hydra | 90afe99519b428fb7b39843af48838d70d997568609417e9d242858d3eceace8 | Triage

Analysis

max time kernel
587469s
max time network
138s
platform
android_x64
resource
android-x64-arm64
submitted
07-08-2021 23:44

Sharing

Report Analysis Logs

General

Target

54738_Video_Oynatıcı.apk
Size

3.1MB
MD5

af830c008d42babdcdfd6520198e2ba7
SHA1

e92981cc645439f71f2b5892d940da1b6b84744f
SHA256

90afe99519b428fb7b39843af48838d70d997568609417e9d242858d3eceace8
SHA512

2b0b8eac9b9601e6e3f9280aaf47407d6a7ce0599dbf90a9df12ff5353c0f6cc5a6760ae357ddedd4bed4c6ffe82161bd6011b0a3553e3a354f70dd44d5e86df

Score

10^/10

hydra banker infostealer obfuscation trojan

Malware Config

Extracted

Family

hydra

C2

http://courteneyguerrero584.xyz

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.dezjpspf.pjwtyzt/code_cache/secondary-dexes/base.apk.classes1.zip	4202	com.dezjpspf.pjwtyzt

Uses reflection 3 IoCs

description	pid	Process
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	4202	com.dezjpspf.pjwtyzt
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4202	com.dezjpspf.pjwtyzt
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4202	com.dezjpspf.pjwtyzt

com.dezjpspf.pjwtyzt
1⤵
- Loads dropped Dex/Jar
- Uses reflection
PID:4202

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads