hydra | f763e121c8b36a65b131d4475ca3e55e2ae44f7089fde8cb873e3ea87a3da241 | Triage

Resubmissions

28-05-2021 11:17

210528-98n6kth5d2 10

26-05-2021 10:50

210526-evn7ed2fmx 1

12-05-2021 05:46

210512-xjx2668tbj 7

Analysis

max time kernel
2998142s
platform
android_x86
resource
android-x86-arm
submitted
28-05-2021 11:17

Sharing

Report Analysis Logs

General

Target

63207_Video_Player.apk
Size

4.8MB
MD5

610070fd9606cd862e36a4ecf0e1ba86
SHA1

a8f9bf273a1635c7a0ae90033209d1c287dfb312
SHA256

f763e121c8b36a65b131d4475ca3e55e2ae44f7089fde8cb873e3ea87a3da241
SHA512

91436091441df6d306f62f78bcd914f4d93c59c0e3830909337157f29c878e76bec5e101d8f0ca4f483e0b1323612010437d2ef8f7630e35256182396955a17f

Score

10^/10

hydra banker infostealer obfuscation trojan

Malware Config

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Hydra Payload 1 IoCs

resource	yara_rule
behavioral1/memory/4692-0.dex	family_hydra

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/kick.front.parrot/app_DynamicOptDex/leqhF.json	4692	kick.front.parrot
/data/user/0/kick.front.parrot/app_DynamicOptDex/leqhF.json	4731	/system/bin/dex2oat
/data/user/0/kick.front.parrot/app_DynamicOptDex/leqhF.json	4692	kick.front.parrot

Uses reflection 1 IoCs

description	pid	Process
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	4692	kick.front.parrot

kick.front.parrot
1⤵
- Loads dropped Dex/Jar
- Uses reflection
PID:4692
- kick.front.parrot
  2⤵
  PID:4731
- /system/bin/dex2oat
  2⤵
  - Loads dropped Dex/Jar
  PID:4731

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads