merlin | ad69e83f7ff54cd47b06f55e2ec55612f64ca77f5e8b6a77ce50fb588ed66eb7

Sharing

Copy URL

Twitter E-mail

General

Target

HydraDragonAntivirus-main.zip
Size

161.0MB
Sample

241227-ma6ppstrgk
MD5

ed9c3d341d6319a053dca0bf81c8c739
SHA1

dda313415becadc92ed54a6a54d0c862d3c48ca6
SHA256

ad69e83f7ff54cd47b06f55e2ec55612f64ca77f5e8b6a77ce50fb588ed66eb7
SHA512

ea99fe140d671ad4c4f190262cb3f5d6a90a78088f3a67b4f3a54e8e005d811ee3beabd8e9ae70437a307e6ddc8e081e66619137d7329050e28b0c3dcf210533
SSDEEP

3145728:Ex1XA74YMuCFYow5KsGBT0qY/sVicbrj6cCPi5e6vyY1Yvpp:Qw74WZPY1x0B/sVicvjtj5L31YvT

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion

exe.dropper

https://bigblog.at

exe.dropper

http://lockbitsup4yezcd5enk5unncx3zcy7kw6wllyqmiyhvanjj352jayid.onion

exe.dropper

http://lockbitsap2oaqhcun3syvbqt6n5nzt7fqosc6jdlmsfleu3ka4k2did.onion

Targets

- Target
  
  HydraDragonAntivirus-main/.store/ilspycmd/8.2.0.7535/ilspycmd/8.2.0.7535/tools/net6.0/any/ICSharpCode.Decompiler.dll
- Size
  
  2.4MB
- MD5
  
  ef43bf67fccbebd00a6e3b36af799d85
- SHA1
  
  a0ba0a0c2b45119bb9d14865d49da517e33c90ac
- SHA256
  
  d174072a16aa758a39d160f70ce924103898fae2b8506b48f70d6909e25a1fd0
- SHA512
  
  ae012629ef8c80cb543828615c9f5a4585481e107d31c4759791da5a9b26b18101cffe9119350a46d84ef9d0c1e05e1e93374d4ad92d0dc32631784cacf910a4
- SSDEEP
  
  24576:1Tpitty2wOfW7Fs9l8busnP2ATYkKA8x7nK9oePVLoo5G1ipUTtM9AavzFwf0fB:xQTyrOfeFPGKWeP/eTtM9AUwf0f
Score

1^/10
behavioral1 behavioral2
- Target
  
  HydraDragonAntivirus-main/.store/ilspycmd/8.2.0.7535/ilspycmd/8.2.0.7535/tools/net6.0/any/ICSharpCode.ILSpyX.dll
- Size
  
  121KB
- MD5
  
  508e3ac963fc298f25c94ca31e56b370
- SHA1
  
  067902c445a2847ea4b4f526bc0ba1399d890be1
- SHA256
  
  706f481413ac88aad764baac492b1f3e5165ceb099c2db1b1e2b1b0a8c56abdb
- SHA512
  
  bbb6e0d12e46a156e05e5021294a98c40090c6a640039513d996d1905d1c1a6fbced53fd43c5756c371aa3a6a7064ca5ea0f27684161aad76a14b89fe56443af
- SSDEEP
  
  3072:x7DWEdbY7K0Wl+YDoylV7ScWCVLPE+8IaGV0hwzYz/1G:Z5mKiOoyCCtZ0GVYPz/1
Score

1^/10
behavioral3 behavioral4
- Target
  
  HydraDragonAntivirus-main/.store/ilspycmd/8.2.0.7535/ilspycmd/8.2.0.7535/tools/net6.0/any/K4os.Compression.LZ4.dll
- Size
  
  65KB
- MD5
  
  57902050e5dd7ce9fd1dbac33ce5216e
- SHA1
  
  49dcb6bdb00fdd88fbee0da1b0937921caf0aea2
- SHA256
  
  9718945aa73e4fc68bf48eb1dd4704bbaacd6e1c22670db56dec161b18226897
- SHA512
  
  46a19933c35c11530dbfcb931353c20fb54fb1a32198f402660049e116af997fc57322c6f551f996ccb5848eb7ae538e0d2a19e1e5cf55d0def12bfb49e1f9b1
- SSDEEP
  
  1536:3e9DJI7VkZhV8YPxzaRYvoO+k8DoN3VwV2cMngbSk1ZgQzGo:3e9DJI7V+fFPxzGYgO+fs1VwV2cMg+kh
Score

1^/10
behavioral5 behavioral6
- Target
  
  HydraDragonAntivirus-main/.store/ilspycmd/8.2.0.7535/ilspycmd/8.2.0.7535/tools/net6.0/any/McMaster.Extensions.CommandLineUtils.dll
- Size
  
  148KB
- MD5
  
  889833953b7208dfa2cc7615be4e885f
- SHA1
  
  dc74648975b5b6c6235a781fe0477c5d21b9c8ff
- SHA256
  
  8e45ba6868ad2c63b53a3acff7ae53e316bf1391cffd71737c10262fbda6da71
- SHA512
  
  68d5c45ede780799883d4d8e9ffcc7fd9bc611be6c56cebb9fd0ba556812c75cd0695c50a35d9f6ec13be14e7e5c9b4077cdd472e7da02b9bdd1809a5fa540e1
- SSDEEP
  
  3072:rcd4G482LG3S5ruM/Nx6HRFsZJlTOEQ316PH:r1SSRuM/+HRFqR
Score

1^/10
behavioral7 behavioral8
- Target
  
  HydraDragonAntivirus-main/.store/ilspycmd/8.2.0.7535/ilspycmd/8.2.0.7535/tools/net6.0/any/McMaster.Extensions.Hosting.CommandLine.dll
- Size
  
  20KB
- MD5
  
  3f1145b8b5982eb056a1ae86d5cbd457
- SHA1
  
  364d3bb1e79fe5c70354bed34c5c0a52dc5b1085
- SHA256
  
  41c50a48ed2937455b16115dd9f33661853b40fecfc1b814945263040b04df9b
- SHA512
  
  d53d9deb4eea759755dd775ce4dc62ba15f1881bf43b9603bd911f4297efb901c7fed7139c586f29ab58f588da36d82da684bfa89040239bab5cd155a7b62869
- SSDEEP
  
  384:nG9bbJ096lhK6qpNnjH3epTpdWBkWplfNLY+boJR6XgT+:nGxbiOs6qpRjHOK+SS+MJIXgT+
Score

1^/10
behavioral10 behavioral9
- Target
  
  HydraDragonAntivirus-main/.store/ilspycmd/8.2.0.7535/ilspycmd/8.2.0.7535/tools/net6.0/any/Microsoft.Extensions.Configuration.Abstractions.dll
- Size
  
  24KB
- MD5
  
  134885709f7087d3a1bad3108179578a
- SHA1
  
  c524c7d46a343b75a64bf52b19e3c70c453f9061
- SHA256
  
  e4eb5eb7e28a5548cd904fe1a9c3569adef91f52b654db8a3c56a0a5177a09eb
- SHA512
  
  8d7016036e22e32cb5d34725d5b07667964ca593c78b986807ee45e09fe498145b8fcfcd46e28f1aa1afbe78d3e0eb14d3b08cfd51060bdef389b92cc1c5e974
- SSDEEP
  
  384:1m++Js0qJ63NU17qtlR9iaTG/0wEzRjz6sMHJhOnAWM/aWsrNW0/uPHRN7aBEIrG:klso3W7qHypd//SFMw6
Score

1^/10
behavioral11 behavioral12
- Target
  
  HydraDragonAntivirus-main/.store/ilspycmd/8.2.0.7535/ilspycmd/8.2.0.7535/tools/net6.0/any/Microsoft.Extensions.Configuration.Binder.dll
- Size
  
  33KB
- MD5
  
  90e58d5a0eb7af2cf55bb8022821e681
- SHA1
  
  144c4fa6c3cef6b532ce7b7c3c27753bda514714
- SHA256
  
  c0d2a11b73afc7c8eac5bb1ccf60002e5b132df23a18bd9dc8385eeb7992b283
- SHA512
  
  7a94e80a09b6dfa069d5c8f89f84d9c63b683a8996e914d66cb7867b5bad9af3a5b723d215fcea276bbd29605837ab357edef2d7876cb72aef9a4d1844e48ea0
- SSDEEP
  
  768:BRnQyuN61yKW1Guh2dIewN3czA8i1KraoEMgnE:BdgA1yKW1L0dkNc081+oEMuE
Score

1^/10
behavioral13 behavioral14
- Target
  
  HydraDragonAntivirus-main/.store/ilspycmd/8.2.0.7535/ilspycmd/8.2.0.7535/tools/net6.0/any/Microsoft.Extensions.Configuration.CommandLine.dll
- Size
  
  22KB
- MD5
  
  7b63b5f59c8d9b99034176dae6255d0f
- SHA1
  
  e8e3931fda524cc249b6511c6c7e818413d66025
- SHA256
  
  db2a0fbcbd1d424413dc9b5cb35c9ec70d1ede862814f2f9527bf1224efde508
- SHA512
  
  5b5e8b8b9519b68ec6d7f9f333f55b7ef10d1c7d0c00779c5c3089f9d3d975a2fe3bfddf097e418844577088fae748cc8ab310a51d1080d826984ffc87973ac8
- SSDEEP
  
  384:r9FrztnCvZrlMIPTlLn9by3WKbW97nWB/uPHRN7jTicUslBYK1PZ:rbztn2AmxniKqMl
Score

1^/10
behavioral15 behavioral16
- Target
  
  HydraDragonAntivirus-main/.store/ilspycmd/8.2.0.7535/ilspycmd/8.2.0.7535/tools/net6.0/any/Microsoft.Extensions.Configuration.EnvironmentVariables.dll
- Size
  
  18KB
- MD5
  
  08f52a0ff6e9a3602259930674f95c5e
- SHA1
  
  4fd2e59545e6c845f8f9de6ce8fc4540acf1aa25
- SHA256
  
  94fb00fe869f78b572e8564d2700b143f392a5ab7c110e8c81981d5edbf632f7
- SHA512
  
  cd695bb8ca9c5defeaeb0eb20ee79ed838467f430f600bde93e188d08c35691cfceb3e5524e07549976bbc5ae8fc78d2f94821f2f83519d8ce1388e3c8baa159
- SSDEEP
  
  384:psGu6f0Ux3STFWUQeWBgFsBlHRN7mhlj:psGuWRTW2j
Score

1^/10
behavioral17 behavioral18
- Target
  
  HydraDragonAntivirus-main/.store/ilspycmd/8.2.0.7535/ilspycmd/8.2.0.7535/tools/net6.0/any/Microsoft.Extensions.Configuration.FileExtensions.dll
- Size
  
  25KB
- MD5
  
  3604168610204920999aeb27fa52ce14
- SHA1
  
  5ad4642c871d47e022080f5c707da159b432efe7
- SHA256
  
  9f67d13f6ff5b463736821793d4e218134a51caf3ce8ebe205fd9801db3735d1
- SHA512
  
  0206183f40ad509c2dd2bad4ccbbe7b40c600d5b5fbc5c216a1d3babeb7306ec36d80e049ac787eeca60b5e81f71b9580f89e964d71745ff58b14a4887d874f7
- SSDEEP
  
  384:6Y5JfZB7plLDwLx0umTZXA/XABRfhzWqr6W2/uPHRN7PHcUslBYK1Uge:/rd8Y0wRhzOMKe
Score

1^/10
behavioral19 behavioral20
- Target
  
  HydraDragonAntivirus-main/.store/ilspycmd/8.2.0.7535/ilspycmd/8.2.0.7535/tools/net6.0/any/Microsoft.Extensions.Configuration.Json.dll
- Size
  
  25KB
- MD5
  
  f632ba94ae101b3a171d59801a2d5c19
- SHA1
  
  182a3cdc49febc6ce3f96056c399af1311129af7
- SHA256
  
  476f3fcb02d6c48705c4ab43223d08c42f9b5e2e2ead7e811de2cbdb847ebd34
- SHA512
  
  b074266ec3b4bae741beeeb6fe8c5cdc759c541dd0a90b0ee6082ded8ffcb2bec15717cd1c646746b452a51ea0b08d30dd47b7ba6d647629b374651036b25a48
- SSDEEP
  
  384:6I2/cK/FWwbGXC8e1lje1l6RWkb2WP/uPHRN72s9l8QI:6I2/cqFWwSl6hXfM2mI
Score

1^/10
behavioral21 behavioral22
- Target
  
  HydraDragonAntivirus-main/.store/ilspycmd/8.2.0.7535/ilspycmd/8.2.0.7535/tools/net6.0/any/Microsoft.Extensions.Configuration.UserSecrets.dll
- Size
  
  24KB
- MD5
  
  f9255c8f30ac81d4693d1ddce2f59a07
- SHA1
  
  b1be780e5f10dadd9bb1965739722e15a67a7171
- SHA256
  
  cdb02893f9a9e822f8646836ec9e25c3c538a56872225f98a6b495103938eba8
- SHA512
  
  96264a187cc59e19f66dc8da2a3f25a46c06f074e63efa89ced410062ec7b3cec10bad4f5bb244cb61679ec693265c58f90834caf5be2c78f9217f1cb49a2856
- SSDEEP
  
