hydra | f9a4dd42e1694b390c2c6e02b25c7cbf57947ab28aeea1f67ed54bc09de422d7 | Triage

Resubmissions

30-07-2021 12:31

210730-tr61sakqpe 10

30-07-2021 12:28

210730-6jgqmjgpse 10

Analysis

max time kernel
4150542s
max time network
33s
platform
android_x64
resource
android-x64
submitted
30-07-2021 12:28

Sharing

Report Analysis Logs

General

Target

79624_Video_Oynatıcı.apk
Size

2.6MB
MD5

44c91f91f4c8904e7b21076d2d95fc42
SHA1

1f23ebc8c338f0ac6a42105c4dedd04b157e26f4
SHA256

f9a4dd42e1694b390c2c6e02b25c7cbf57947ab28aeea1f67ed54bc09de422d7
SHA512

347429dfef6a5dc1cac9454f65025c46124610910895337a68271c236ce7c105eb5773572ba01d4c80b2e1809089f249191980b07ffed15b4d2745647a202926

Score

10^/10

hydra banker infostealer obfuscation trojan

Malware Config

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.axvfqumr.gzlamtk/code_cache/secondary-dexes/base.apk.classes1.zip	3688	com.axvfqumr.gzlamtk

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.axvfqumr.gzlamtk

Uses reflection 3 IoCs

description	pid	Process
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	3688	com.axvfqumr.gzlamtk
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3688	com.axvfqumr.gzlamtk
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3688	com.axvfqumr.gzlamtk

com.axvfqumr.gzlamtk
1⤵
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Uses reflection
PID:3688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads