hydra | 1d03e9b69f64f8f4be3559a3e3f3b3ff04426d18c48adb213960da8c5f98b741 | Triage

Analysis

max time kernel
1271109s
platform
android_x86
resource
android-x86-arm
submitted
04-10-2021 14:41

Sharing

Report Analysis Logs

General

Target

1d03e9b69f64f8f4be3559a3e3f3b3ff04426d18c48adb213960da8c5f98b741.apk
Size

5.4MB
MD5

7ff0122bb9ff26c4547b00fb21859995
SHA1

fa29838cbacb2104da9d85b5cd9be1e660389e75
SHA256

1d03e9b69f64f8f4be3559a3e3f3b3ff04426d18c48adb213960da8c5f98b741
SHA512

aa70fc0edfa3d38e48a44bd9075d9893a8d5a71cdd9dca61abeb97cdeccbc68e408a95844b941795fab18b327f07dce34f9ec3334bc126041096fdc8b63f8c01

Score

10^/10

hydra banker infostealer obfuscation trojan

Malware Config

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Hydra Payload 1 IoCs

resource	yara_rule
behavioral1/files/5033-2.dat	family_hydra

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/soon.dirt.into/app_DynamicOptDex/lkA.json	5033	soon.dirt.into
/data/user/0/soon.dirt.into/app_DynamicOptDex/lkA.json	5062	/system/bin/dex2oat
/data/user/0/soon.dirt.into/app_DynamicOptDex/lkA.json	5033	soon.dirt.into

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	soon.dirt.into

Uses reflection 1 IoCs

description	pid	Process
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	5033	soon.dirt.into

soon.dirt.into
1⤵
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Uses reflection
PID:5033
- soon.dirt.into
  2⤵
  PID:5062
- /system/bin/dex2oat
  2⤵
  - Loads dropped Dex/Jar
  PID:5062

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads