hydra | c87b73a7595006407d2eb454912707fa9ca4ca700a1afbea7657f7dc5f7899c6

Analysis

max time kernel
2817949s
max time network
142s
platform
android_x86
resource
android-x86-arm-20220621-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220621-enlocale:en-usos:android-9-x86system
submitted
16-08-2022 18:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9c96b8f5b7599b8f447d56c5e51b3e65.apk
Size

2.7MB
MD5

9c96b8f5b7599b8f447d56c5e51b3e65
SHA1

9ea098c58e0054c4977e164c62ef9a5218fa2e1c
SHA256

c87b73a7595006407d2eb454912707fa9ca4ca700a1afbea7657f7dc5f7899c6
SHA512

6ffad1c6253f3bbd95a2e51dbac021f5fc4033d505685747d5836d970616fcf96601a3c59597ea4f87100293bbc6c53e3704a7f9b28da33775edf753beb6ce96

Score

10^/10

hydra banker infostealer trojan

Malware Config

Extracted

Family

hydra

https://notpro.top

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Hydra payload 2 IoCs

resource	yara_rule
behavioral1/memory/4753-0.dex	family_hydra
behavioral1/memory/4695-0.dex	family_hydra

Makes use of the framework's Accessibility service. 2 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.lawsuit.today
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.lawsuit.today

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.lawsuit.today/app_DynamicOptDex/wdebM.json	4753	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.lawsuit.today/app_DynamicOptDex/wdebM.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.lawsuit.today/app_DynamicOptDex/oat/x86/wdebM.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.lawsuit.today/app_DynamicOptDex/wdebM.json	4695	com.lawsuit.today

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
51	ip-api.com
52	ip-api.com

Reads information about phone network operator.

com.lawsuit.today
1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
PID:4695
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.lawsuit.today/app_DynamicOptDex/wdebM.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.lawsuit.today/app_DynamicOptDex/oat/x86/wdebM.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4753

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.lawsuit.today/app_DynamicOptDex/wdebM.json

Filesize
1.3MB

MD5
5ebe4e294ee14d00e628510874fa1e7f

SHA1
cb158896516628256976957a3d252bcf6f401ad9

SHA256
b335647aad2246da6b67f7727d97562838a032e198271e5700651c51b9bf1b7b

SHA512
188238c09526b1680e375be98304b36c2f6595f8366e32b4a1a712d40f94ef270208dd84a903994f4e57bb5fa33b00114eb2ff3c72c36be0d95a54affecdd13b

Download Submit
/data/user/0/com.lawsuit.today/app_DynamicOptDex/wdebM.json

Filesize
3.6MB

MD5
81da1d044c8d0f6158041b373b42d8cd

SHA1
282b8d8eba1e63d25812d6e8b99ee39b19b3444c

SHA256
ce8b4453c6b727780c94ebd80f90b264d819f9172f0d49c0e229a1a9f41f926e

SHA512
f3cd99c8824fd5f62e351bafd4fcb034d12645767bf917ba20f8858d70c75ff40fcde61b84b019a3cff829086f47aef4f2acb4c11031b6e2416100f0c901fba6

Download Submit
/data/user/0/com.lawsuit.today/app_DynamicOptDex/wdebM.json

Filesize
3.6MB

MD5
bfe4abdeb63bb7ca930679be5087df29

SHA1
828f80c25ab12ca251642439f690aec0aad6ecc9

SHA256
76112405f0249e3f37b36efe9d5d20fa2b40c2fb2ba5b592e9b86d9b5dabe5f4

SHA512
3582139e763ea6a32ae05d30dc1e1dabd25d529aa38921306fe3fa0044a5a177e8480bfc43167fb17ca5c3a83c22fd74bb5bd6cdfe26aa2857aa8ef8eb0734a6

Download Submit
/data/user/0/com.lawsuit.today/app_apk/payload.apk

Filesize
974KB

MD5
3baeaa766ea7f31a9147208efd957c75

SHA1
c701de3d0e55425394ccbf8e0967639e86f3c54e

SHA256
75e162dc291e15d13b0f3202a66e0c88ff2db09ec02922ee64818dbddcb78d6d

SHA512
9f3ccb1fc9a177524ba2d39f809be4851af385073463893bd4a8664308253fc0da2b9ab330c85675dbe9ce0c44b631a0d1ec7800491687c7b2540504b351295f

Download Submit