hydra | 60df7c2041df50055a5c68749e34f3780f6962d4ed1a6944b1b67ecee913f25d

Analysis

max time kernel
4270844s
max time network
319s
platform
android_x64
resource
android-x64-20220823-en
resource tags

androidarch:x64arch:x86image:android-x64-20220823-enlocale:en-usos:android-10-x64system
submitted
22-10-2022 07:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

574897127da229e7a7162b39bd20ba4becb89fc6fdfcf303a20deb1f456aead6.apk
Size

3.3MB
MD5

a121f64c01e31eaf2c4f896c9d596182
SHA1

2ac7b5d2882caef3a27b263e54d2acc2c888cae6
SHA256

574897127da229e7a7162b39bd20ba4becb89fc6fdfcf303a20deb1f456aead6
SHA512

2dd00b4b454f10b00729c45f3d1d3b7024f58b6ada7d89236a62ca620e4e874b2c6cd71027ffb5a9a0b1f88d5b20403108fd97537a4e38a4102d396628ff9ac9
SSDEEP

98304:GYNqFXbZBArOViBsKgPErzLUV9nS3AA6YyWPTYghI8i/:Gy0DAKViBePE3qnmkYKghI8I

Score

10^/10

hydra banker infostealer trojan

Malware Config

Extracted

Family

hydra

http://patrikvillalobos43.top

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Hydra payload 1 IoCs

resource	yara_rule
behavioral1/memory/4831-0.dex	family_hydra

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.develop.oak/app_DynamicOptDex/cN.json	4831	com.develop.oak

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
66	ip-api.com
69	ip-api.com

Reads information about phone network operator.

com.develop.oak
1⤵
- Loads dropped Dex/Jar
PID:4831

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.develop.oak/app_DynamicOptDex/cN.json

Filesize
1.3MB

MD5
97d4b64a466781c4801ad368a3fe6835

SHA1
7ed66a278604ce4c351fc34d093a3c4a18fcbd18

SHA256
1aa5530a2168346d179c6155275281c9f9c4161823e9f6bfdc58a3eed78a0ddf

SHA512
376fc37722d74c642c0d39f04d13ade2254b5d4594269cb41d3f7b2888abd2b2e8181057064fad39f8629558731778e6f564679b75caa2d6a0279f2c934d3d96

Download Submit
/data/user/0/com.develop.oak/app_DynamicOptDex/cN.json

Filesize
3.6MB

MD5
d899dd16c2902841de08147f0ca25801

SHA1
28aa6dc8196050c8f5a07ace3b60e2fe9bd2d838

SHA256
470da53b16f9f845d4c5883ea285a6d590212c7c0df586abe275f8913a096384

SHA512
b0979c2eb3fcb3e98c5c8a29c4f7b00cd696f2e69c24ac2c060422861f972bf8174ac69f0ae08cf060116b591d573c983242056d9c1e8d63c93fb0c588f202cb

Download Submit
/data/user/0/com.develop.oak/app_apk/payload.apk

Filesize
974KB

MD5
3baeaa766ea7f31a9147208efd957c75

SHA1
c701de3d0e55425394ccbf8e0967639e86f3c54e

SHA256
75e162dc291e15d13b0f3202a66e0c88ff2db09ec02922ee64818dbddcb78d6d

SHA512
9f3ccb1fc9a177524ba2d39f809be4851af385073463893bd4a8664308253fc0da2b9ab330c85675dbe9ce0c44b631a0d1ec7800491687c7b2540504b351295f

Download Submit
/data/user/0/com.develop.oak/shared_prefs/pref_name_setting.xml

Filesize
131B

MD5
ef498511465473015b5467da61c7f4b4

SHA1
44c826dc410662ef4a8385756e67668d097ef9a3

SHA256
7cd182de7fc192ca3059b59d951c33449bce754639c13850f31324dd843b1117

SHA512
65ed3ec346b75fa193393e1bf3ac6d798cc47bb3b8cc16f2c8b7d04cd7c0e2609a4cdce0e21bc1764cbe3e9329c788e1e5678872a36d72a7acd85ba509db09a3

Download Submit