hydra | 62cf95f6ef0c3d98663b746855ea64e8f436f8e622c57b40abe46b3988d1bc21 | Triage

Analysis

max time kernel
4248219s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20230621-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230621-enlocale:en-usos:android-11-x64system
submitted
27-06-2023 14:13

Sharing

Report Analysis Logs

General

Target

8facbeb731fb98cf0983fa113.apk
Size

1.0MB
MD5

8facbeb731fb98cf0983fa113487d226
SHA1

4b0c81406d4c333c393a2b148c30c100da09398f
SHA256

62cf95f6ef0c3d98663b746855ea64e8f436f8e622c57b40abe46b3988d1bc21
SHA512

7584f40b4d61480a5716b2100a0edfffc39c6ffca0734594ae6a2ca5a6fe5deffc2920522684dc07b5da0be7e0cabbeba8dfb29ef9443063b8d1aeb8be586fde
SSDEEP

24576:3PCd+It4D1OjFgdVnba8r403uyQSHnpDGOFEjbe:fq4DAFgdVnbaS4DsHRGOFEjy

Score

10^/10

hydra banker infostealer trojan

Malware Config

Extracted

Family

hydra

C2

http://yfuvubivivuvihih.com

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Makes use of the framework's Accessibility service. 2 IoCs

Processes:

com.grand.snail

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.grand.snail
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.grand.snail

Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

44 ip-api.com
Reads information about phone network operator.

com.grand.snail
1⤵
- Makes use of the framework's Accessibility service.
PID:4393

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...