hydra | 83380ae57698d2b13e0773969c68e2ea32d02ff1955be0f865cfaace62cf1917 | Triage

Analysis

max time kernel
2594546s
max time network
185s
platform
android_x64
resource
android-x64-arm64
submitted
27-01-2022 08:27

Sharing

Report Analysis Logs

General

Target

bawag-psk.apk
Size

6.9MB
MD5

09c03c318ab6a1b5f201f81480de022f
SHA1

01b01d29b8b62e8152438740f8956c8a0ab730a4
SHA256

83380ae57698d2b13e0773969c68e2ea32d02ff1955be0f865cfaace62cf1917
SHA512

52ae7f63a3b91fc681f77aad31e2cde23c916394c77c354c0913ec32415847887dad8e16069a6d1036aa3c678e23922cef2d76ef6feb10b70458af6534827ce9

Score

10^/10

hydra banker infostealer trojan

Malware Config

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Makes use of the framework's Accessibility service. 1 IoCs

Processes:

com.rhwnanvo.prupgwg

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.rhwnanvo.prupgwg

Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

com.rhwnanvo.prupgwg

ioc pid process

/data/user/0/com.rhwnanvo.prupgwg/yyitdFkqjU/Tojg7gIyjfFf7ke/base.apk.w8jqGoI1.gu8 6286 com.rhwnanvo.prupgwg

com.rhwnanvo.prupgwg
1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
PID:6286
- com.rhwnanvo.prupgwg
  2⤵
  PID:6533

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.rhwnanvo.prupgwg/yyitdFkqjU/Tojg7gIyjfFf7ke/base.apk.w8jqGoI1.gu8

MD5
cc32b7410f7250c0f9afeed4a489a427

SHA1
811455f73cc9aa0c4a1cbafc94d936001297a623

SHA256
8c59a4d341dd808acb09ec04793a6b37b0e516e9c19bc592df67d159829a9eab

SHA512
0f9e2498f656485f87d074379080c7146b2cae87d8bd313d18a279557a2234e6e63e5d2ff8019d52f186dbb15fb3405da0aa6e39d26954c7bcd091bac5d1f3b8

Download Submit