hydra | d0775b35bb8cb849d1049e9cea3d990f97bf09e908d19c93ba6ce0c184bfa668 | Triage

Analysis

max time kernel
2311439s
max time network
42s
platform
android_x64
resource
android-x64
submitted
16-10-2021 15:40

Sharing

Report Analysis Logs

General

Target

sample.apk
Size

3.3MB
MD5

22c6380abe1a2ff9b7d6f6d4baf252e2
SHA1

4226fb895d2ea02c462a6aa4965991ef08a5412f
SHA256

d0775b35bb8cb849d1049e9cea3d990f97bf09e908d19c93ba6ce0c184bfa668
SHA512

c873ac10d58390d919ff4b6ffbb216e7f8dc4cdaeb859b91f4a4d58871a63a1b831b4b0da3ac85f92882a7fe8f6231b4a9545d83e65fc17dfbf9175c8be3d73a

Score

10^/10

hydra banker infostealer obfuscation trojan

Malware Config

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.cwnjcjeo.qhmvgio/code_cache/secondary-dexes/base.apk.classes1.zip	3603	com.cwnjcjeo.qhmvgio

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.cwnjcjeo.qhmvgio

Uses reflection 3 IoCs

description	pid	Process
Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE	3603	com.cwnjcjeo.qhmvgio
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3603	com.cwnjcjeo.qhmvgio
Acesses field javax.security.auth.x500.X500Principal.thisX500Name	3603	com.cwnjcjeo.qhmvgio

com.cwnjcjeo.qhmvgio
1⤵
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Uses reflection
PID:3603

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads