hydra | f46f1cfa313cdfacd0bb26a070d16f866d2f88c5e62da386966a921556024a48 | Triage

Analysis

max time kernel
2107983s
max time network
68s
platform
android_x86
resource
android-x86-arm
submitted
21/01/2022, 17:17

Sharing

Report Analysis Logs

General

Target

coba.apk
Size

7.6MB
MD5

3c34283a5d814f161cb9478decfbcf24
SHA1

071268de04cb1247c53ee24b3c7f1ddf4c8531cc
SHA256

f46f1cfa313cdfacd0bb26a070d16f866d2f88c5e62da386966a921556024a48
SHA512

5877ed100597cf92319d0268467ad283f44d2d408b3a8a4de8a8bd2c722a5cda4c0b0a0fd24fc9b7be2995018606116e440dcebd42c0f5044f8ddc2b0dd85def

Score

10^/10

hydra banker infostealer trojan

Malware Config

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.dzaslbss.pslfahl/fagGIuygyg/hgT898ytffIygug/base.apk.UkGgHkh1.Gff	5123	/system/bin/dex2oat
/data/user/0/com.dzaslbss.pslfahl/fagGIuygyg/hgT898ytffIygug/base.apk.UkGgHkh1.Gff	5027	com.dzaslbss.pslfahl

Reads information about phone network operator.

com.dzaslbss.pslfahl
1⤵
- Loads dropped Dex/Jar
PID:5027
- com.dzaslbss.pslfahl
  2⤵
  PID:5123
- /system/bin/dex2oat
  2⤵
  - Loads dropped Dex/Jar
  PID:5123
- com.dzaslbss.pslfahl
  2⤵
  PID:5554
- toolbox
  2⤵
  PID:5554
- com.dzaslbss.pslfahl
  2⤵
  PID:5602
- /system/bin/sh
  2⤵
  PID:5602
- /system/bin/ndk_translation_program_runner_binfmt_misc
  2⤵
  PID:5602
- com.dzaslbss.pslfahl
  2⤵
  PID:5684
- /system/bin/sh
  2⤵
  PID:5684
- /system/bin/ndk_translation_program_runner_binfmt_misc
  2⤵
  PID:5684
- - /system/bin/ndk_translation_program_runner_binfmt_misc
    3⤵
    PID:5740

/system/bin/ndk_translation_program_runner_binfmt_misc
1⤵
PID:5756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads