hydra | d48f7a62bd78239ee8381d924088e6e6e048884bc0a9ee538bb2b6a70cad527f

Analysis

max time kernel
479395s
platform
android_x86
resource
android-x86-arm
submitted
06-08-2021 17:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

34081_Video_Oynatıcı.apk
Size

3.1MB
MD5

9974bad66a83878b2307fa9906b47c02
SHA1

d412add72df906b015bbd855d99c7d95fa58e546
SHA256

d48f7a62bd78239ee8381d924088e6e6e048884bc0a9ee538bb2b6a70cad527f
SHA512

b22d0049fc94ebee37565eba70591d3ebeb028c6e63ab52381cede49f244a883335387198766f757085e27a598b5b33ebb91f4bdb7b8c9878f59c83ea034c29d

Score

10^/10

hydra banker infostealer obfuscation trojan

Malware Config

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

/system/bin/dex2oatcom.ntbxausy.rctrzgu

ioc	pid	process
/data/user/0/com.ntbxausy.rctrzgu/code_cache/secondary-dexes/base.apk.classes1.zip	4780	/system/bin/dex2oat
/data/user/0/com.ntbxausy.rctrzgu/code_cache/secondary-dexes/base.apk.classes1.zip	4750	com.ntbxausy.rctrzgu

Uses reflection 1 IoCs
obfuscation

Processes:

com.ntbxausy.rctrzgu

description pid process

Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 4750 com.ntbxausy.rctrzgu

description	pid	process
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	4750	com.ntbxausy.rctrzgu

com.ntbxausy.rctrzgu
1⤵
- Loads dropped Dex/Jar
- Uses reflection
PID:4750
- com.ntbxausy.rctrzgu
  2⤵
  PID:4780
- /system/bin/dex2oat
  2⤵
  - Loads dropped Dex/Jar
  PID:4780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.ntbxausy.rctrzgu/code_cache/secondary-dexes/MultiDex.lock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.ntbxausy.rctrzgu/code_cache/secondary-dexes/base.apk.classes1.zip

MD5
6775397859e9271f585bd9279d872925

SHA1
cfc9deca2ec9b6bd79d3986445d59a4901d58f3f

SHA256
ff0536faa53a2b08c25b8941a15d0fcb3e2acfba34f083f020cf90be8b42753c

SHA512
58e46d9f09305129b75a9b2023291dfe7473fb3a8d84e9e8ea34f067853cf1b57e60e6816219da7ad57c2420981c9e8ae8d9f390ee9abcf3a117b931ea2e408b

Download Submit
/data/user/0/com.ntbxausy.rctrzgu/code_cache/secondary-dexes/base.apk.classes1.zip

MD5
2facd9d665d307cf0ad6d09b89ca6d0e

SHA1
338483005909ebff1c8c36fb4ddc74b6b4d14f8e

SHA256
af660cbafc970f31df40fa6c099808cd74c31e1e9347dc26bdeae8826e1a8cda

SHA512
426bc2b701c6f1f6c78dddf69aa501c198c9aab548d94d4b6de85028fd7895bc46dde7d5ad13f7ac8ac3c171e584aad354c55048781b749b9a1cc9373d5fdcb6

Download Submit
/data/user/0/com.ntbxausy.rctrzgu/code_cache/secondary-dexes/base.apk.classes1.zip.x86.flock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.ntbxausy.rctrzgu/code_cache/secondary-dexes/oat/x86/base.apk.classes1.odex

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.ntbxausy.rctrzgu/code_cache/secondary-dexes/oat/x86/base.apk.classes1.vdex

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.ntbxausy.rctrzgu/code_cache/secondary-dexes/tmp-base.apk.classes4773339829598403535.zip

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.ntbxausy.rctrzgu/shared_prefs/multidex.version.xml

MD5
9ba6e674fec718d16e6f6940a12f9020

SHA1
20eb158d37eaa8cd649fdfb399d2ab4b4088f2db

SHA256
7f9502f3b8655cc47cd2da11e9ade8fa5398372bb3191b0392b47c8389464506

SHA512
ef31be69fa8c21f2958bcb207b25c6592ce4e7ba187284850f4a1d6a47976fd41b2c6e783dde7a71805accf8eeaa83786239dd8fc5b5dfe40e3133ac6cda1348

Download Submit
/data/user/0/com.ntbxausy.rctrzgu/shared_prefs/pref_name_setting.xml

MD5
6408c1b65bd4e2b05b8ce831c42a32a2

SHA1
3be875cbc1f7e36f53cce042c462c099289248b7

SHA256
17cf13fa5cd8dfcb6eef4ff0f14e04423b895a99bcdb5470a61e651710483fbf

SHA512
255df0bdd2331648c038edd9de6f46d49130b1127deb482a94af8477ae97d3633f992f041642f4bba3c9263aca1b5596b8dc6b9eebf8963e99ee23d3c376aaa1

Download Submit
/data/user/0/com.ntbxausy.rctrzgu/shared_prefs/prefs30.xml

MD5
1c6b6a6a91f2ccf7ac553f9a439ad69e

SHA1
270b45bc1c3255f95fecf8bfa85f7dbfc8fb5748

SHA256
a7958ee3107cac53056bac67328f317cf9e3aaf4533e1072f0c4f0334ebbffa6

SHA512
8a61fcab1bc82977f72af693d4a749ad41df81a9a9c6eaafee0f4ffd36a34f069a259c6b20046a8bce58a6eab526df122cb82e8d093be73cf5ff9d41e489bf8e

Download Submit