hydra | d6709aa4b5a1f255b36df1ae342b43a5eea637d1c5ee322bbca233030e93672e | Triage

Sharing

General

Target

mvTX2ACA_Google_Chrome_-_aHR0cDovL2xvYWJ4d3g1emJoZmFjZ3gzbHNrd2RzcTdqZHUyNXZta2RydHBuaTJrNnVzZGVhb2NlYzRndXFkLm9uaW9uL2FwaS9taXJyb3Jz_obf.apk
Size

3.7MB
Sample

220408-n62ajahffr
MD5

1d864a8f11e7919cbc8d0927afa6a7fd
SHA1

67288271c7daca377faadc68322d6888fe51c0bb
SHA256

d6709aa4b5a1f255b36df1ae342b43a5eea637d1c5ee322bbca233030e93672e
SHA512

4a3e209d10cd7a5c38876ae07f10f87dcbfddcce0877e9ca589d4ca2e4606d382498a83af04d4bdc6428e2c3d91b8d7761c3c37e14c120a3b5f4af5dfe649eb3

Score

10^/10

hydra android banker infostealer trojan

Malware Config

Targets

- Target
  
  mvTX2ACA_Google_Chrome_-_aHR0cDovL2xvYWJ4d3g1emJoZmFjZ3gzbHNrd2RzcTdqZHUyNXZta2RydHBuaTJrNnVzZGVhb2NlYzRndXFkLm9uaW9uL2FwaS9taXJyb3Jz_obf.apk
- Size
  
  3.7MB
- MD5
  
  1d864a8f11e7919cbc8d0927afa6a7fd
- SHA1
  
  67288271c7daca377faadc68322d6888fe51c0bb
- SHA256
  
  d6709aa4b5a1f255b36df1ae342b43a5eea637d1c5ee322bbca233030e93672e
- SHA512
  
  4a3e209d10cd7a5c38876ae07f10f87dcbfddcce0877e9ca589d4ca2e4606d382498a83af04d4bdc6428e2c3d91b8d7761c3c37e14c120a3b5f4af5dfe649eb3
Score

10^/10

hydra banker infostealer trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Hydra Payload
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Legitimate hosting services abused for malware hosting/C2
- Reads information about phone network operator.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

hydrabankerinfostealertrojan

behavioral2

hydrabankerinfostealertrojan

behavioral3

hydrabankerinfostealertrojan