hydra | 5ccc7291adb2a897dd3d0d273fb79bbfa98877ee8553b919813672f8cb02f893 | Triage

Analysis

max time kernel
26327s
max time network
142s
platform
android_x64
resource
android-x64-arm64
submitted
16-02-2022 08:04

Sharing

Report Analysis Logs

General

Target

psk.apk
Size

6.2MB
MD5

24f7fd773edcd9fd9440414921a13583
SHA1

f1e9f0c83ee704d66ae6b263f96c918d82ea5a6e
SHA256

5ccc7291adb2a897dd3d0d273fb79bbfa98877ee8553b919813672f8cb02f893
SHA512

b197fc66f077e1b2c3d192cf5891f7daa2f20e5846cbecd8598b3fdf0b82814b18dcbf0d8baf5606a7d0f54bde2169be15e5c36a0b18f6a258d3b6a5cec0f7b7

Score

10^/10

hydra banker infostealer trojan

Malware Config

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Makes use of the framework's Accessibility service. 1 IoCs

Processes:

com.zmmiwukx.gtpxqut

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.zmmiwukx.gtpxqut

Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

com.zmmiwukx.gtpxqut

ioc pid process

/data/user/0/com.zmmiwukx.gtpxqut/fGj88II9af/je9iIIfIIfTogfg/base.apk.i8UToII1.fGU 5629 com.zmmiwukx.gtpxqut

com.zmmiwukx.gtpxqut
1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
PID:5629

com.zmmiwukx.gtpxqut
2⤵
PID:6144

com.zmmiwukx.gtpxqut
2⤵
PID:6329

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.zmmiwukx.gtpxqut/fGj88II9af/je9iIIfIIfTogfg/base.apk.i8UToII1.fGU
MD5
4d9927457b7cca7b3211a05faf140400

SHA1
6317feb16e912d3972dbcd0b0f582ef47e130e80

SHA256
0d4084dec89be56748478048ef2735821048826da510f9e2fc44f528f992904a

SHA512
768507c2988c38cb4b3c3302fb6d89fb633ba46e258cd8ee18c7bec1b4c1efa7c38a663a33ff0eb14d677008cc141dfab04abbaaecfef02ea5b318de6371fc49

Download Submit