hydra | b16b3243bc9a93df147b1a8e08e94800282a7eadf76269424ee890241e842401 | Triage

Analysis

max time kernel
1699914s
max time network
31s
platform
android_x64
resource
android-x64
submitted
20-08-2021 20:46

Sharing

Report Analysis Logs

General

Target

01549_Video_Oynatıcı.apk
Size

3.3MB
MD5

8bf2f3ac90a9c00855cbbdff2c3a0f28
SHA1

ae11797c3d9fa9d5b4d9b9fd74fda79e557ea82a
SHA256

b16b3243bc9a93df147b1a8e08e94800282a7eadf76269424ee890241e842401
SHA512

acec0ef3b57a9bdc2b61259384ad6462c0f280ea10f8bd5f413d10b0a62b746933f886c94a7ff18a45b634f1a061c9ad68dedbedc792ad008d876bfc928db3c8

Score

10^/10

hydra banker infostealer obfuscation trojan

Malware Config

Extracted

Family

hydra

C2

http://jannatedge58.xyz

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.wlfuzvxs.ojrcbuf/code_cache/secondary-dexes/base.apk.classes1.zip	3605	com.wlfuzvxs.ojrcbuf

Uses reflection 3 IoCs

description	pid	Process
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	3605	com.wlfuzvxs.ojrcbuf
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3605	com.wlfuzvxs.ojrcbuf
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3605	com.wlfuzvxs.ojrcbuf

com.wlfuzvxs.ojrcbuf
1⤵
- Loads dropped Dex/Jar
- Uses reflection
PID:3605

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads