hydra | 4ee193d7a93bbf1d0ae9ea86d775eee37f9e4fde4b9f025aa7c8e102dbfebfc7 | Triage

Analysis

max time kernel
1610039s
max time network
32s
platform
android_x64
resource
android-x64
submitted
19/08/2021, 19:48

Sharing

Report Analysis Logs

General

Target

75140_Video_Oynatıcı.apk
Size

3.3MB
MD5

eaaa603ceed4c9a3d707b552b6a895a3
SHA1

7e0ddc97f948d5aee4042a62d82b89131a063f02
SHA256

4ee193d7a93bbf1d0ae9ea86d775eee37f9e4fde4b9f025aa7c8e102dbfebfc7
SHA512

c57fd3b3d9f578020ee045fd64f41085380630af1087a59391f372db2f1c11594e093d472ede474de6722150db25872f475afe8120b6d77d55e80b11d24d307f

Score

10^/10

hydra banker infostealer obfuscation trojan

Malware Config

Extracted

Family

hydra

C2

http://jannatedge58.xyz

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.tpxrxuuy.fitfqgd/code_cache/secondary-dexes/base.apk.classes1.zip	3607	com.tpxrxuuy.fitfqgd

Uses reflection 3 IoCs

description	pid	Process
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	3607	com.tpxrxuuy.fitfqgd
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3607	com.tpxrxuuy.fitfqgd
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3607	com.tpxrxuuy.fitfqgd

com.tpxrxuuy.fitfqgd
1⤵
- Loads dropped Dex/Jar
- Uses reflection
PID:3607

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads