hydra | 5ce41f4ecbfa8fa2855689ec3cfc1015ccf17f00ad28fa3bd26b4b8c86c56ad9 | Triage

Analysis

max time kernel
965278s
max time network
123s
platform
android_x64
resource
android-x64-arm64
submitted
12-08-2021 08:42

Sharing

Report Analysis Logs

General

Target

38157_Video_Oynatıcı.apk
Size

3.0MB
MD5

6ebeb85ffe32db161606a7c53722b890
SHA1

dc93b4458efebbc4a15a330840f0c92359e4de95
SHA256

5ce41f4ecbfa8fa2855689ec3cfc1015ccf17f00ad28fa3bd26b4b8c86c56ad9
SHA512

6c89168da5662aef9e5753f802e16791668c1820971304b349f5560e829dfec272f13eb3726a4d0c0f339579b4ca006f1d4acc904513c71da69a0a4ecf7c2c69

Score

10^/10

hydra banker infostealer obfuscation trojan

Malware Config

Extracted

Family

hydra

C2

http://miguelgonzales123.xyz

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.bllgeqgp.qbyoikh/code_cache/secondary-dexes/base.apk.classes1.zip	4173	com.bllgeqgp.qbyoikh

Uses reflection 3 IoCs

description	pid	Process
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	4173	com.bllgeqgp.qbyoikh
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4173	com.bllgeqgp.qbyoikh
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4173	com.bllgeqgp.qbyoikh

com.bllgeqgp.qbyoikh
1⤵
- Loads dropped Dex/Jar
- Uses reflection
PID:4173

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads