Overview

overview

10

Static

static

10

HydraMulti...on.dll

windows7-x64

1

HydraMulti...on.dll

windows10-2004-x64

1

HydraMulti...er.exe

windows7-x64

7

HydraMulti...er.exe

windows10-2004-x64

7

HydraMulti...er.exe

windows7-x64

7

HydraMulti...er.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    HydraMultiCheatV1.zip

  • Size

    18.7MB

  • Sample

    240526-h1m8tsbh73

  • MD5

    256d46e8eb3a51f4211417ef86ace1d5

  • SHA1

    e4f0bf7d93237383b66f5a36c291d937ac0473f0

  • SHA256

    e5c1bf3735bb9d1ecc2b962ec01426b92caa44432020f1fefafd23e9211ca647

  • SHA512

    cfddca2db9cb7cfd164c1add411da3972a43f8792eb77c47d2288032d4c588ee84a712f9253d13ad11bad545f074bf1d7e4dc844878421f876c28a7862e553a4

  • SSDEEP

    393216:k2umE3kyORaeJy8OC1HFVpWfs6/IqxNjlAAM97jE+uH36k5ghSig7Vibsa:wmfzagy8tFVpW0/ajlEPyHJ5gheAbsa

Score
10/10
blankgrabberexecutionpyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      HydraMultiCheatV1/HydraInjection.dll

    • Size

      1KB

    • MD5

      4771eceef535f37366c646c096cdc7e4

    • SHA1

      e864d14a33f22e11d4836e08fecf3640a6f011e2

    • SHA256

      f8b52249b762f5c98e05c33ace6ebc4a25d0d78777c5fa9b4067eeb9b35f2437

    • SHA512

      2907f5eed3d66b7924faab325b8d1b24466390fcdc9c14099a4ef61bcad5fb98a00f9488f22abfae35a423ecd5ae25d077643dd1a1328eec7c820be9b7f6880f

    Score
    1/10
    behavioral1behavioral2

    • Target

      HydraMultiCheatV1/HydraLogin V1_Run After Driver.exe

    • Size

      10.9MB

    • MD5

      4ea76cf22938e34070cb9ea8f6b239d2

    • SHA1

      c06b464c711bd280b533f28600faf76be4a48aca

    • SHA256

      59f3fb709a8d34d3f71a21687937a711ed9c3da8e43bff9787a7477ce8d0b8d6

    • SHA512

      6465513a135d6807a9f11eb9b5e60c1e850db0eafad571fb0d0b995e169aa7a10786700f33ab8eab9f20b7434e226c83ed726cd3fca1c901d45fbb340f168652

    • SSDEEP

      196608:rb9iCA1HeT39IigXvKub75bcjWgbwau5p0W8/LQhoANNOSEezfEAkjKW864:Q1+TtIiOvB5IjWqwau5qW80hoA/blzig

    Score
    7/10

    • Loads dropped DLL

    behavioral3behavioral4

    • Target

      HydraMultiCheatV1/Hydra_Driver.exe

    • Size

      8.2MB

    • MD5

      9ed030687227b9bc4edcb58caaeba646

    • SHA1

      615e36906772d4901e36da3fe5349d16fc2e9123

    • SHA256

      548a57cbd649a9c2357283e0ef601a8380f30194729405c438acb0a09a00b9b4

    • SHA512

      3c3d4157b2b222508dca684ce3c59812173e429ea84a6e2c585e8c22a819fdfd9422cb4d4d24461056818281f3bc9039282f878bea75da2fd2b24539a6db435b

    • SSDEEP

      196608:MrtjSI53urErvI9pWjgaAnajMsbSEo23fQC//OoLxhr:dS3urEUWjJjIfoo4jLxhr

    Score
    8/10
    upxexecutionspywarestealer

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks