hydra | 0b20accac922de51e34a7dc637841d6071c92929ae9dc566f043b268871b58dc | Triage

Analysis

max time kernel
1510924s
max time network
74s
platform
android_x64
resource
android-x64
submitted
18/08/2021, 16:14

Sharing

Report Analysis Logs

General

Target

30284_Video_Oynatıcı.apk
Size

3.3MB
MD5

b7fd23008ba0a521e2155fab6e50433c
SHA1

2cc0c9b7ffe598f2af7a40141270f901699b0156
SHA256

0b20accac922de51e34a7dc637841d6071c92929ae9dc566f043b268871b58dc
SHA512

9e9acb73c1e34ec319a70cc0710003bc2c3884fdb44b31937985a81b437e743b41bd4f55f2f2236a5b75957b6ed916e206f4ea2dfaf788c894dcd289d0b77a45

Score

10^/10

hydra banker infostealer obfuscation trojan

Malware Config

Extracted

Family

hydra

C2

http://leopoldpaine27.xyz

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.oaakxqhl.lolwxjv/code_cache/secondary-dexes/base.apk.classes1.zip	3620	com.oaakxqhl.lolwxjv

Uses reflection 3 IoCs

description	pid	Process
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	3620	com.oaakxqhl.lolwxjv
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3620	com.oaakxqhl.lolwxjv
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3620	com.oaakxqhl.lolwxjv

com.oaakxqhl.lolwxjv
1⤵
- Loads dropped Dex/Jar
- Uses reflection
PID:3620

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads