hydra | 9cbdd422daf93e15b2135f0f6feebf7428eaaaba4aeaf18c12e882e67a849c89

Analysis

max time kernel
193286s
max time network
189s
platform
android_x64
resource
android-x64-arm64
submitted
03-08-2021 10:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

29516_Video_Oynatıcı.apk
Size

2.6MB
MD5

723d4d2c92d5d6da8fe7c30e21a3fe01
SHA1

a898aaf26cbccc88c372c59414be88d5e3e7991a
SHA256

9cbdd422daf93e15b2135f0f6feebf7428eaaaba4aeaf18c12e882e67a849c89
SHA512

96b26e1462ba1cc02505c14ee1f54798b1f176c0a95a0564294980315038f5d2eaa02f0c558edd24fefb18dc52f20412044cecab9926b2ccba989bfc3284c895

Score

10^/10

hydra banker infostealer obfuscation trojan

Malware Config

Extracted

Family

hydra

http://greysondowling458.xyz

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

com.nvlcdjjl.yrsbiav

ioc pid process

/data/user/0/com.nvlcdjjl.yrsbiav/code_cache/secondary-dexes/base.apk.classes1.zip 4336 com.nvlcdjjl.yrsbiav
Requests enabling of the accessibility settings. 1 IoCs

Processes:

com.nvlcdjjl.yrsbiav

description ioc process

Intent action android.settings.ACCESSIBILITY_SETTINGS com.nvlcdjjl.yrsbiav

ioc	pid	process
/data/user/0/com.nvlcdjjl.yrsbiav/code_cache/secondary-dexes/base.apk.classes1.zip	4336	com.nvlcdjjl.yrsbiav

description	ioc	process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.nvlcdjjl.yrsbiav

Uses reflection 3 IoCs

obfuscation

Processes:

com.nvlcdjjl.yrsbiav

description	pid	process
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	4336	com.nvlcdjjl.yrsbiav
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4336	com.nvlcdjjl.yrsbiav
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4336	com.nvlcdjjl.yrsbiav

com.nvlcdjjl.yrsbiav
1⤵
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Uses reflection
PID:4336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.nvlcdjjl.yrsbiav/code_cache/secondary-dexes/MultiDex.lock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.nvlcdjjl.yrsbiav/code_cache/secondary-dexes/base.apk.classes1.zip

MD5
3da0adb9a845fa82f3225e07aa272895

SHA1
c17f93be72857afef107e6b7e890df963c5dfa76

SHA256
47712b429fa3c12ee432042830dce272a98885c8aeb5dfad6b25eaeab8d2d0fc

SHA512
c47dfa2e18b08d19542411f6a15a3a0972b0446a08fc2109cc2ed69fe7bbbbf78b5b88793fbfd5ee718c7d6f77ee41b318baff82c13fa45b99c66eb1dfe6f472

Download Submit
/data/user/0/com.nvlcdjjl.yrsbiav/code_cache/secondary-dexes/tmp-base.apk.classes8821282253518012799.zip

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.nvlcdjjl.yrsbiav/shared_prefs/multidex.version.xml

MD5
1e6b8f158662fcb210d2de76ceef2ae2

SHA1
ae77e0bd0731a0d55c3dbb5524e569dbcadc469e

SHA256
da239f025ab28946f7c59426b2b5fffce2b970c74e428b2022dd0f07971576b3

SHA512
15f85557e9c280e5ee1643ddde9c240c11f576f2b34dc5dab9239c4c8243f5942a393d6bb990687c53457034fb876389c8eba9bbea4de0ca775921c6c4143ea3

Download Submit
/data/user/0/com.nvlcdjjl.yrsbiav/shared_prefs/pref_name_setting.xml

MD5
dd2c90abac431a6fab7c0c3ca0fc6b59

SHA1
79ad8bc31e2443c736502c60e3cc1caf07a0a6bd

SHA256
4fb3f5a973aa388fc34d669630cd0b21e3fa2f0c7996454b71a01bdb228e103b

SHA512
587d19d531b6752ff4517003163898a505fd9ae718d098ae795ceedb73d49e0be2d05f21dd14249aaae98134e7ceeb6f99a6799ff336a32debc552ed214f81f2

Download Submit
/data/user/0/com.nvlcdjjl.yrsbiav/shared_prefs/pref_name_setting.xml

MD5
993883f50ac86aed357f879de74ef1ab

SHA1
de6df3f5459318a71187a986d5fef2c704f3fb43

SHA256
21ae3ccaf4c8122ee4e8c06b0c85eeb028873c37988ee23c2c2d5238294f0b26

SHA512
38ebb1d34fd1b17b2f83f37fd604628ef64fedd724b5b76a956b0f6cdb266e13582b83fe67aa95cde9cfa5853ba57cbc7eee92f42c2a2902fe690af5d18b9cb8

Download Submit
/data/user/0/com.nvlcdjjl.yrsbiav/shared_prefs/pref_name_setting.xml

MD5
c09349a2ba8bf306838c196847cc889c

SHA1
e6fcd2eed55890b106c7ffe408589c6150314f1e

SHA256
90596057475c4dda09aebb9f43265c27882357a8f9e2187d8e7a0ab9e33c87de

SHA512
b3dd2d6cea8546587d6c59c0e2e293b6f2dde56bb4ceb9a156b47249b1c00f8247dc7b9e80c071f95bc5aaa7b338d1462afa1dd6fac50f84c1c9fafdba9a4dae

Download Submit
/data/user/0/com.nvlcdjjl.yrsbiav/shared_prefs/pref_name_setting.xml

MD5
d17c11e01dc15d577f529eff6edc7a7d

SHA1
87f0563f333f1f9eb8e60e40a4761f2883a7fd94

SHA256
5a4ca41cfc7e8ccc8ff394b3bb80f1d1401db953c4dd9da02288da82376ed5b3

SHA512
2c7b0c497945d2330dc1e7ee6cc0fa4a441d271653645c6c708e0e3d2c10c2c21e2f0a2c7309b469fb89a56fb9da9e3315f8531e3c0fb43379a4a4cbdad9339d

Download Submit
/data/user/0/com.nvlcdjjl.yrsbiav/shared_prefs/pref_name_setting.xml

MD5
5a5831321db9ffe4246646ad9a85f6e3

SHA1
8a7eaac89534065f441a81590d14dc10316ee2c5

SHA256
c24f675ad07ac8079e9d9426a9fa977e8b242bf0684fbae9c4af59676e862f10

SHA512
919fbce3af7b02b7965d7d0d79c8836b4be4f6b8f3e0a291bcdeb8e86a4d766b8905ac81a7e2f5ebf7cde0654579dd81d7fcc282eef42b0e1c4133bc82e21b1f

Download Submit
/data/user/0/com.nvlcdjjl.yrsbiav/shared_prefs/prefs30.xml

MD5
1c6b6a6a91f2ccf7ac553f9a439ad69e

SHA1
270b45bc1c3255f95fecf8bfa85f7dbfc8fb5748

SHA256
a7958ee3107cac53056bac67328f317cf9e3aaf4533e1072f0c4f0334ebbffa6

SHA512
8a61fcab1bc82977f72af693d4a749ad41df81a9a9c6eaafee0f4ffd36a34f069a259c6b20046a8bce58a6eab526df122cb82e8d093be73cf5ff9d41e489bf8e

Download Submit