hydra | 45598745a90bac7335e21583bb5ee09e72a5beb47ab1d45f0ba3fdd0ddf2868b | Triage

Analysis

max time kernel
2115002s
max time network
126s
platform
android_x64
resource
android-x64-arm64
submitted
25-08-2021 16:04

Sharing

Report Analysis Logs

General

Target

19756_Video_Oynatıcı.apk
Size

3.2MB
MD5

804a18c229614c92d0be806056ff8fe6
SHA1

c91f728bed9faa15223744e3e8bb859d9c6f624a
SHA256

45598745a90bac7335e21583bb5ee09e72a5beb47ab1d45f0ba3fdd0ddf2868b
SHA512

d4f6d44b9068216606a823e8f210b490d2045c95e40118fbe50fb347089d04694824c516a940ea0420f8f7c936c9d6bc35c4b7a56a2f33055031f32e800e1737

Score

10^/10

hydra banker infostealer obfuscation trojan

Malware Config

Extracted

Family

hydra

C2

http://rodrigoireland2.xyz

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.klfcspao.mqiahbd/code_cache/secondary-dexes/base.apk.classes1.zip	4593	com.klfcspao.mqiahbd

Uses reflection 3 IoCs

description	pid	Process
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	4593	com.klfcspao.mqiahbd
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4593	com.klfcspao.mqiahbd
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	4593	com.klfcspao.mqiahbd

com.klfcspao.mqiahbd
1⤵
- Loads dropped Dex/Jar
- Uses reflection
PID:4593

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads