hydra | 8ac2f7d8800e976d63c53aa48e83dcb06b0945ea33da1ba5aa4e0925ba39a3c3 | Triage

Analysis

max time kernel
2089353s
max time network
175s
platform
android_x64
resource
android-x64-arm64
submitted
21-01-2022 12:01

Sharing

Report Analysis Logs

General

Target

8ac2f7d8800e976d63c53aa48e83dcb06b0945ea33da1ba5aa4e0925ba39a3c3.apk
Size

3.3MB
MD5

d5be67c5db0f576f4a49c80a7bf8d44b
SHA1

d6a31d3318aecddfb044c1c615b61ae4a0221327
SHA256

8ac2f7d8800e976d63c53aa48e83dcb06b0945ea33da1ba5aa4e0925ba39a3c3
SHA512

79167f3eaa361ac5969988cb308ac73082249375d91688f8ea13abd739922f96178bbdc829c0d5f4df8e2e7d4d27ffae9ee65fb1090bf5b3ff7a3fd27b15ab66

Score

10^/10

hydra banker infostealer trojan

Malware Config

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Hydra Payload 1 IoCs

Processes:

resource	yara_rule
/data/user/0/com.agree.describe/app_DynamicOptDex/IQ.json	family_hydra

Makes use of the framework's Accessibility service. 1 IoCs

Processes:

com.agree.describe

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.agree.describe

Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

com.agree.describe

ioc pid process

/data/user/0/com.agree.describe/app_DynamicOptDex/IQ.json 6032 com.agree.describe

com.agree.describe
1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
PID:6032
- com.agree.describe
  2⤵
  PID:6306
- com.agree.describe
  2⤵
  PID:6445

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.agree.describe/app_DynamicOptDex/IQ.json

MD5
a5da295f4346e92139f7558752e3daa8

SHA1
0b0c227d582fd86e037bfb92c13aeefd404cac93

SHA256
ec496edf9dc3fb3f2ea5d7a23d088e799e26d19c9b2cc7473f0c3c6720955076

SHA512
1e1b6266ef42f983a20934498a37ae1ba787f4a3c350e7f8dcac534f1eb63b0912ac478ca05f63ae8d3bc0cd522034049714c41e5474adbbe160b91e471d3962

Download Submit