hydra | 182252ae86aae33b4b13b824357bc02218e94ae8daaadb69b85101c08e74773b | Triage

Analysis

max time kernel
2031835s
max time network
136s
platform
android_x64
resource
android-x64-arm64
submitted
24/08/2021, 16:58

Sharing

Report Analysis Logs

General

Target

85106_Video_Oynatıcı.apk
Size

3.2MB
MD5

a69b063e1e864e17a29a9d28b3e41531
SHA1

67aeb5e5033516434d2c111e35104130d834953e
SHA256

182252ae86aae33b4b13b824357bc02218e94ae8daaadb69b85101c08e74773b
SHA512

7d14318dbd9f5ad3ebe35e51e83f223b4455cdd379847c7f9dcf4a3045bb420fb41cbe67f51a111ce27e33af362a0a07603804d37356977f4e9c3cf4716f42c2

Score

10^/10

hydra banker infostealer obfuscation trojan

Malware Config

Extracted

Family

hydra

C2

http://maddisonmill35.xyz

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.uqmzacie.uodnfwy/code_cache/secondary-dexes/base.apk.classes1.zip	4509	com.uqmzacie.uodnfwy

Uses reflection 3 IoCs

description	pid	Process
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	4509	com.uqmzacie.uodnfwy
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4509	com.uqmzacie.uodnfwy
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4509	com.uqmzacie.uodnfwy

com.uqmzacie.uodnfwy
1⤵
- Loads dropped Dex/Jar
- Uses reflection
PID:4509

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads