hydra | e51f32dbe18d52eafe2ac65f77f84450fd279fecd0278b0df95ce654017dddd2 | Triage

Analysis

max time kernel
2178811s
platform
android_x86
resource
android-x86-arm
submitted
15-10-2021 02:50

Sharing

Report Analysis Logs

General

Target

81295_Video_Oynatıcı.apk
Size

7.3MB
MD5

17fe5d41d3ddc9ae0fd5a50ddefefb58
SHA1

c953103f0d0464e5c6f4d904daf0acd07fd9e086
SHA256

e51f32dbe18d52eafe2ac65f77f84450fd279fecd0278b0df95ce654017dddd2
SHA512

020de77f4e91bdaebe0dba0c87164177fc5bd7d971d30f9ec676b036e0343b1f97c5754d3fc02653ea86833273f266ef46c7d4082be0d2e9e05b75d61826a5a2

Score

10^/10

hydra banker infostealer trojan

Malware Config

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.xbhrdcwb.esptzye/wckocyniva/juhaogkx8ytfgbt/base.apk.jlgjkmy1.ppk	5012	/system/bin/dex2oat
/data/user/0/com.xbhrdcwb.esptzye/wckocyniva/juhaogkx8ytfgbt/base.apk.jlgjkmy1.ppk	4984	com.xbhrdcwb.esptzye

Reads name of network operator 1 IoCs

Uses Android APIs to discover system information.

description	ioc	Process
Framework API call	android.telephony.TelephonyManager.getNetworkOperatorName	com.xbhrdcwb.esptzye

com.xbhrdcwb.esptzye
1⤵
- Loads dropped Dex/Jar
- Reads name of network operator
PID:4984
- com.xbhrdcwb.esptzye
  2⤵
  PID:5012
- /system/bin/dex2oat
  2⤵
  - Loads dropped Dex/Jar
  PID:5012
- com.xbhrdcwb.esptzye
  2⤵
  PID:5145

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads