hydra | befa3bb2e619cc2116e883787b3e0e9824c2827ca1c0d1a096c073acf39a6817

Analysis

max time kernel
605916s
max time network
186s
platform
android_x64
resource
android-x64-20220310-en
submitted
02-06-2022 11:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GoogleChrome5.31.1.apk
Size

3.1MB
MD5

029ff646eec48591309652a724c836fc
SHA1

7cfbe7b28f797d6bef7c0cb50e7c98ca13f49bdc
SHA256

befa3bb2e619cc2116e883787b3e0e9824c2827ca1c0d1a096c073acf39a6817
SHA512

00e7f6c86a39e5821f3875509aa8afc65dc55e16ee45647800073c844d229e619c397956b93bfb746d329fcd26faacf1ec60360a6afffcd6fc35c31c1e4bb3c1

Score

10^/10

hydra banker infostealer trojan

Malware Config

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Hydra Payload 1 IoCs

resource	yara_rule
behavioral2/memory/6110-0.dex	family_hydra

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.leader.result/app_DynamicOptDex/IbMBJ.json	6110	com.leader.result

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Reads information about phone network operator.

com.leader.result
1⤵
- Loads dropped Dex/Jar
PID:6110
- toolbox ps
  2⤵
  PID:6434
- /system/bin/sh -c /data/data/com.leader.result/files/tor_source/tor.so DataDirectory /data/data/com.leader.result/app_data --defaults-torrc /data/data/com.leader.result/files/tor_source/torrc -f /data/data/com.leader.result/files/tor_source/torrc.custom --verify-config
  2⤵
  PID:6498

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.leader.result/app_DynamicOptDex/IbMBJ.json

Filesize
1.9MB

MD5
0f5b374fe1ecb9dfa301d399c9a00a2d

SHA1
0c98598d495f6296c546d1fb938f88eefad39575

SHA256
53988117461ad1f8dc3da8d01b4ec71edaf91db631a5804cd6bba31819d431c1

SHA512
64b26d8d70072336dfae15cc3c14aa6174ab2238024b0ee8094f603260e5e9cfe195a52d676e17a4d1d9351e35de69ea9ada45f23f933f0d99f9cf3d5f4ab6ac

Download Submit
/data/user/0/com.leader.result/app_DynamicOptDex/IbMBJ.json

Filesize
5.0MB

MD5
53235896722b343b085c7e3c6b5bd305

SHA1
0c2438a0a9577242d961cae06df2825d4afeb695

SHA256
453a1e0a20fb639df865d12f3eea7250c414864b95754ed6b4e43ead36ddea41

SHA512
300b6f6a32f44f140bb92d9f96f3102f359cf40adcda303752ae53e512f2ff254ecdfe86423d0c7985246ab0c6132ce59f09cd84e15efb5d707baee36879e24b

Download Submit
/data/user/0/com.leader.result/files/tor_source/bridges.txt

Filesize
422B

MD5
d677c5f4f107f72272e4313a23372507

SHA1
41400d3e8b23e61de2f7078005c87852b7b5ed4a

SHA256
924b9034d71e7a7cb105c1fc9731b0ae25690db2f4fc50fb3e1e0fb3db9c2e54

SHA512
d36168a2eaf2167002d99500ba906bd7fb6cbdbcf14a2d257dabfdd8c271783ed95e827dcd96571813e4d67f5a78cc9e70598c7b6257af9127f110ef13d9f14a

Download Submit
/data/user/0/com.leader.result/files/tor_source/geoip

Filesize
3.9MB

MD5
9893523429f07b4ddc82e4133ff6603d

SHA1
ff83ad73de7672c77edf8888f4b241642c7c90f7

SHA256
d79a14e1b685ec9cfb3e9a489b9650e4092eccc468c9eef4222765857e83d96e

SHA512
2346a2d1616894b350fdcc6833f33a16bc031809ce80160f35af78b05a9c867d722979cdb3725c5bcddaa54518c58d88b0320a20da5f752a03c2c4758b84126a

Download Submit
/data/user/0/com.leader.result/files/tor_source/geoip6

Filesize
2.2MB

MD5
3a6750bc0ab780292491c6a2b2bdc2e8

SHA1
b1cdbfeb7c88f82ef3b5289cafeed1321fa4693f

SHA256
26e2b88c992873131ba6422d6eb8f6ced94add2f5abfdbe3dcca4cbd79861d67

SHA512
f7a1c555b8fdea9a132367d2c0d6396c0045bf13375a3b64b686f7ea34b8ed6868d9253ca1902fbd2538994482f363045be771596d3a2c0a6a017b03903b36c7

Download Submit
/data/user/0/com.leader.result/files/tor_source/obfs4proxy.so

Filesize
6.7MB

MD5
8f75c0f064ae808474d98334419374b2

SHA1
2541a68db820e825e40f8955baf9148113afbc49

SHA256
60c73335d1aca9219ec0c355e201d46160549b47534f1074751d4f0dc0f2d506

SHA512
41439bf307f77343e123aedf83bed1ad2d77faaeecdd9daa2c447d1a2b8e6bb44aca861a950161a0298f7150c37480e5d22126a466025de8f10c9d083e96e58f

Download Submit
/data/user/0/com.leader.result/files/tor_source/tor.so

Filesize
6.9MB

MD5
5183e07a25ec7654bbd9405b5f1a4c75

SHA1
25057eeb42ff82668cd49b9e1bcfc39b2229955d

SHA256
4119996e6e2c6a57ad245c40368732972eeaf40bc9e2c22c396d69afeb4bea15

SHA512
a1bbd42ff89c21025404185e28ffea01906860b41ae6bb6e5d725ef28b8131e9501da7798ff0807f300cf018132e06c176332c1aa31939676bdf0cc08a3f1194

Download Submit
/data/user/0/com.leader.result/files/tor_source/torrc

Filesize
123B

MD5
882a5c7bb55ad342d352770ad1a04c90

SHA1
b048a9cf4926febbed82f2804207bd7576a8e8e0

SHA256
caa24da47c90ed4a260ee260ecd1dab3f8937688e82ae0a3705703b38da43278

SHA512
9f3863f873fdb5625d251d0bd1cdd52f683844ead8e458571e21af4f65c947c2da0cdb3036ca4e1d9d7ca4cccbb097aaea1e253604b99a3965d4a2c4f04f97ec

Download Submit
/data/user/0/com.leader.result/files/tor_source/torrc.custom

Filesize
409B

MD5
e24383312459b6aadaa86b9857d5cabc

SHA1
b348f76daa8a592cd7cdaf69c0d8121cce2e0a82

SHA256
920f1a087f7ea23f39f91ac9c9c3dcb731d0e8ba42c95a2fafb9ec52d0689db7

SHA512
5c91e0f183c8d80fcfebd98d8bcae92de4cca375f734f434d09e2fc5958f3226cc2a498392d0f02fa189e98f3965383cc4153ed77c608771bfcc20f8d60004e7

Download Submit