hydra | 8e6271b1777abb0402a1b08bda491a17e4743d57053e312f3ff8918fb0dcfb55

Analysis

max time kernel
6807s
max time network
190s
platform
android_x64
resource
android-x64-arm64
submitted
01-08-2021 06:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

01836_Video_Oynatıcı.apk
Size

2.6MB
MD5

5f08b7472011f988eb20f0b9619408a4
SHA1

35f6b95f50b8a4dd63a4e353b7e92deec0216f5b
SHA256

8e6271b1777abb0402a1b08bda491a17e4743d57053e312f3ff8918fb0dcfb55
SHA512

db54bce5751f89c764d6843c44d325b4cf7efdb17721ea4902a47175337acecb38c115e62e254b8cc8275d1de65a0d025212b3649629460b35d61f2d5b3a2e49

Score

10^/10

hydra banker infostealer obfuscation trojan

Malware Config

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

com.zhnfylbf.qdbnohw

ioc pid process

/data/user/0/com.zhnfylbf.qdbnohw/code_cache/secondary-dexes/base.apk.classes1.zip 4304 com.zhnfylbf.qdbnohw
Requests enabling of the accessibility settings. 1 IoCs

Processes:

com.zhnfylbf.qdbnohw

description ioc process

Intent action android.settings.ACCESSIBILITY_SETTINGS com.zhnfylbf.qdbnohw
Reads name of network operator 1 IoCs
Uses Android APIs to discover system information.

Processes:

com.zhnfylbf.qdbnohw

description ioc process

Framework API call android.telephony.TelephonyManager.getNetworkOperatorName com.zhnfylbf.qdbnohw

ioc	pid	process
/data/user/0/com.zhnfylbf.qdbnohw/code_cache/secondary-dexes/base.apk.classes1.zip	4304	com.zhnfylbf.qdbnohw

description	ioc	process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.zhnfylbf.qdbnohw

description	ioc	process
Framework API call	android.telephony.TelephonyManager.getNetworkOperatorName	com.zhnfylbf.qdbnohw

Uses reflection 3 IoCs

obfuscation

Processes:

com.zhnfylbf.qdbnohw

description	pid	process
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	4304	com.zhnfylbf.qdbnohw
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4304	com.zhnfylbf.qdbnohw
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4304	com.zhnfylbf.qdbnohw

com.zhnfylbf.qdbnohw
1⤵
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Reads name of network operator
- Uses reflection
PID:4304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.zhnfylbf.qdbnohw/app_apk/payload.apk
MD5
3baeaa766ea7f31a9147208efd957c75

SHA1
c701de3d0e55425394ccbf8e0967639e86f3c54e

SHA256
75e162dc291e15d13b0f3202a66e0c88ff2db09ec02922ee64818dbddcb78d6d

SHA512
9f3ccb1fc9a177524ba2d39f809be4851af385073463893bd4a8664308253fc0da2b9ab330c85675dbe9ce0c44b631a0d1ec7800491687c7b2540504b351295f

Download Submit
/data/user/0/com.zhnfylbf.qdbnohw/code_cache/secondary-dexes/MultiDex.lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.zhnfylbf.qdbnohw/code_cache/secondary-dexes/base.apk.classes1.zip
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.zhnfylbf.qdbnohw/code_cache/secondary-dexes/tmp-base.apk.classes3072797472493076544.zip
MD5
f27d400616c8e93dba5e4c62b41e4e80

SHA1
41130c651211da545947927693ddea0375718371

SHA256
96ced98a17d047f25d8645563e0d01e7321345cd5a532736c6d18879185dc3c4

SHA512
0468ca0233b0099aee90727ea2424a18567fac46d7f92068df35cd4a19c9262beb9cc2aa1492607a871b1271082ced7d22573f4225671c80ac611457d53b4f42

Download Submit
/data/user/0/com.zhnfylbf.qdbnohw/shared_prefs/multidex.version.xml
MD5
4091989e7c0d78be17cc199a449efec8

SHA1
42153ef6b3c4182d7e04a77137ca78ef79d6a09d

SHA256
9c9cf2841cc6530ad91c46163afa98d545e0f1da5f9bedf2bdbf008b53c6cec4

SHA512
e926e0cdbe3c236c7e6bbd99b8dc70f8b27ef159d6e8502e682a7f31197b8a70653b930c5bfbb54ceb963b7a5565adeff124a4777ae39a259bd05ad479d4afd6

Download Submit
/data/user/0/com.zhnfylbf.qdbnohw/shared_prefs/pref_name_setting.xml
MD5
d50c85146e1c23bdcf3f68f3849cb665

SHA1
e0e82f3895e7967a188af4d1033556f4720d4b11

SHA256
bdb1942f5fb72ac519566e5f3d04a142b0c5c53a87a97afe5a01ba759682e37a

SHA512
4de8c3f260a44d443528c1609a5b4a56d199563b5f08aa601190cb139fd1ae73ff55287d3ac9c4088ecc5035ef2a5cf759529ebd4547d0e19a76ebadcca637e0

Download Submit
/data/user/0/com.zhnfylbf.qdbnohw/shared_prefs/pref_name_setting.xml
MD5
eec02ee4246021a1be06f5d71294d07e

SHA1
aded70ec16265c0a6cae8d56d31790d6cdcf4aad

SHA256
5751c46888ef5ab827dcfbed74fabe53c96eda6db46bf9068c1945874a84f9c7

SHA512
9f444ecc01738426b8d5377dd8cbc771c602fd6437e0d7fb36bd81a3fd628d6af6f54b361d0eda476ad6ee130d4774bf3e30cf3fd6ea630efdca3760ee5153ee

Download Submit
/data/user/0/com.zhnfylbf.qdbnohw/shared_prefs/pref_name_setting.xml
MD5
a8a400a88f971a2848082468ea5c28e9

SHA1
2903a6aa348f96d881bf172df7ea7a3fcc724c7f

SHA256
39a3405a041a249dccb14c890fea7ce5fd7b24f2c60cd4ed4f02468a7902d89d

SHA512
3a19c20a47972d84a28622c32e87c3c5238ae4873b849bb52326227c78cf613f734ca94e611075f35a371368251d2ae9a5a1d02d2331e0e0618a7a37e66ad112

Download Submit
/data/user/0/com.zhnfylbf.qdbnohw/shared_prefs/pref_name_setting.xml
MD5
f619f7a3994d681d329390bde3c886c6

SHA1
3fa4da5afc8b142e50de2d4bb69df14dd5a6eb6a

SHA256
97766cee720a82298f744699ca601ed44265aa5db5aa471191591f60267b9bcf

SHA512
8b3eb1c7f35bee11615fee0af7aa66ddd835578572fa7f1e60dcbacfa449685ec3fab00b9d317d19b529b39779834de88a3642674c1074e911422eb8c139e6c5

Download Submit
/data/user/0/com.zhnfylbf.qdbnohw/shared_prefs/pref_name_setting.xml
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.zhnfylbf.qdbnohw/shared_prefs/pref_name_setting.xml
MD5
ffb15fd33bae1c66cdf64f4032057803

SHA1
1b8a1efa620f5d380fb2825728921c2cd242a064

SHA256
dd922d7d0da5dde95769a92d5f76e790c95f682788dac88046826b20f408c297

SHA512
fc5bbf46d0bc1fc440122640cb5347c560c06f8e3c02c42ef3ad585f551ab64563e3b839d4191bfc7b4e10f718491c7bbe9c5adac5b24bdafb4828dc7489a910

Download Submit
/data/user/0/com.zhnfylbf.qdbnohw/shared_prefs/pref_name_setting.xml
MD5
5797c24533628be9bf6fd4be80cd8f35

SHA1
a2a74146ad32297f935695cfa8a3e73322c87281

SHA256
db95262719ffe62fff2cd60bc4269b81695ba52c3188c1dc59ce75d68dcedeed

SHA512
2385716965891d66783539b87413c1b428c06b04e9a8e709ef6cb01e8254c1785194d0db9643856d30185a7361538701ddcda3620a8be89253875c58eaec5ff1

Download Submit
/data/user/0/com.zhnfylbf.qdbnohw/shared_prefs/pref_name_setting.xml
MD5
dd51ced35ab1ebefbce74dca937fe7fe

SHA1
0b0cb25677513d8f8d978eea4d8236241c6e4d49

SHA256
f15c5f548c4f671da8d6491efb7978ed35df9100defaf3dd74cc1a686fe45bd1

SHA512
27b32602295285bffbb0b2b3aae54b031f84a672134622bf13ac660ea4df9cba538cd751e765147903f7b6790a305160829e535fe63862c3101ea2e755d946a1

Download Submit
/data/user/0/com.zhnfylbf.qdbnohw/shared_prefs/prefs30.xml
MD5
c3b410d9527ac6cdafe5bf2460296ae9

SHA1
bd6eea5345d35b8a579863e68c6566d3bbfdce36

SHA256
959a3937be4b9a94d3baa812c311e973214b4e689f8e94ee4d5de884a66b28ba

SHA512
4400c692b56c54343334e36b07aa2f0e93200e0f0faedd856feb635a27ddf7050882f4fcc4294b9c33a9338d36c94825eda976073b187a2ee5930ab6b0384d8b

Download Submit
/data/user/0/com.zhnfylbf.qdbnohw/shared_prefs/prefs30.xml
MD5
9f1f4f437c95dd1ca14cba13e35168b6

SHA1
3fdd88f318495b6c6778541ade7587541335e165

SHA256
3cd1f95d27f900d1af2576404cf32c94e50dd324d30a06b6ab1883124dd8e770

SHA512
b60b647bf88f406065e2a7a199ad84089f63a07b1e87f9b974b03fc19cd67ac4d74a25bfd0349897d4ab26e0d32d21cf6a5117c465e3b620d2821a4bd7d07f2f

Download Submit
/data/user/0/com.zhnfylbf.qdbnohw/shared_prefs/prefs30.xml
MD5
1c6b6a6a91f2ccf7ac553f9a439ad69e

SHA1
270b45bc1c3255f95fecf8bfa85f7dbfc8fb5748

SHA256
a7958ee3107cac53056bac67328f317cf9e3aaf4533e1072f0c4f0334ebbffa6

SHA512
8a61fcab1bc82977f72af693d4a749ad41df81a9a9c6eaafee0f4ffd36a34f069a259c6b20046a8bce58a6eab526df122cb82e8d093be73cf5ff9d41e489bf8e

Download Submit