hydra | f46f1cfa313cdfacd0bb26a070d16f866d2f88c5e62da386966a921556024a48 | Triage

Analysis

max time kernel
2107942s
max time network
174s
platform
android_x64
resource
android-x64-arm64
submitted
21-01-2022 17:17

Sharing

Report Analysis Logs

General

Target

coba.apk
Size

7.6MB
MD5

3c34283a5d814f161cb9478decfbcf24
SHA1

071268de04cb1247c53ee24b3c7f1ddf4c8531cc
SHA256

f46f1cfa313cdfacd0bb26a070d16f866d2f88c5e62da386966a921556024a48
SHA512

5877ed100597cf92319d0268467ad283f44d2d408b3a8a4de8a8bd2c722a5cda4c0b0a0fd24fc9b7be2995018606116e440dcebd42c0f5044f8ddc2b0dd85def

Score

10^/10

hydra banker infostealer trojan

Malware Config

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Makes use of the framework's Accessibility service. 1 IoCs

Processes:

com.dzaslbss.pslfahl

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.dzaslbss.pslfahl

Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

com.dzaslbss.pslfahl

ioc pid process

/data/user/0/com.dzaslbss.pslfahl/fagGIuygyg/hgT898ytffIygug/base.apk.UkGgHkh1.Gff 6313 com.dzaslbss.pslfahl

com.dzaslbss.pslfahl
1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
PID:6313
- com.dzaslbss.pslfahl
  2⤵
  PID:6642

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.dzaslbss.pslfahl/fagGIuygyg/hgT898ytffIygug/base.apk.UkGgHkh1.Gff

MD5
4574bc1a915418d5fc3507b80d28066d

SHA1
c668042653df25a5827a3989449d28e0541c5bfc

SHA256
b662d9b02eb5a70ca6408875a532b27541a521a721c490529b013d90ebcd8a18

SHA512
ed032f08f1246f306fd338eaa622e3d284f83f7eab6d3b956fa2d53ce059dc4c0eb41f9d5a8e26ef1ce9324c33dde4a334e52282cda0e96deda60faa098a36bd

Download Submit