hydra | 6247d0dc4f7a148ad7487371afad0ee51fbfe6e8f046d59125b50d480f92d0e3 | Triage

Analysis

max time kernel
1268642s
max time network
158s
platform
android_x64
resource
android-x64-arm64
submitted
12-01-2022 00:08

Sharing

Report Analysis Logs

General

Target

f0a3690fe48a9e25894c30784882cb5b.apk
Size

6.9MB
MD5

f0a3690fe48a9e25894c30784882cb5b
SHA1

35f629e6f804c547067f1eda9bb0c50efce0c4e6
SHA256

6247d0dc4f7a148ad7487371afad0ee51fbfe6e8f046d59125b50d480f92d0e3
SHA512

56aad4488d17b7c31623fc4b49227c813c17de0545d727fc973c45a5e498c187b64bcd6964f9a37f207c3c548f110efd4de621cecd05a73706f542d715d60e93

Score

10^/10

hydra banker infostealer trojan

Malware Config

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Makes use of the framework's Accessibility service. 1 IoCs

Processes:

com.ptnlmklv.xiegvjf

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.ptnlmklv.xiegvjf

Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

com.ptnlmklv.xiegvjf

ioc pid process

/data/user/0/com.ptnlmklv.xiegvjf/ewhhg9iuF6/kjwHyyfafeijdyf/base.apk.quqpTff1.i8j 6284 com.ptnlmklv.xiegvjf

com.ptnlmklv.xiegvjf
1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
PID:6284
- com.ptnlmklv.xiegvjf
  2⤵
  PID:6575

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.ptnlmklv.xiegvjf/ewhhg9iuF6/kjwHyyfafeijdyf/base.apk.quqpTff1.i8j

MD5
8aced0cba9ef34ec372aa0334a5a4ec2

SHA1
1c0f2ba8a8ff457960dfc64e3fea4465a1f431c9

SHA256
0daaa5c0584641244d14aeb9756a47ae07b1b845f1e8241cd49c250fd666d7b0

SHA512
89984ea89b990aa2ceafd8e71193a8091592767d3731a86636892ef230be6f6662d6aaf22451177a440bfd29335feb885838d3f160486824a1dd8f722008dff5

Download Submit