hydra | c87b73a7595006407d2eb454912707fa9ca4ca700a1afbea7657f7dc5f7899c6 | Triage

Submit
Reports

Overview

overview

Static

static

7

9c96b8f5b7...65.apk

android-9-x86

9c96b8f5b7...65.apk

android-10-x64

9c96b8f5b7...65.apk

android-11-x64

Sharing

General

Target

9c96b8f5b7599b8f447d56c5e51b3e65.apk
Size

2.7MB
Sample

220816-w9dbwaffa2
MD5

9c96b8f5b7599b8f447d56c5e51b3e65
SHA1

9ea098c58e0054c4977e164c62ef9a5218fa2e1c
SHA256

c87b73a7595006407d2eb454912707fa9ca4ca700a1afbea7657f7dc5f7899c6
SHA512

6ffad1c6253f3bbd95a2e51dbac021f5fc4033d505685747d5836d970616fcf96601a3c59597ea4f87100293bbc6c53e3704a7f9b28da33775edf753beb6ce96
SSDEEP

49152:pQ5P81Pcu+ApCs1iZ5qLr+JAySus//kwTbHR5MG7wGnWpZ+oILN7LMH5L/:pQ5IUu++j1o5qvGlPstT7R3wDILNg5L/

Score

10^/10

hydra android banker infostealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9c96b8f5b7599b8f447d56c5e51b3e65.apk

Resource

android-x86-arm-20220621-en

hydra banker infostealer trojan

android-9-x86

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

9c96b8f5b7599b8f447d56c5e51b3e65.apk

Resource

android-x64-20220621-en

hydra banker infostealer trojan

android-10-x64

3 signatures

150 seconds

Behavioral task

behavioral3

Sample

9c96b8f5b7599b8f447d56c5e51b3e65.apk

Resource

android-x64-arm64-20220621-en

hydra banker infostealer trojan

android-11-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

hydra

C2

https://notpro.top

Targets

- Target
  
  9c96b8f5b7599b8f447d56c5e51b3e65.apk
- Size
  
  2.7MB
- MD5
  
  9c96b8f5b7599b8f447d56c5e51b3e65
- SHA1
  
  9ea098c58e0054c4977e164c62ef9a5218fa2e1c
- SHA256
  
  c87b73a7595006407d2eb454912707fa9ca4ca700a1afbea7657f7dc5f7899c6
- SHA512
  
  6ffad1c6253f3bbd95a2e51dbac021f5fc4033d505685747d5836d970616fcf96601a3c59597ea4f87100293bbc6c53e3704a7f9b28da33775edf753beb6ce96
- SSDEEP
  
  49152:pQ5P81Pcu+ApCs1iZ5qLr+JAySus//kwTbHR5MG7wGnWpZ+oILN7LMH5L/:pQ5IUu++j1o5qvGlPstT7R3wDILNg5L/
Score

10^/10

hydra banker infostealer trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Hydra payload
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Reads information about phone network operator.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

hydrabankerinfostealertrojan

behavioral2

hydrabankerinfostealertrojan

behavioral3

hydrabankerinfostealertrojan

© 2018-2024

Terms | Privacy