hydra | 83380ae57698d2b13e0773969c68e2ea32d02ff1955be0f865cfaace62cf1917 | Triage

Analysis

max time kernel
2594546s
max time network
185s
platform
android_x64
resource
android-x64-arm64
submitted
27-01-2022 08:27

Sharing

Report Analysis Logs

General

Target

bawag-psk.apk
Size

6.9MB
MD5

09c03c318ab6a1b5f201f81480de022f
SHA1

01b01d29b8b62e8152438740f8956c8a0ab730a4
SHA256

83380ae57698d2b13e0773969c68e2ea32d02ff1955be0f865cfaace62cf1917
SHA512

52ae7f63a3b91fc681f77aad31e2cde23c916394c77c354c0913ec32415847887dad8e16069a6d1036aa3c678e23922cef2d76ef6feb10b70458af6534827ce9

Score

10^/10

hydra banker infostealer trojan

Malware Config

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Makes use of the framework's Accessibility service. 1 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.rhwnanvo.prupgwg

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.rhwnanvo.prupgwg/yyitdFkqjU/Tojg7gIyjfFf7ke/base.apk.w8jqGoI1.gu8	6286	com.rhwnanvo.prupgwg

com.rhwnanvo.prupgwg
1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
PID:6286
- com.rhwnanvo.prupgwg
  2⤵
  PID:6533

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads