hydra | d449c3e618ae655b697ccb37618333c6c0fd095a7385a383efc2bcac377818e8 | Triage

Submit
Reports

Overview

overview

Static

static

7

0fd6d7acae...7d.apk

android_x86

0fd6d7acae...7d.apk

android_x64

0fd6d7acae...7d.apk

android_x64

Sharing

General

Target

0fd6d7acae3f279bd5194c06e33ce37d
Size

3.2MB
Sample

220628-zw5ezsccdp
MD5

0fd6d7acae3f279bd5194c06e33ce37d
SHA1

854c6ed6db41c47f16f6e43f375fa8d611592866
SHA256

d449c3e618ae655b697ccb37618333c6c0fd095a7385a383efc2bcac377818e8
SHA512

f6c3cf38f39f3a9bdbc41342bb2c69b0201307d22bae3aeb56e8a34d53993a0f9f0aa463ce99217b062f010d111f349eb33fc3cf099768a9314dd48613e6361c

Score

10^/10

hydra android banker infostealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

0fd6d7acae3f279bd5194c06e33ce37d.apk

Resource

android-x86-arm-20220621-en

hydra banker infostealer trojan

android_x86

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0fd6d7acae3f279bd5194c06e33ce37d.apk

Resource

android-x64-20220621-en

hydra banker infostealer trojan

android_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

0fd6d7acae3f279bd5194c06e33ce37d.apk

Resource

android-x64-arm64-20220621-en

hydra banker infostealer trojan

android_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  0fd6d7acae3f279bd5194c06e33ce37d
- Size
  
  3.2MB
- MD5
  
  0fd6d7acae3f279bd5194c06e33ce37d
- SHA1
  
  854c6ed6db41c47f16f6e43f375fa8d611592866
- SHA256
  
  d449c3e618ae655b697ccb37618333c6c0fd095a7385a383efc2bcac377818e8
- SHA512
  
  f6c3cf38f39f3a9bdbc41342bb2c69b0201307d22bae3aeb56e8a34d53993a0f9f0aa463ce99217b062f010d111f349eb33fc3cf099768a9314dd48613e6361c
Score

10^/10

hydra banker infostealer trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Hydra Payload
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Reads information about phone network operator.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

hydrabankerinfostealertrojan

behavioral2

hydrabankerinfostealertrojan

behavioral3

hydrabankerinfostealertrojan

© 2018-2025

Terms | Privacy