hydra | 65f49dd1523e0e28ff85f339142b6f36e36203e88ae969ef6e8fb8d3e48c171c | Triage

Analysis

max time kernel
3793242s
max time network
115s
platform
android_x64
resource
android-x64-arm64
submitted
26-07-2021 09:12

Sharing

Report Analysis Logs

General

Target

Telekom-Netz.apk
Size

4.8MB
MD5

7e0fb2f9a44f5f0fd16b13a057073c4a
SHA1

a05f51771024502c146840cd976007fa53c09ed1
SHA256

65f49dd1523e0e28ff85f339142b6f36e36203e88ae969ef6e8fb8d3e48c171c
SHA512

0909a1a7d883022f6afbfab5decc3841f8a1b0d0c993fb5730656eef38ee321cae2dcdf32cf11ce3650bdf33bc96f63803a424c104358131f76a9e629c224792

Score

10^/10

hydra banker infostealer obfuscation trojan

Malware Config

Extracted

Family

hydra

C2

https://sendmehere.site

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Hydra Payload 1 IoCs

resource	yara_rule
behavioral1/memory/4313-1.dex	family_hydra

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/fork.walk.elder/app_DynamicOptDex/orQR.json	4313	fork.walk.elder
/data/user/0/fork.walk.elder/app_DynamicOptDex/orQR.json	4313	fork.walk.elder

Uses reflection 3 IoCs

description	pid	Process
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	4313	fork.walk.elder
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4313	fork.walk.elder
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4313	fork.walk.elder

fork.walk.elder
1⤵
- Loads dropped Dex/Jar
- Uses reflection
PID:4313

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads