hydra | a47d4dcdbbba7f39617c21269ef012d37c9c2830975767aac9c8d724459d6ba4 | Triage

Analysis

max time kernel
3586883s
max time network
72s
platform
android_x64
resource
android-x64
submitted
23-07-2021 23:53

Sharing

Report Analysis Logs

General

Target

80371_Video_Oynatıcı.apk
Size

2.5MB
MD5

93168d5b69885f1794dae5772b599f0b
SHA1

50167a5c72b90e866ee9cec3b21015838d7bc000
SHA256

a47d4dcdbbba7f39617c21269ef012d37c9c2830975767aac9c8d724459d6ba4
SHA512

b1e21557f929471fdccc3717916e471356ca9672c7ad19d9920c8f19151198a681b2419b23690c071e9641828881e541795242da7ea9c338f6b5ea13f307163f

Score

10^/10

hydra banker infostealer obfuscation trojan

Malware Config

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.phkdggua.elxnqor/code_cache/secondary-dexes/base.apk.classes1.zip	3620	com.phkdggua.elxnqor

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.phkdggua.elxnqor

Uses reflection 3 IoCs

description	pid	Process
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	3620	com.phkdggua.elxnqor
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3620	com.phkdggua.elxnqor
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3620	com.phkdggua.elxnqor

com.phkdggua.elxnqor
1⤵
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Uses reflection
PID:3620

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads