hydra | 676e369114e1052db252e5a93b76ae3cbe86e6afefbc0ca41810d2be983890ac | Triage

Analysis

max time kernel
438214s
max time network
109s
platform
android_x64
resource
android-x64
submitted
06-08-2021 06:18

Sharing

Report Analysis Logs

General

Target

90152_Video_Oynatıcı.apk
Size

3.1MB
MD5

6e4016cb79bcd119270acf542712b2fb
SHA1

7b75c91b636d63ea009d94acce954931f4d863fe
SHA256

676e369114e1052db252e5a93b76ae3cbe86e6afefbc0ca41810d2be983890ac
SHA512

4f3c7dcf227f1a942ed74a8070f3580248b9b1a946b5d214d3c5ed81aa41d1d38f48b6a9c0077170950d4a4a22d55e91ee60c949851ee16617cb0de1f67d35af

Score

10^/10

hydra banker infostealer obfuscation trojan

Malware Config

Extracted

Family

hydra

C2

http://glennnewton547458.xyz

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.qyiqeqhd.gbdvmbz/code_cache/secondary-dexes/base.apk.classes1.zip	3715	com.qyiqeqhd.gbdvmbz

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.qyiqeqhd.gbdvmbz

Uses reflection 3 IoCs

description	pid	Process
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	3715	com.qyiqeqhd.gbdvmbz
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3715	com.qyiqeqhd.gbdvmbz
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3715	com.qyiqeqhd.gbdvmbz

com.qyiqeqhd.gbdvmbz
1⤵
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Uses reflection
PID:3715

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads