hydra | 1a6c8a2854417027d380f9b3572c5e8ec655493fcedc7a95467a80177f6d26c8 | Triage

Analysis

max time kernel
2031834s
max time network
46s
platform
android_x64
resource
android-x64
submitted
24-08-2021 16:58

Sharing

Report Analysis Logs

General

Target

68930_Video_Oynatıcı.apk
Size

3.2MB
MD5

7e8a7091147d1514a6826b66d2aea081
SHA1

0807fefad7a37c75da6bffc7fa047b7ce09feb79
SHA256

1a6c8a2854417027d380f9b3572c5e8ec655493fcedc7a95467a80177f6d26c8
SHA512

79cdf6773fd87242d693af0a9225b8c53fa06d1175293ebda263729ebbc7a6aefc17b2d8400fbf05760156bfc33c58ecc6c7993f8476229200ddd15d2d23a715

Score

10^/10

hydra banker infostealer obfuscation trojan

Malware Config

Extracted

Family

hydra

C2

http://maddisonmill35.xyz

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.dsvjvnks.bndixhl/code_cache/secondary-dexes/base.apk.classes1.zip	3648	com.dsvjvnks.bndixhl

Uses reflection 3 IoCs

description	pid	Process
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	3648	com.dsvjvnks.bndixhl
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3648	com.dsvjvnks.bndixhl
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3648	com.dsvjvnks.bndixhl

com.dsvjvnks.bndixhl
1⤵
- Loads dropped Dex/Jar
- Uses reflection
PID:3648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads