hydra | ccebc2265cae07b7798d8bd7b194ae999f1e9f4b2652d3d220b873c23610f0c7 | Triage

Analysis

max time kernel
533657s
platform
android_x86
resource
android-x86-arm
submitted
07-08-2021 08:49

Sharing

Report Analysis Logs

General

Target

36509_Video_Oynatıcı.apk
Size

3.1MB
MD5

5f9eff5c3af6f72e93937ba09f40b5d7
SHA1

bdc23081a728a2557ceedcabf787e9847e6df159
SHA256

ccebc2265cae07b7798d8bd7b194ae999f1e9f4b2652d3d220b873c23610f0c7
SHA512

8d54d2d0297c617e0cab94b1feae1fc4e54250fd9fc66e8d5645a8a63cc000b5837dc0c6632559498bf054bc065bb3fa159027172f3711c4942c6e9a70916692

Score

10^/10

hydra banker infostealer obfuscation trojan

Malware Config

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.jrrnwddn.bsjpjlt/code_cache/secondary-dexes/base.apk.classes1.zip	4919	/system/bin/dex2oat
/data/user/0/com.jrrnwddn.bsjpjlt/code_cache/secondary-dexes/base.apk.classes1.zip	4887	com.jrrnwddn.bsjpjlt

Uses reflection 1 IoCs

description	pid	Process
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	4887	com.jrrnwddn.bsjpjlt

com.jrrnwddn.bsjpjlt
1⤵
- Loads dropped Dex/Jar
- Uses reflection
PID:4887
- com.jrrnwddn.bsjpjlt
  2⤵
  PID:4919
- /system/bin/dex2oat
  2⤵
  - Loads dropped Dex/Jar
  PID:4919

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads