hydra | 71c5bd9ef412ea0602a910f63f4baa556719cb901dc6c8b952e7d513cb9061e1 | Triage

Analysis

max time kernel
888584s
max time network
164s
platform
android_x64
resource
android-x64-arm64
submitted
11-08-2021 11:23

Sharing

Report Analysis Logs

General

Target

71c5bd9ef412ea0602a910f63f4baa556719cb901dc6c8b952e7d513cb9061e1.apk
Size

3.1MB
MD5

4d378b4fbf06a8d5065b4014a5be500e
SHA1

8bbf8e73a24da31a640566ed5c54ae3803c32c4c
SHA256

71c5bd9ef412ea0602a910f63f4baa556719cb901dc6c8b952e7d513cb9061e1
SHA512

50e70ce7f1df95adffe897982488185e78a5e8b7ed78bccb41e991cdd987d431e88b7cbcabf92e87d54fc7604f3ac106eb8f4e299a0d8f011bd1c7ad94ca7599

Score

10^/10

hydra banker infostealer obfuscation trojan

Malware Config

Extracted

Family

hydra

C2

http://shaylaprince5.xyz

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.vtzwnmsy.tnfvuqs/code_cache/secondary-dexes/base.apk.classes1.zip	3997	com.vtzwnmsy.tnfvuqs

Uses reflection 3 IoCs

description	pid	Process
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	3997	com.vtzwnmsy.tnfvuqs
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3997	com.vtzwnmsy.tnfvuqs
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3997	com.vtzwnmsy.tnfvuqs

com.vtzwnmsy.tnfvuqs
1⤵
- Loads dropped Dex/Jar
- Uses reflection
PID:3997

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads