hydra | fc2e4bb692325fc6c3919b3961eb74ae0852c80ff2f02d2438bc45ca9d8be0fa | Triage

Analysis

max time kernel
2031838s
max time network
145s
platform
android_x64
resource
android-x64-arm64
submitted
24-08-2021 16:58

Sharing

Report Analysis Logs

General

Target

69437_Video_Oynatıcı.apk
Size

3.2MB
MD5

f5beab46dd72473a4d1cf3339ef6aecd
SHA1

0c4f9b6957c583b554b2ec595eb0158b3a3ed13e
SHA256

fc2e4bb692325fc6c3919b3961eb74ae0852c80ff2f02d2438bc45ca9d8be0fa
SHA512

938e9f123531e081f93515920664f8fda645746fc3548fef72f9a4b8133da66735cd9ed6dab55b9aa8b2548f105730793c2f819a113cfa59facc4f7a3d69bd17

Score

10^/10

hydra banker infostealer obfuscation trojan

Malware Config

Extracted

Family

hydra

C2

http://maddisonmill35.xyz

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.mrujdeez.adisarj/code_cache/secondary-dexes/base.apk.classes1.zip	4224	com.mrujdeez.adisarj

Uses reflection 3 IoCs

description	pid	Process
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	4224	com.mrujdeez.adisarj
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4224	com.mrujdeez.adisarj
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4224	com.mrujdeez.adisarj

com.mrujdeez.adisarj
1⤵
- Loads dropped Dex/Jar
- Uses reflection
PID:4224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads