hydra | f3461634486f4177f1dd18f89a06ca6a8c5bdf829604c15ecda2fa51c6a88c95 | Triage

Analysis

max time kernel
1064087s
max time network
36s
platform
android_x64
resource
android-x64
submitted
13-08-2021 12:09

Sharing

Report Analysis Logs

General

Target

80635_Video_Oynatıcı.apk
Size

3.0MB
MD5

0b1c0ff2a98a57fa9ced149762b8fb9c
SHA1

3b184ddb11435dcb5d3f5de724c0718d0ecfc859
SHA256

f3461634486f4177f1dd18f89a06ca6a8c5bdf829604c15ecda2fa51c6a88c95
SHA512

73f256c581cef280938a09d34ad2bd511fcec8d354d3dacb1d855ccdba15efeec97b4bdf1acd24168d57733ede7a8947b8762377f563b14c8612383838cb9963

Score

10^/10

hydra banker infostealer obfuscation trojan

Malware Config

Extracted

Family

hydra

C2

http://andrewavalos325.xyz

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.euhfotlq.fuzdajn/code_cache/secondary-dexes/base.apk.classes1.zip	3686	com.euhfotlq.fuzdajn

Uses reflection 3 IoCs

description	pid	Process
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	3686	com.euhfotlq.fuzdajn
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3686	com.euhfotlq.fuzdajn
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3686	com.euhfotlq.fuzdajn

com.euhfotlq.fuzdajn
1⤵
- Loads dropped Dex/Jar
- Uses reflection
PID:3686

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads