hydra | 2b305310db25d5ac714d4e5df898fa336e0bb3b86039b42ea37762f00956b3ff | Triage

Analysis

max time kernel
965276s
max time network
39s
platform
android_x64
resource
android-x64
submitted
12/08/2021, 08:42

Sharing

Report Analysis Logs

General

Target

64109_Video_Oynatıcı.apk
Size

3.0MB
MD5

c37ae32cd4bcce93797535082e2080a2
SHA1

ae84294f83e45c8a9180cb6a0e658181fdee62fc
SHA256

2b305310db25d5ac714d4e5df898fa336e0bb3b86039b42ea37762f00956b3ff
SHA512

6b1005ce7b3749d94126be73e926bfea988a3961a95a493bb879e3efaea93b62936a13589c063601fda32cc1403b0b9639661dfe7183bb395c6d23c431f6506e

Score

10^/10

hydra banker infostealer obfuscation trojan

Malware Config

Extracted

Family

hydra

C2

http://miguelgonzales123.xyz

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.wefccxit.cbhxpgr/code_cache/secondary-dexes/base.apk.classes1.zip	3647	com.wefccxit.cbhxpgr

Uses reflection 3 IoCs

description	pid	Process
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	3647	com.wefccxit.cbhxpgr
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3647	com.wefccxit.cbhxpgr
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3647	com.wefccxit.cbhxpgr

com.wefccxit.cbhxpgr
1⤵
- Loads dropped Dex/Jar
- Uses reflection
PID:3647

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads