hydra | 1cd704ca2729a62bfab839ffdc5fd1c19de0bc15fb961da305c7ae1ccbe8e1c7 | Triage

Analysis

max time kernel
2014812s
platform
android_x86
resource
android-x86-arm
submitted
24-08-2021 12:14

Sharing

Report Analysis Logs

General

Target

18562_Video_Oynatıcı.apk
Size

3.2MB
MD5

1a1c0beae19827530fe6e3fea729845a
SHA1

0accfe19ad55130c45063cd0cdadbe9cb002437f
SHA256

1cd704ca2729a62bfab839ffdc5fd1c19de0bc15fb961da305c7ae1ccbe8e1c7
SHA512

f6a89dd955d3f780883ab3a65be97859d1a6157465904d94e01ec6976a456037c1f92ce0a3feb6ebf434f398d28359765ac9fa1f47bf800b5933434a9ba2328d

Score

10^/10

hydra banker infostealer obfuscation trojan

Malware Config

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.kxgosnpq.wxwdgdb/code_cache/secondary-dexes/base.apk.classes1.zip	5078	/system/bin/dex2oat
/data/user/0/com.kxgosnpq.wxwdgdb/code_cache/secondary-dexes/base.apk.classes1.zip	5050	com.kxgosnpq.wxwdgdb

Uses reflection 1 IoCs

description	pid	Process
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	5050	com.kxgosnpq.wxwdgdb

com.kxgosnpq.wxwdgdb
1⤵
- Loads dropped Dex/Jar
- Uses reflection
PID:5050
- com.kxgosnpq.wxwdgdb
  2⤵
  PID:5078
- /system/bin/dex2oat
  2⤵
  - Loads dropped Dex/Jar
  PID:5078

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads