hydra | 9afaa372d732d9a920e8dc68ccc243a248f839f52dac33da41f69f2ba0941906 | Triage

Analysis

max time kernel
906174s
max time network
33s
platform
android_x64
resource
android-x64
submitted
11-08-2021 16:17

Sharing

Report Analysis Logs

General

Target

23819_Video_Oynatıcı.apk
Size

3.1MB
MD5

5f2a21c5569b01486fb791784aff7005
SHA1

5c674b4543573ddc6008e9d013fbf5001fd3b923
SHA256

9afaa372d732d9a920e8dc68ccc243a248f839f52dac33da41f69f2ba0941906
SHA512

155a1b34bc78cd55fe4bb10dc8b5bafa65e23e6be4ee01a6139fc5bfb4b4ae9008fe2960b2ad4c5c9faa4ae4a8805c1e07edd790d745d5ede5ca766729ee653a

Score

10^/10

hydra banker infostealer obfuscation trojan

Malware Config

Extracted

Family

hydra

C2

http://shaylaprince5.xyz

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.lxqbcgkl.uzkzdvx/code_cache/secondary-dexes/base.apk.classes1.zip	3646	com.lxqbcgkl.uzkzdvx

Uses reflection 3 IoCs

description	pid	Process
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	3646	com.lxqbcgkl.uzkzdvx
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3646	com.lxqbcgkl.uzkzdvx
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3646	com.lxqbcgkl.uzkzdvx

com.lxqbcgkl.uzkzdvx
1⤵
- Loads dropped Dex/Jar
- Uses reflection
PID:3646

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads