hydra | 5df20525d7148aa46400d10794cb512cfd116bda28bb9b0ba96d07a4b4bb179d

Analysis

max time kernel
3483406s
max time network
160s
platform
android_x64
resource
android-x64-arm64-20220823-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
submitted
20/01/2023, 14:37 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

481598d7c10e3dfd538e8c21141ab337c2074047227a58f8f639eb374e971cf4.apk
Size

2.0MB
MD5

9c493810258eeca47b5001fd0c968111
SHA1

9461d1a5f6ae935a1ba6bc2d05e76e55ac79f639
SHA256

481598d7c10e3dfd538e8c21141ab337c2074047227a58f8f639eb374e971cf4
SHA512

7cd767cacd064def4443f21b346b4a78b8573dc760714210eda5f4284a4a236b795e73cc0e2c50f7837693741416007bcf913034dc28dd21a5084099ca68a172
SSDEEP

49152:j/j9ArJ/vPFDdpfE/81ZRPRNdoIIVVYG2FrGJ:j/jOxvFz1rRNdobVVYREJ

Score

10^/10

hydra banker infostealer trojan

Malware Config

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Hydra payload 1 IoCs

resource	yara_rule
behavioral3/memory/4418-0.dex	family_hydra

Makes use of the framework's Accessibility service. 2 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.piano.length
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.piano.length

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.piano.length/app_DynamicOptDex/uEEipJ.json	4418	com.piano.length

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
42	ip-api.com

Reads information about phone network operator.

com.piano.length
1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
PID:4418

Network

DNS

android.apis.google.com

Remote address:

1.1.1.1:53

Request

android.apis.google.com

IN A

Response

android.apis.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

142.251.36.14
DNS

growth-pa.googleapis.com

Remote address:

1.1.1.1:53

Request

growth-pa.googleapis.com

IN A

Response

growth-pa.googleapis.com

IN A

142.251.36.10

growth-pa.googleapis.com

IN A

142.250.179.202

growth-pa.googleapis.com

IN A

142.251.39.106

growth-pa.googleapis.com

IN A

216.58.208.106

growth-pa.googleapis.com

IN A

142.251.36.42

growth-pa.googleapis.com

IN A

142.250.179.138

growth-pa.googleapis.com

IN A

142.250.179.170
DNS

infinitedata-pa.googleapis.com

Remote address:

1.1.1.1:53

Request

infinitedata-pa.googleapis.com

IN A

Response

infinitedata-pa.googleapis.com

IN A

142.251.36.42

infinitedata-pa.googleapis.com

IN A

142.251.36.10

infinitedata-pa.googleapis.com

IN A

142.250.179.202

infinitedata-pa.googleapis.com

IN A

142.250.179.138

infinitedata-pa.googleapis.com

IN A

142.250.179.170

infinitedata-pa.googleapis.com

IN A

142.251.39.106

infinitedata-pa.googleapis.com

IN A

216.58.208.106
DNS

ip-api.com

Remote address:

1.1.1.1:53

Request

ip-api.com

IN A
DNS

ip-api.com

Remote address:

1.1.1.1:53

Request

ip-api.com

IN A
DNS

ssl.google-analytics.com

Remote address:

1.1.1.1:53

Request

ssl.google-analytics.com

IN A

Response

ssl.google-analytics.com

IN A

142.251.39.104
DNS

gist.githubusercontent.com

Remote address:

1.1.1.1:53

Request

gist.githubusercontent.com

IN A
DNS

gist.githubusercontent.com

Remote address:

1.1.1.1:53

Request

gist.githubusercontent.com

IN A
DNS

android.apis.google.com

Remote address:

1.1.1.1:53

Request

android.apis.google.com

IN A
DNS

android.apis.google.com

Remote address:

1.1.1.1:53

Request

android.apis.google.com

IN A
DNS

android.apis.google.com

Remote address:

1.1.1.1:53

Request

android.apis.google.com

IN A

Response

android.apis.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

172.217.168.206

142.251.36.14:443

android.apis.google.com

tls

867 B
4.6kB
6
5
142.251.36.14:443

android.apis.google.com

tls

919 B
4.6kB
7
5
142.251.36.14:443

android.apis.google.com

tls

919 B
4.5kB
7
4
142.251.36.10:443

growth-pa.googleapis.com

tls

543 B
4.9kB
7
5
142.250.179.202:443

growth-pa.googleapis.com

tls

543 B
4.8kB
7
4
142.251.39.106:443

growth-pa.googleapis.com

tls

543 B
4.9kB
7
5
142.250.179.138:443

growth-pa.googleapis.com

tls

543 B
4.8kB
7
4
142.251.39.104:443

ssl.google-analytics.com

tls

1.2kB
5.7kB
7
5
172.217.168.206:443

android.apis.google.com

tls

9.2kB
12.7kB
30
30

224.0.0.251:5353

4.1kB
12
1.1.1.1:53

android.apis.google.com

dns

69 B
109 B
1
1

DNS Request

android.apis.google.com

DNS Response

142.251.36.14
1.1.1.1:53

growth-pa.googleapis.com

dns

70 B
182 B
1
1

DNS Request

growth-pa.googleapis.com

DNS Response

142.251.36.10

142.250.179.202

142.251.39.106

216.58.208.106

142.251.36.42

142.250.179.138

142.250.179.170
1.1.1.1:53

infinitedata-pa.googleapis.com

dns

76 B
188 B
1
1

DNS Request

infinitedata-pa.googleapis.com

DNS Response

142.251.36.42

142.251.36.10

142.250.179.202

142.250.179.138

142.250.179.170

142.251.39.106

216.58.208.106
1.1.1.1:53

ip-api.com

dns

112 B
2

DNS Request

ip-api.com

DNS Request

ip-api.com
1.1.1.1:53

ssl.google-analytics.com

dns

70 B
86 B
1
1

DNS Request

ssl.google-analytics.com

DNS Response

142.251.39.104
1.1.1.1:53

gist.githubusercontent.com

dns

144 B
2

DNS Request

gist.githubusercontent.com

DNS Request

gist.githubusercontent.com
1.1.1.1:53

android.apis.google.com

dns

138 B
2

DNS Request

android.apis.google.com

DNS Request

android.apis.google.com
1.1.1.1:53

android.apis.google.com

dns

69 B
109 B
1
1

DNS Request

android.apis.google.com

DNS Response

172.217.168.206

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.piano.length/app_DynamicOptDex/uEEipJ.json

Filesize
239KB

MD5
06c02ab9f5fbb12ec78c0f00b9cd144f

SHA1
92965fccde619291b2cd21a93d4a22d79b4b9094

SHA256
96f1e4cd48ef797a8fc5e740dae6f3a527d0543788d18b967fd8996748241cda

SHA512
80c2388fe41ad6791ab7282c396a0fa8414f96a84de0290751b57b87963f4b42f33c6f0e439369cebdc54f4f9fcb8c20ac1cc6b5b2a11b0931d67a2317080cd0

Download Submit
/data/user/0/com.piano.length/app_DynamicOptDex/uEEipJ.json

Filesize
574KB

MD5
4f7ca869e2a2aa71565ddd0213377ef4

SHA1
7d36e39122864983eefeae7acda4c5895571aefb

SHA256
885da90d332750c7f2fef12a1fc61d9aae32a323b0bd13b2309bbc6ee3f221e5

SHA512
70097ab3164541abeb0aa661c7d92a1d4fd1f1b5deb7b605a5e510d7bfd84622f143305846fc6b31be0e5d7015bb56eca7fbf6063e84d840b7cd3bd07a4f500f

Download Submit
/data/user/0/com.piano.length/shared_prefs/pref_name_setting.xml

Filesize
131B

MD5
99906591310ddc26748b3a604ccde036

SHA1
4826b28d3683a99e10132999778b1f650223a593

SHA256
fb6c16987439db4666c0a1493c659ede60609e0413e1f079730368bddc812b97

SHA512
5e9061a7485e8d7e196635818a0ce16ec1780f8940255a681492abaf60b7b35b88923a34a95b8c6ee652c3e3f72f8efdf7b7192b69813371980444eded09f82c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.