hydra | 78d97e56b62a69a14febd66d7b4e9e981a8ddf0771ffdfae8db7bd68a2ff15b6 | Triage

Resubmissions

01-08-2021 06:03

210801-lda7ervm9x 10

01-08-2021 06:01

210801-av1pnzgzw6 10

Analysis

max time kernel
5331s
max time network
100s
platform
android_x64
resource
android-x64
submitted
01-08-2021 06:03

Sharing

Report Analysis Logs

General

Target

26453_Video_Oynatıcı.apk
Size

2.6MB
MD5

662b452b490d5c18d14acfa19d35a96e
SHA1

a66b8869b84bac5662c34359ce20d7e6006cad4e
SHA256

78d97e56b62a69a14febd66d7b4e9e981a8ddf0771ffdfae8db7bd68a2ff15b6
SHA512

6377e7bd773227b2d45d29626344ac7cbac4e104a57f19e369b1a18520cfdde6660dfb53f5fbe1a8845c425c38b641bb8f9e11f40060af8e270f56767a787d5c

Score

10^/10

hydra banker infostealer obfuscation trojan

Malware Config

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.loducwqi.ocuxbeu/code_cache/secondary-dexes/base.apk.classes1.zip	3648	com.loducwqi.ocuxbeu

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.loducwqi.ocuxbeu

Uses reflection 3 IoCs

description	pid	Process
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	3648	com.loducwqi.ocuxbeu
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3648	com.loducwqi.ocuxbeu
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3648	com.loducwqi.ocuxbeu

com.loducwqi.ocuxbeu
1⤵
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Uses reflection
PID:3648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads