227ad72fea6d687ce7c2e70293f794751247427
- SHA512
  
  da1816efa36d0f9e9c8aa0d03cd9cb64851762d83e212d5f91d77d42de91fc23af920922bbf1ca5824a2668d0d4915fc9b024b1dc0abbeb56e6a3e5ed970d5ca
- SSDEEP
  
  3145728:QkJG7QPqLxp8O4d4pPU62+0JXWg3/VnRbQvk4H6wWhuyGdgv+m7K2mpHQj/:QkJGUPsxdHt0kg3/VndY5dQ+mO2mpHg
Score

9^/10

discovery execution
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Command and Scripting Interpreter: PowerShell
  Run Powershell to get system information.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution

© 2018-2024

Terms | Privacy