hydra | bd849070c6ac6b649282325eb066144bbac76ec2dd7e514eddc28e11ca3bd2b0

Analysis

max time kernel
1101817s
max time network
131s
platform
android_x64
resource
android-x64-20220823-en
resource tags

androidarch:x64arch:x86image:android-x64-20220823-enlocale:en-usos:android-10-x64system
submitted
15-09-2022 14:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bd849070c6ac6b649282325eb066144bbac76ec2dd7e514eddc28e11ca3bd2b0.apk
Size

2.3MB
MD5

11774322a9ccd5cd7f1b509b47b9670d
SHA1

3a82dcb6cec0e5a85c79bd2e140385dd6ed2fcb8
SHA256

bd849070c6ac6b649282325eb066144bbac76ec2dd7e514eddc28e11ca3bd2b0
SHA512

d4f24e7bf4123a242e29cfc0c6592c910660419316f6dafc4a6280c6f40a118098c1831b44c0c5a5ea04762936c9a5d78aebcfefb430e7cad66fe74b0b4872fd
SSDEEP

49152:eYPISCEh/fNtFQoU4ub8ozzg88Ub78feZ29IOzTqevQDbde9Vg8u6V4Ch:diEZf/6oU4YDE8QT9IOzIDbde9VgN6p

Score

10^/10

hydra banker infostealer trojan

Malware Config

Extracted

Family

hydra

http://jioluuuieyegs.info

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Hydra payload 1 IoCs

Processes:

resource	yara_rule
/data/user/0/com.else.result/app_DynamicOptDex/mygDEh.json	family_hydra

Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

com.else.result

ioc pid process

/data/user/0/com.else.result/app_DynamicOptDex/mygDEh.json 4759 com.else.result
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

40 ip-api.com
Reads information about phone network operator.

ioc	pid	process
/data/user/0/com.else.result/app_DynamicOptDex/mygDEh.json	4759	com.else.result

flow	ioc
40	ip-api.com

com.else.result
1⤵
- Loads dropped Dex/Jar
PID:4759

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.else.result/app_DynamicOptDex/mygDEh.json
Filesize
1.3MB

MD5
6422083a6f3423b2abe3389e18585365

SHA1
d752191361d0566f90f6a6d533b639ebc2b9f85e

SHA256
3f00bc98015824104a7e8e123ece8a87726fbe1b1c3cf3044ebc376270355b49

SHA512
f61ddbfe1a96ff47d6babec92781724a37a7dee3824f106113e71f1fc93132c9a6ca9509db01f0af964ee65f4e345eb719e7575600502c1c351da2996ed02fcc

Download Submit
/data/user/0/com.else.result/app_DynamicOptDex/mygDEh.json
Filesize
3.6MB

MD5
d1a4d40d83f033bfa504c9167256556d

SHA1
5deb8d6e800ee2c9e5334cd36e03bf145b181777

SHA256
83fea678ac133b73858e5c475825803233dc94064b8bd9e490cca69fef9aadaf

SHA512
cd2a90f367daea1e7c75f4f65a036a5dc696b9b1a2212ed221dcccb46b35b920881719dfda5a2ac1db3829cb2501e1dedc5637c15df9b2a53191375414ebc8bd

Download Submit
/data/user/0/com.else.result/app_DynamicOptDex/oat/mygDEh.json.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.else.result/shared_prefs/pref_name_setting.xml
Filesize
131B

MD5
8af431c45fd8b68208a9579f0dacd2c0

SHA1
4e9b3c04aa327864a5b605dc24678103fa0fa4f9

SHA256
ec5dd795a765229af78f7ed8baa6a608dc42dff1a9452fdae56cc0cfb8ee472a

SHA512
34cd69dd0cc912b5c49ba25edd5fa1808c9d6067ec3cfa6455bb58a8b3dc3e3a5f17ff62080490273500e3755318287f2558f4f2fbd0f3b9e8d10b64a4acf172

Download Submit