hydra | befa3bb2e619cc2116e883787b3e0e9824c2827ca1c0d1a096c073acf39a6817

Analysis

max time kernel
605916s
max time network
186s
platform
android_x64
resource
android-x64-20220310-en
submitted
02-06-2022 11:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GoogleChrome5.31.1.apk
Size

3.1MB
MD5

029ff646eec48591309652a724c836fc
SHA1

7cfbe7b28f797d6bef7c0cb50e7c98ca13f49bdc
SHA256

befa3bb2e619cc2116e883787b3e0e9824c2827ca1c0d1a096c073acf39a6817
SHA512

00e7f6c86a39e5821f3875509aa8afc65dc55e16ee45647800073c844d229e619c397956b93bfb746d329fcd26faacf1ec60360a6afffcd6fc35c31c1e4bb3c1

Score

10^/10

hydra banker infostealer trojan

Malware Config

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Hydra Payload 1 IoCs

Processes:

resource	yara_rule
/data/user/0/com.leader.result/app_DynamicOptDex/IbMBJ.json	family_hydra

Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

com.leader.result

ioc pid process

/data/user/0/com.leader.result/app_DynamicOptDex/IbMBJ.json 6110 com.leader.result
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Reads information about phone network operator.

ioc	pid	process
/data/user/0/com.leader.result/app_DynamicOptDex/IbMBJ.json	6110	com.leader.result

com.leader.result
1⤵
- Loads dropped Dex/Jar
PID:6110

toolbox ps
2⤵
PID:6434

/system/bin/sh -c /data/data/com.leader.result/files/tor_source/tor.so DataDirectory /data/data/com.leader.result/app_data --defaults-torrc /data/data/com.leader.result/files/tor_source/torrc -f /data/data/com.leader.result/files/tor_source/torrc.custom --verify-config
2⤵
PID:6498

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.leader.result/app_DynamicOptDex/IbMBJ.json
Filesize
1.9MB

MD5
0f5b374fe1ecb9dfa301d399c9a00a2d

SHA1
0c98598d495f6296c546d1fb938f88eefad39575

SHA256
53988117461ad1f8dc3da8d01b4ec71edaf91db631a5804cd6bba31819d431c1

SHA512
64b26d8d70072336dfae15cc3c14aa6174ab2238024b0ee8094f603260e5e9cfe195a52d676e17a4d1d9351e35de69ea9ada45f23f933f0d99f9cf3d5f4ab6ac

Download Submit
/data/user/0/com.leader.result/app_DynamicOptDex/IbMBJ.json
Filesize
5.0MB

MD5
53235896722b343b085c7e3c6b5bd305

SHA1
0c2438a0a9577242d961cae06df2825d4afeb695

SHA256
453a1e0a20fb639df865d12f3eea7250c414864b95754ed6b4e43ead36ddea41

SHA512
300b6f6a32f44f140bb92d9f96f3102f359cf40adcda303752ae53e512f2ff254ecdfe86423d0c7985246ab0c6132ce59f09cd84e15efb5d707baee36879e24b

Download Submit
/data/user/0/com.leader.result/app_DynamicOptDex/oat/IbMBJ.json.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.leader.result/files/all_tor.zip
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.leader.result/files/all_tor/arm64-v8a/obfs4proxy.so
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.leader.result/files/all_tor/arm64-v8a/tor.so
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.leader.result/files/all_tor/armeabi-v7a/obfs4proxy.so
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.leader.result/files/all_tor/armeabi-v7a/tor.so
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.leader.result/files/all_tor/bridges.txt
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.leader.result/files/all_tor/geoip
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.leader.result/files/all_tor/geoip6
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.leader.result/files/all_tor/torrc
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.leader.result/files/tor_source/bridges.txt
Filesize
422B

