hydra | 676e369114e1052db252e5a93b76ae3cbe86e6afefbc0ca41810d2be983890ac | Triage

Analysis

max time kernel
438220s
platform
android_x86
resource
android-x86-arm
submitted
06-08-2021 06:18

Sharing

Report Analysis Logs

General

Target

90152_Video_Oynatıcı.apk
Size

3.1MB
MD5

6e4016cb79bcd119270acf542712b2fb
SHA1

7b75c91b636d63ea009d94acce954931f4d863fe
SHA256

676e369114e1052db252e5a93b76ae3cbe86e6afefbc0ca41810d2be983890ac
SHA512

4f3c7dcf227f1a942ed74a8070f3580248b9b1a946b5d214d3c5ed81aa41d1d38f48b6a9c0077170950d4a4a22d55e91ee60c949851ee16617cb0de1f67d35af

Score

10^/10

hydra banker infostealer obfuscation trojan

Malware Config

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.qyiqeqhd.gbdvmbz/code_cache/secondary-dexes/base.apk.classes1.zip	4823	/system/bin/dex2oat
/data/user/0/com.qyiqeqhd.gbdvmbz/code_cache/secondary-dexes/base.apk.classes1.zip	4793	com.qyiqeqhd.gbdvmbz

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.qyiqeqhd.gbdvmbz

Uses reflection 1 IoCs

description	pid	Process
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	4793	com.qyiqeqhd.gbdvmbz

com.qyiqeqhd.gbdvmbz
1⤵
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Uses reflection
PID:4793
- com.qyiqeqhd.gbdvmbz
  2⤵
  PID:4823
- /system/bin/dex2oat
  2⤵
  - Loads dropped Dex/Jar
  PID:4823

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads