hydra | c393f0f03013dc249481462e58fa90c2cec561dc5cf4f9687930d1da8460bcbc | Triage

Analysis

max time kernel
3533739s
max time network
39s
platform
android_x64
resource
android-x64
submitted
23/07/2021, 09:07

Sharing

Report Analysis Logs

General

Target

Vodafone-Netz.apk
Size

4.9MB
MD5

43245acd2bfc4fb651961933a72da0ad
SHA1

37b5b34250fe930132de9c4bd9efd1b6e5f3f0fa
SHA256

c393f0f03013dc249481462e58fa90c2cec561dc5cf4f9687930d1da8460bcbc
SHA512

d4ea92b758dcecba74309f31d17d54a1e9c9d4e2e3efafe6b05e3028d85f87fb501c90b1d3d9836c2bfa8362edd913f641efd0176d79fcd61fb15d4247eb6667

Score

10^/10

hydra banker infostealer obfuscation trojan

Malware Config

Extracted

Family

hydra

C2

https://sendmehere.site

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Hydra Payload 1 IoCs

resource	yara_rule
behavioral1/files/3608-0.dat	family_hydra

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/legal.advice.rigid/app_DynamicOptDex/FJTIZ.json	3608	legal.advice.rigid
/data/user/0/legal.advice.rigid/app_DynamicOptDex/FJTIZ.json	3608	legal.advice.rigid

Uses reflection 3 IoCs

description	pid	Process
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	3608	legal.advice.rigid
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3608	legal.advice.rigid
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3608	legal.advice.rigid

legal.advice.rigid
1⤵
- Loads dropped Dex/Jar
- Uses reflection
PID:3608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads