hydra | ccebc2265cae07b7798d8bd7b194ae999f1e9f4b2652d3d220b873c23610f0c7 | Triage

Analysis

max time kernel
533662s
max time network
82s
platform
android_x64
resource
android-x64-arm64
submitted
07-08-2021 08:49

Sharing

Report Analysis Logs

General

Target

36509_Video_Oynatıcı.apk
Size

3.1MB
MD5

5f9eff5c3af6f72e93937ba09f40b5d7
SHA1

bdc23081a728a2557ceedcabf787e9847e6df159
SHA256

ccebc2265cae07b7798d8bd7b194ae999f1e9f4b2652d3d220b873c23610f0c7
SHA512

8d54d2d0297c617e0cab94b1feae1fc4e54250fd9fc66e8d5645a8a63cc000b5837dc0c6632559498bf054bc065bb3fa159027172f3711c4942c6e9a70916692

Score

10^/10

hydra banker infostealer obfuscation trojan

Malware Config

Extracted

Family

hydra

C2

http://courteneyguerrero584.xyz

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.jrrnwddn.bsjpjlt/code_cache/secondary-dexes/base.apk.classes1.zip	4316	com.jrrnwddn.bsjpjlt

Uses reflection 3 IoCs

description	pid	Process
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	4316	com.jrrnwddn.bsjpjlt
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4316	com.jrrnwddn.bsjpjlt
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4316	com.jrrnwddn.bsjpjlt

com.jrrnwddn.bsjpjlt
1⤵
- Loads dropped Dex/Jar
- Uses reflection
PID:4316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads