hydra | 8ec3ec89c9ebac8e0f054913e0f443fd8b1fa2083d1cb2dbc31be4e94fab7208 | Triage

Analysis

max time kernel
382680s
platform
android_x86
resource
android-x86-arm
submitted
05-08-2021 14:52

Sharing

Report Analysis Logs

General

Target

40862_Video_Oynatıcı.apk
Size

2.6MB
MD5

8f31c64298921bd28072ab901e341b3c
SHA1

749f248a8ab4311cccaf2f0bd1e3ce9fed444467
SHA256

8ec3ec89c9ebac8e0f054913e0f443fd8b1fa2083d1cb2dbc31be4e94fab7208
SHA512

6adfa1db6fdfcfe8acf11e6d76fefbc5b03d6dea8d9bb97b7999e686b0f403fcfbfbc4bb43e7dc230ae7f5e01c0ea2d401204c56fff527be7a99bda72249df21

Score

10^/10

hydra banker infostealer obfuscation trojan

Malware Config

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.zafmuupa.ixlaqwx/code_cache/secondary-dexes/base.apk.classes1.zip	4941	/system/bin/dex2oat
/data/user/0/com.zafmuupa.ixlaqwx/code_cache/secondary-dexes/base.apk.classes1.zip	4904	com.zafmuupa.ixlaqwx

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.zafmuupa.ixlaqwx

Uses reflection 1 IoCs

description	pid	Process
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	4904	com.zafmuupa.ixlaqwx

com.zafmuupa.ixlaqwx
1⤵
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Uses reflection
PID:4904
- com.zafmuupa.ixlaqwx
  2⤵
  PID:4941
- /system/bin/dex2oat
  2⤵
  - Loads dropped Dex/Jar
  PID:4941

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads