Malware Analysis Report

2025-01-19 05:30

Sample ID 210817-5qn8ddnb1j
Target 9afaa372d732d9a920e8dc68ccc243a248f839f52dac33da41f69f2ba0941906.zip
SHA256 bc76d2dd80cec82bcd2f18320cf880013bd6069e6c50f22948da0adf5301fa47
Tags
hydra banker infostealer obfuscation trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bc76d2dd80cec82bcd2f18320cf880013bd6069e6c50f22948da0adf5301fa47

Threat Level: Known bad

The file 9afaa372d732d9a920e8dc68ccc243a248f839f52dac33da41f69f2ba0941906.zip was found to be: Known bad.

Malicious Activity Summary

hydra banker infostealer obfuscation trojan

Hydra

Requests dangerous framework permissions

Loads dropped Dex/Jar

Uses reflection

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2021-08-17 17:02

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2021-08-17 17:02

Reported

2021-08-17 17:37

Platform

android-x86-arm

Max time kernel

1429241s

Command Line

com.lxqbcgkl.uzkzdvx

Signatures

Hydra

banker trojan infostealer hydra

Loads dropped Dex/Jar

Description Indicator Process Target
N/A /data/user/0/com.lxqbcgkl.uzkzdvx/code_cache/secondary-dexes/base.apk.classes1.zip N/A N/A
N/A /data/user/0/com.lxqbcgkl.uzkzdvx/code_cache/secondary-dexes/base.apk.classes1.zip N/A N/A

Uses reflection

obfuscation
Description Indicator Process Target
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE N/A N/A N/A

Processes

com.lxqbcgkl.uzkzdvx

com.lxqbcgkl.uzkzdvx

/system/bin/dex2oat

Network

N/A

Files

/data/user/0/com.lxqbcgkl.uzkzdvx/code_cache/secondary-dexes/MultiDex.lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.lxqbcgkl.uzkzdvx/code_cache/secondary-dexes/tmp-base.apk.classes9081640909788358245.zip

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.lxqbcgkl.uzkzdvx/code_cache/secondary-dexes/base.apk.classes1.zip.x86.flock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.lxqbcgkl.uzkzdvx/code_cache/secondary-dexes/oat/x86/base.apk.classes1.vdex

MD5 dd9eb10d80a17a96404e9dfdc7eb4896
SHA1 d9a121d4faa36786bcd04c61d4e0dd9ba40a69ae
SHA256 b3739c569457ef3ac447ec1d34b7b7fe21115bd395c3fb258d19e41c1e3dccd8
SHA512 e2d8eac28e123391041279e001454dc532a992cd2fa39b3f4e3db6f4b3f7dae317226b8a610cbe6c71c135bb6d1b0006d39024767d3a26217734407f0a56a241

/data/user/0/com.lxqbcgkl.uzkzdvx/code_cache/secondary-dexes/oat/x86/base.apk.classes1.odex

MD5 5484e11df82cd12a86a2e2e5b09adf36
SHA1 e9b6d7492b33ff49d7cec984d311e88d64ac263a
SHA256 c72778ceb0dbc3ecd6bcf04feeb56920c37fdb858ef7e1ef69f20c5bd8f24855
SHA512 f30918226caaa394f9c1d854616f69c5e3f749ec29c91db044e10da62ff25b2c523d3f94be15b6c66fef9baa366d82e7825299716aee39e066133cf5c53bb944

/data/user/0/com.lxqbcgkl.uzkzdvx/shared_prefs/multidex.version.xml

MD5 cd5c64d9ebd6cb1b00cf90fb59e9fad8
SHA1 4021e0f5704eecd3c8ab2773878661e58d7c8b57
SHA256 8cffd9462ad043b71e44a06e883f89f89a6d3f06a48ea4a4f5008071d4fadcf2
SHA512 1aab9d9260cb1f246629e6c57f154aa3b3500e1e40d092533e9d6c9f8ff174261fa89334788a66cdaa143d0b195db18738e478914652164fc05ffa76050de8d9

/data/user/0/com.lxqbcgkl.uzkzdvx/code_cache/secondary-dexes/base.apk.classes1.zip

MD5 2632f6f25810c1fd6cee492757827a43
SHA1 0e20abd06c5595b6864255ff40b2b4cff348859f
SHA256 9cfdabe0df59ff328cb595123437ce4ffc344b75a7442435ce80dfea5ee499e5
SHA512 ff341b30dee455e7342ad7b80bf8a1aea8b5e397b61082c35b1a371b7920df0b51fed4f64cc0fa1c083bbd62f2d4835f48a0d283bc0c0ac73199c1691fc7f87c

/data/user/0/com.lxqbcgkl.uzkzdvx/code_cache/secondary-dexes/base.apk.classes1.zip

MD5 7195b1299806d409d6dd8e0218f5f0ae
SHA1 773ecdbf524f3f1d25b9150907318f79702c2db9
SHA256 669fb2a207c8c7cc76b19faa3516fccb689bd2f6fb730234aeef8b4fcdadde29
SHA512 294d0beb255bb0ee83ce00f6839b8f7a285c0c797661a9bf5fbd96dd4c4da69fff3f46cd712dcdcdf89b60d75c09c95ab44118b8fe72c1b17d9a2baba219b577

/data/user/0/com.lxqbcgkl.uzkzdvx/shared_prefs/pref_name_setting.xml

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/data/user/0/com.lxqbcgkl.uzkzdvx/shared_prefs/prefs30.xml

MD5 1c6b6a6a91f2ccf7ac553f9a439ad69e
SHA1 270b45bc1c3255f95fecf8bfa85f7dbfc8fb5748
SHA256 a7958ee3107cac53056bac67328f317cf9e3aaf4533e1072f0c4f0334ebbffa6
SHA512 8a61fcab1bc82977f72af693d4a749ad41df81a9a9c6eaafee0f4ffd36a34f069a259c6b20046a8bce58a6eab526df122cb82e8d093be73cf5ff9d41e489bf8e