hydra | bd849070c6ac6b649282325eb066144bbac76ec2dd7e514eddc28e11ca3bd2b0

Analysis

max time kernel
1101799s
max time network
151s
platform
android_x64
resource
android-x64-arm64-20220823-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
submitted
15-09-2022 14:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bd849070c6ac6b649282325eb066144bbac76ec2dd7e514eddc28e11ca3bd2b0.apk
Size

2.3MB
MD5

11774322a9ccd5cd7f1b509b47b9670d
SHA1

3a82dcb6cec0e5a85c79bd2e140385dd6ed2fcb8
SHA256

bd849070c6ac6b649282325eb066144bbac76ec2dd7e514eddc28e11ca3bd2b0
SHA512

d4f24e7bf4123a242e29cfc0c6592c910660419316f6dafc4a6280c6f40a118098c1831b44c0c5a5ea04762936c9a5d78aebcfefb430e7cad66fe74b0b4872fd
SSDEEP

49152:eYPISCEh/fNtFQoU4ub8ozzg88Ub78feZ29IOzTqevQDbde9Vg8u6V4Ch:diEZf/6oU4YDE8QT9IOzIDbde9VgN6p

Score

10^/10

hydra banker infostealer trojan

Malware Config

Extracted

Family

hydra

http://jioluuuieyegs.info

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Hydra payload 1 IoCs

resource	yara_rule
behavioral3/memory/4637-0.dex	family_hydra

Makes use of the framework's Accessibility service. 2 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.else.result
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.else.result

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.else.result/app_DynamicOptDex/mygDEh.json	4637	com.else.result

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.else.result

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
59	ip-api.com

Reads information about phone network operator.

com.else.result
1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
PID:4637

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.else.result/app_DynamicOptDex/mygDEh.json

Filesize
1.3MB

MD5
6422083a6f3423b2abe3389e18585365

SHA1
d752191361d0566f90f6a6d533b639ebc2b9f85e

SHA256
3f00bc98015824104a7e8e123ece8a87726fbe1b1c3cf3044ebc376270355b49

SHA512
f61ddbfe1a96ff47d6babec92781724a37a7dee3824f106113e71f1fc93132c9a6ca9509db01f0af964ee65f4e345eb719e7575600502c1c351da2996ed02fcc

Download Submit
/data/user/0/com.else.result/app_DynamicOptDex/mygDEh.json

Filesize
3.6MB

MD5
d1a4d40d83f033bfa504c9167256556d

SHA1
5deb8d6e800ee2c9e5334cd36e03bf145b181777

SHA256
83fea678ac133b73858e5c475825803233dc94064b8bd9e490cca69fef9aadaf

SHA512
cd2a90f367daea1e7c75f4f65a036a5dc696b9b1a2212ed221dcccb46b35b920881719dfda5a2ac1db3829cb2501e1dedc5637c15df9b2a53191375414ebc8bd

Download Submit
/data/user/0/com.else.result/shared_prefs/pref_name_setting.xml

Filesize
131B

MD5
18f9f5134c1b6209af0c57c2e29a29a9

SHA1
21c52b0ba0f57701f93b81dd2d4cc5c771cfd66f

SHA256
dc7b089cbbf510c3b9dd8178a74cc125229c9b71eb69849e71e38944864f0f96

SHA512
edafb01745eff316827224dd85c24c459fd2617a8788a9c22e28db9971732dbd19966c793ebab6e2f130e23f721beee15606dc11f64d2e9dc76993b0c7be766f

Download Submit