hydra | 60df7c2041df50055a5c68749e34f3780f6962d4ed1a6944b1b67ecee913f25d

Analysis

max time kernel
4270881s
max time network
316s
platform
android_x64
resource
android-x64-arm64-20220823-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
submitted
22-10-2022 07:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

574897127da229e7a7162b39bd20ba4becb89fc6fdfcf303a20deb1f456aead6.apk
Size

3.3MB
MD5

a121f64c01e31eaf2c4f896c9d596182
SHA1

2ac7b5d2882caef3a27b263e54d2acc2c888cae6
SHA256

574897127da229e7a7162b39bd20ba4becb89fc6fdfcf303a20deb1f456aead6
SHA512

2dd00b4b454f10b00729c45f3d1d3b7024f58b6ada7d89236a62ca620e4e874b2c6cd71027ffb5a9a0b1f88d5b20403108fd97537a4e38a4102d396628ff9ac9
SSDEEP

98304:GYNqFXbZBArOViBsKgPErzLUV9nS3AA6YyWPTYghI8i/:Gy0DAKViBePE3qnmkYKghI8I

Score

10^/10

hydra banker evasion infostealer stealth trojan

Malware Config

Extracted

Family

hydra

http://patrikvillalobos43.top

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Hydra payload 1 IoCs

resource	yara_rule
behavioral2/memory/4414-0.dex	family_hydra

Makes use of the framework's Accessibility service. 3 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.develop.oak
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.develop.oak
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.develop.oak

Removes its main activity from the application launcher 1 IoCs

stealth trojan

pid	Process
4414	com.develop.oak

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.develop.oak/app_DynamicOptDex/cN.json	4414	com.develop.oak

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.develop.oak

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
63	ip-api.com

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs

evasion

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.develop.oak

com.develop.oak
1⤵
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4414

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.develop.oak/app_DynamicOptDex/cN.json

Filesize
1.3MB

MD5
97d4b64a466781c4801ad368a3fe6835

SHA1
7ed66a278604ce4c351fc34d093a3c4a18fcbd18

SHA256
1aa5530a2168346d179c6155275281c9f9c4161823e9f6bfdc58a3eed78a0ddf

SHA512
376fc37722d74c642c0d39f04d13ade2254b5d4594269cb41d3f7b2888abd2b2e8181057064fad39f8629558731778e6f564679b75caa2d6a0279f2c934d3d96

Download Submit
/data/user/0/com.develop.oak/app_DynamicOptDex/cN.json

Filesize
3.6MB

MD5
d899dd16c2902841de08147f0ca25801

SHA1
28aa6dc8196050c8f5a07ace3b60e2fe9bd2d838

SHA256
470da53b16f9f845d4c5883ea285a6d590212c7c0df586abe275f8913a096384

SHA512
b0979c2eb3fcb3e98c5c8a29c4f7b00cd696f2e69c24ac2c060422861f972bf8174ac69f0ae08cf060116b591d573c983242056d9c1e8d63c93fb0c588f202cb

Download Submit
/data/user/0/com.develop.oak/shared_prefs/pref_name_setting.xml

Filesize
131B

MD5
f67534fbf7772bfefdb2b02de2f34a4d

SHA1
af16d826378e6808161b6e14cf13004523d9ce08

SHA256
b74e8def61a4e2720d3bd808c5d117fe7c65b65a86b4b7de3679eae0005ac613

SHA512
5d9ae7d4688d2dca8dc8299307904fc152b49bb96fa0004fc040ef5817a62fd173b4ca72f38ca9f95a07c51210543a4fcea6229c4775886fa5955c8a3df8d422

Download Submit