MD5
d677c5f4f107f72272e4313a23372507

SHA1
41400d3e8b23e61de2f7078005c87852b7b5ed4a

SHA256
924b9034d71e7a7cb105c1fc9731b0ae25690db2f4fc50fb3e1e0fb3db9c2e54

SHA512
d36168a2eaf2167002d99500ba906bd7fb6cbdbcf14a2d257dabfdd8c271783ed95e827dcd96571813e4d67f5a78cc9e70598c7b6257af9127f110ef13d9f14a

Download Submit
/data/user/0/com.leader.result/files/tor_source/geoip
Filesize
3.9MB

MD5
9893523429f07b4ddc82e4133ff6603d

SHA1
ff83ad73de7672c77edf8888f4b241642c7c90f7

SHA256
d79a14e1b685ec9cfb3e9a489b9650e4092eccc468c9eef4222765857e83d96e

SHA512
2346a2d1616894b350fdcc6833f33a16bc031809ce80160f35af78b05a9c867d722979cdb3725c5bcddaa54518c58d88b0320a20da5f752a03c2c4758b84126a

Download Submit
/data/user/0/com.leader.result/files/tor_source/geoip6
Filesize
2.2MB

MD5
3a6750bc0ab780292491c6a2b2bdc2e8

SHA1
b1cdbfeb7c88f82ef3b5289cafeed1321fa4693f

SHA256
26e2b88c992873131ba6422d6eb8f6ced94add2f5abfdbe3dcca4cbd79861d67

SHA512
f7a1c555b8fdea9a132367d2c0d6396c0045bf13375a3b64b686f7ea34b8ed6868d9253ca1902fbd2538994482f363045be771596d3a2c0a6a017b03903b36c7

Download Submit
/data/user/0/com.leader.result/files/tor_source/obfs4proxy.so
Filesize
6.7MB

MD5
8f75c0f064ae808474d98334419374b2

SHA1
2541a68db820e825e40f8955baf9148113afbc49

SHA256
60c73335d1aca9219ec0c355e201d46160549b47534f1074751d4f0dc0f2d506

SHA512
41439bf307f77343e123aedf83bed1ad2d77faaeecdd9daa2c447d1a2b8e6bb44aca861a950161a0298f7150c37480e5d22126a466025de8f10c9d083e96e58f

Download Submit
/data/user/0/com.leader.result/files/tor_source/tor.so
Filesize
6.9MB

MD5
5183e07a25ec7654bbd9405b5f1a4c75

SHA1
25057eeb42ff82668cd49b9e1bcfc39b2229955d

SHA256
4119996e6e2c6a57ad245c40368732972eeaf40bc9e2c22c396d69afeb4bea15

SHA512
a1bbd42ff89c21025404185e28ffea01906860b41ae6bb6e5d725ef28b8131e9501da7798ff0807f300cf018132e06c176332c1aa31939676bdf0cc08a3f1194

Download Submit
/data/user/0/com.leader.result/files/tor_source/torrc
Filesize
123B

MD5
882a5c7bb55ad342d352770ad1a04c90

SHA1
b048a9cf4926febbed82f2804207bd7576a8e8e0

SHA256
caa24da47c90ed4a260ee260ecd1dab3f8937688e82ae0a3705703b38da43278

SHA512
9f3863f873fdb5625d251d0bd1cdd52f683844ead8e458571e21af4f65c947c2da0cdb3036ca4e1d9d7ca4cccbb097aaea1e253604b99a3965d4a2c4f04f97ec

Download Submit
/data/user/0/com.leader.result/files/tor_source/torrc.custom
Filesize
409B

MD5
e24383312459b6aadaa86b9857d5cabc

SHA1
b348f76daa8a592cd7cdaf69c0d8121cce2e0a82

SHA256
920f1a087f7ea23f39f91ac9c9c3dcb731d0e8ba42c95a2fafb9ec52d0689db7

SHA512
5c91e0f183c8d80fcfebd98d8bcae92de4cca375f734f434d09e2fc5958f3226cc2a498392d0f02fa189e98f3965383cc4153ed77c608771bfcc20f8d60004e7

Download Submit