Extracted

• • Target

    31fd040e83679096a6204f20a7b4b3e4f587fd2d20b3ed4408550f64b3fafbcf

  • Size

    2.1MB

  • MD5

    3ee8cd8a2fba850f954c8c8af84babd6

  • SHA1

    d2a6b249f009c5a628bbea4986b72e7be6a4e32a

  • SHA256

    31fd040e83679096a6204f20a7b4b3e4f587fd2d20b3ed4408550f64b3fafbcf

  • SHA512

    003d400ffd57a3adc68b9071c801577a1ed5ad27d763d2fc312a1c4d3c9f5eb72ad9c327c73920ee644d6c64fa2d2d9310801ccfbe28f9e3368b80effb69efbd

  • SSDEEP

    24576:Q77t4o5+UWRW3GHF5J3oijoeapmKVVcSnC5BZ9qxI+4kAHfN79vWTaTzG+6wpLM2:U7T80Wl5J3n2wK7hDaHl79q+6fLmdhr9

  Score

  10^/10

  hydrabankerinfostealertrojan

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra

  • Hydra payload

  • Makes use of the framework's Accessibility service.

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

  behavioral1behavioral2behavioral3