hydra | d449c3e618ae655b697ccb37618333c6c0fd095a7385a383efc2bcac377818e8 | Triage

Submit
Reports

Overview

overview

Static

static

7

0fd6d7acae...7d.apk

android_x86

0fd6d7acae...7d.apk

android_x64

0fd6d7acae...7d.apk

android_x64

Sharing

General

Target

0fd6d7acae3f279bd5194c06e33ce37d
Size

3.2MB
Sample

220628-zw5ezsccdp
MD5

0fd6d7acae3f279bd5194c06e33ce37d
SHA1

854c6ed6db41c47f16f6e43f375fa8d611592866
SHA256

d449c3e618ae655b697ccb37618333c6c0fd095a7385a383efc2bcac377818e8
SHA512

f6c3cf38f39f3a9bdbc41342bb2c69b0201307d22bae3aeb56e8a34d53993a0f9f0aa463ce99217b062f010d111f349eb33fc3cf099768a9314dd48613e6361c

Score

10^/10

hydra android banker infostealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

0fd6d7acae3f279bd5194c06e33ce37d.apk

Resource

android-x86-arm-20220621-en

hydra banker infostealer trojan

android_x86

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0fd6d7acae3f279bd5194c06e33ce37d.apk

Resource

android-x64-20220621-en

hydra banker infostealer trojan

android_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

0fd6d7acae3f279bd5194c06e33ce37d.apk

Resource

android-x64-arm64-20220621-en

hydra banker infostealer trojan

android_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  0fd6d7acae3f279bd5194c06e33ce37d
- Size
  
  3.2MB
- MD5
  
  0fd6d7acae3f279bd5194c06e33ce37d
- SHA1
  
  854c6ed6db41c47f16f6e43f375fa8d611592866
- SHA256
  
  d449c3e618ae655b697ccb37618333c6c0fd095a7385a383efc2bcac377818e8
- SHA512
  
  f6c3cf38f39f3a9bdbc41342bb2c69b0201307d22bae3aeb56e8a34d53993a0f9f0aa463ce99217b062f010d111f349eb33fc3cf099768a9314dd48613e6361c
Score

10^/10

hydra banker infostealer trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Hydra Payload
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Reads information about phone network operator.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

hydrabankerinfostealertrojan

behavioral2

hydrabankerinfostealertrojan

behavioral3

hydrabankerinfostealertrojan

© 2018-2024

Terms | Privacy