hydra | bd849070c6ac6b649282325eb066144bbac76ec2dd7e514eddc28e11ca3bd2b0 | Triage

Submit
Reports

Overview

overview

Static

static

7

bd849070c6...b0.apk

android-9-x86

bd849070c6...b0.apk

android-10-x64

bd849070c6...b0.apk

android-11-x64

Sharing

General

Target

bd849070c6ac6b649282325eb066144bbac76ec2dd7e514eddc28e11ca3bd2b0.apk
Size

2.3MB
Sample

220915-scyprsddc5
MD5

11774322a9ccd5cd7f1b509b47b9670d
SHA1

3a82dcb6cec0e5a85c79bd2e140385dd6ed2fcb8
SHA256

bd849070c6ac6b649282325eb066144bbac76ec2dd7e514eddc28e11ca3bd2b0
SHA512

d4f24e7bf4123a242e29cfc0c6592c910660419316f6dafc4a6280c6f40a118098c1831b44c0c5a5ea04762936c9a5d78aebcfefb430e7cad66fe74b0b4872fd
SSDEEP

49152:eYPISCEh/fNtFQoU4ub8ozzg88Ub78feZ29IOzTqevQDbde9Vg8u6V4Ch:diEZf/6oU4YDE8QT9IOzIDbde9VgN6p

Score

10^/10

hydra android banker infostealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

bd849070c6ac6b649282325eb066144bbac76ec2dd7e514eddc28e11ca3bd2b0.apk

Resource

android-x86-arm-20220823-en

hydra banker infostealer trojan

android-9-x86

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

bd849070c6ac6b649282325eb066144bbac76ec2dd7e514eddc28e11ca3bd2b0.apk

Resource

android-x64-20220823-en

hydra banker infostealer trojan

android-10-x64

5 signatures

150 seconds

Behavioral task

behavioral3

Sample

bd849070c6ac6b649282325eb066144bbac76ec2dd7e514eddc28e11ca3bd2b0.apk

Resource

android-x64-arm64-20220823-en

hydra banker infostealer trojan

android-11-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

hydra

C2

http://jioluuuieyegs.info

Targets

- Target
  
  bd849070c6ac6b649282325eb066144bbac76ec2dd7e514eddc28e11ca3bd2b0.apk
- Size
  
  2.3MB
- MD5
  
  11774322a9ccd5cd7f1b509b47b9670d
- SHA1
  
  3a82dcb6cec0e5a85c79bd2e140385dd6ed2fcb8
- SHA256
  
  bd849070c6ac6b649282325eb066144bbac76ec2dd7e514eddc28e11ca3bd2b0
- SHA512
  
  d4f24e7bf4123a242e29cfc0c6592c910660419316f6dafc4a6280c6f40a118098c1831b44c0c5a5ea04762936c9a5d78aebcfefb430e7cad66fe74b0b4872fd
- SSDEEP
  
  49152:eYPISCEh/fNtFQoU4ub8ozzg88Ub78feZ29IOzTqevQDbde9Vg8u6V4Ch:diEZf/6oU4YDE8QT9IOzIDbde9VgN6p
Score

10^/10

hydra banker infostealer trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Hydra payload
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests enabling of the accessibility settings.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Reads information about phone network operator.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

hydrabankerinfostealertrojan

behavioral2

hydrabankerinfostealertrojan

behavioral3

hydrabankerinfostealertrojan

© 2018-2024

Terms | Privacy