  384:7w6kebL1iFn6d6E1oE1LdAAW9ACWjSsBlHRN7SbImlIYqX:NZbcWusZjHX
Score

1^/10
behavioral23 behavioral24
- Target
  
  HydraDragonAntivirus-main/.store/ilspycmd/8.2.0.7535/ilspycmd/8.2.0.7535/tools/net6.0/any/Microsoft.Extensions.Configuration.dll
- Size
  
  35KB
- MD5
  
  d7ce22d25b8f8ea05f0480291fac550f
- SHA1
  
  783fe3de87c8f617d52f662a6f0219c7fe98ed37
- SHA256
  
  73cc9885face04b1273818252d3bbda5e5d26c90f0169b93e144225d2bf6f0e8
- SHA512
  
  59ce8b737e6382bea149bebbe4b26a9c4803978ce8bd59319b5afcf3dd5776e44c0d255ce99a19319175b2e31d61dbcd445f685f69fbf0a25f8f27658b857a07
- SSDEEP
  
  384:uAapQT4usV4TVItBWxaRXKdvQmkvidkmtGpHRwzqLZglMev/WEGJLk2w2LYWJZV3:oi4PV4eWxaVsQLqyCekI/q/xGljgM+PE
Score

1^/10
behavioral25 behavioral26
- Target
  
  HydraDragonAntivirus-main/.store/ilspycmd/8.2.0.7535/ilspycmd/8.2.0.7535/tools/net6.0/any/Microsoft.Extensions.DependencyInjection.Abstractions.dll
- Size
  
  42KB
- MD5
  
  d6cfda4e1c948aeb3e5d57376334375f
- SHA1
  
  cb8c35306afd15358104ecfe70e724ad9c753e6f
- SHA256
  
  9ccd830351aa28bc683d4f8d1cefd9e724161f972d25bfb64eee5bf55c48c5e3
- SHA512
  
  93a7571c4d186243d78641630b8997fdb69d411df307d95c86aed556102369a98b9a13ca5c7ca8d593244cf0b0f039bc37d330b86194b07b2c9f0bcec3c06b2e
- SSDEEP
  
  768:o8+cxuPn//hpz2XCkCkCdvAb4b4qox06OoV0F8l0HCTpw0wo0emDMtj:/+cxuPn/bvvE0Q0HCNfBsDMZ
Score

1^/10
behavioral27 behavioral28
- Target
  
  HydraDragonAntivirus-main/.store/ilspycmd/8.2.0.7535/ilspycmd/8.2.0.7535/tools/net6.0/any/Microsoft.Extensions.DependencyInjection.dll
- Size
  
  79KB
- MD5
  
  5db27bdd3d6a9a225b88b12293382f95
- SHA1
  
  eb7d6d2250bf2509b89166bc22c07423ac9c2d91
- SHA256
  
  2aa8182b5356a8cc5c35fc3641a87e814857d8d9be399ac78f260343754d09e0
- SHA512
  
  4ed559768d1f1a405203f1e2d6a72dddc4c7b485461979a14d22566236e169f7e2652e9b3d85f0205c296bc4d705a30519a5f292aa6eda26137b7f2923660b3d
- SSDEEP
  
  1536:iNLmvi666OjIX0h9zMPvHBWCaRweUG4DynjEZnBaMH:Q66fjLb8vH0CiUG4DyneBaQ
Score

1^/10
behavioral29 behavioral30
- Target
  
  HydraDragonAntivirus-main/.store/ilspycmd/8.2.0.7535/ilspycmd/8.2.0.7535/tools/net6.0/any/Microsoft.Extensions.FileProviders.Abstractions.dll
- Size
  
  20KB
- MD5
  
  3644e5e1981b0bde71ed60f5e3754ffb
- SHA1
  
  3029f45a1397291b4e7eee9db9b5dcde5a47ab7d
- SHA256
  
  ecfcef11c42fa4ad5cf2d4d7f553c8f0017e5eb7a4a9b032b4d0505c98ef4ef4
- SHA512
  
  dc1a75a923d7f107425327a3c83de36d0e49080d6e10503c2613306d88f88594a7cb0e59b3b713cdd9289401beda9e7aa17e33398eea3e834b1bf515a1819c7f
- SSDEEP
  
  384:hlfkJv/RYTWl6+MTxMufuMc8CWsbhWz/uPHRN7ns9l8QS5:hlcJnRYTwIjJ62MnmS5
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32