hydra | 62cf95f6ef0c3d98663b746855ea64e8f436f8e622c57b40abe46b3988d1bc21 | Triage

Submit
Reports

Overview

overview

Static

static

8facbeb731...26.apk

android-9-x86

8facbeb731...26.apk

android-10-x64

8facbeb731...26.apk

android-11-x64

Sharing

General

Target

8facbeb731fb98cf0983fa113487d226.apk
Size

1.0MB
Sample

230627-q43rpaec46
MD5

8facbeb731fb98cf0983fa113487d226
SHA1

4b0c81406d4c333c393a2b148c30c100da09398f
SHA256

62cf95f6ef0c3d98663b746855ea64e8f436f8e622c57b40abe46b3988d1bc21
SHA512

7584f40b4d61480a5716b2100a0edfffc39c6ffca0734594ae6a2ca5a6fe5deffc2920522684dc07b5da0be7e0cabbeba8dfb29ef9443063b8d1aeb8be586fde
SSDEEP

24576:3PCd+It4D1OjFgdVnba8r403uyQSHnpDGOFEjbe:fq4DAFgdVnbaS4DsHRGOFEjy

Score

10^/10

hydra android banker evasion infostealer stealth trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

8facbeb731fb98cf0983fa113487d226.apk

Resource

android-x86-arm-20230621-en

hydra banker evasion infostealer stealth trojan

android-9-x86

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

8facbeb731fb98cf0983fa113487d226.apk

Resource

android-x64-20230621-en

hydra banker infostealer trojan

android-10-x64

3 signatures

150 seconds

Behavioral task

behavioral3

Sample

8facbeb731fb98cf0983fa113487d226.apk

Resource

android-x64-arm64-20230621-en

hydra banker infostealer trojan

android-11-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

hydra

C2

http://yfuvubivivuvihih.com

Targets

- Target
  
  8facbeb731fb98cf0983fa113487d226.apk
- Size
  
  1.0MB
- MD5
  
  8facbeb731fb98cf0983fa113487d226
- SHA1
  
  4b0c81406d4c333c393a2b148c30c100da09398f
- SHA256
  
  62cf95f6ef0c3d98663b746855ea64e8f436f8e622c57b40abe46b3988d1bc21
- SHA512
  
  7584f40b4d61480a5716b2100a0edfffc39c6ffca0734594ae6a2ca5a6fe5deffc2920522684dc07b5da0be7e0cabbeba8dfb29ef9443063b8d1aeb8be586fde
- SSDEEP
  
  24576:3PCd+It4D1OjFgdVnba8r403uyQSHnpDGOFEjbe:fq4DAFgdVnbaS4DsHRGOFEjy
Score

10^/10

hydra banker evasion infostealer stealth trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
  stealth trojan
- Requests enabling of the accessibility settings.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Reads information about phone network operator.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

hydrabankerevasioninfostealerstealthtrojan

behavioral2

hydrabankerinfostealertrojan

behavioral3

hydrabankerinfostealertrojan

© 2018-2024

Terms | Privacy