hydra | cd3ff09b5070985a0797738743b1c62233918666b888dc4867cec9aa82cc5505 | Triage

Sharing

General

Target

8319695f2a7a4c2f6050d922dd1760a5e8731064.apk
Size

3.2MB
Sample

230719-nxaffsef7y
MD5

e8e83c7e5094b7510e0a738a7fbafd6c
SHA1

8319695f2a7a4c2f6050d922dd1760a5e8731064
SHA256

cd3ff09b5070985a0797738743b1c62233918666b888dc4867cec9aa82cc5505
SHA512

8d4630f89b6e5ed1211d4caff57ef01570860c0b42db1365487e6ec8c86236d756624f9d4a5e924b5558b3134e64a89385705a31ce4dea8f53cc69bd0c616e9b
SSDEEP

98304:ZOh9u96MP1iXw8oHjEdQP6H5XJlNeG+tyD9toGhTWbBGZbRUIb3tgEjk:ZOhQ1qqmlD20Z1hDtdg

Score

10^/10

hydra android banker infostealer linux trojan

Malware Config

Extracted

Family

hydra

C2

http://91.215.85.203

Targets

- Target
  
  8319695f2a7a4c2f6050d922dd1760a5e8731064.apk
- Size
  
  3.2MB
- MD5
  
  e8e83c7e5094b7510e0a738a7fbafd6c
- SHA1
  
  8319695f2a7a4c2f6050d922dd1760a5e8731064
- SHA256
  
  cd3ff09b5070985a0797738743b1c62233918666b888dc4867cec9aa82cc5505
- SHA512
  
  8d4630f89b6e5ed1211d4caff57ef01570860c0b42db1365487e6ec8c86236d756624f9d4a5e924b5558b3134e64a89385705a31ce4dea8f53cc69bd0c616e9b
- SSDEEP
  
  98304:ZOh9u96MP1iXw8oHjEdQP6H5XJlNeG+tyD9toGhTWbBGZbRUIb3tgEjk:ZOhQ1qqmlD20Z1hDtdg
Score

10^/10

hydra banker infostealer trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Hydra payload
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Reads information about phone network operator.
behavioral1 behavioral2 behavioral3
- Target
  
  closebutton.html
- Size
  
  981B
- MD5
  
  c8efa039f4f84b2705a8e3a3b31da61c
- SHA1
  
  669749429feda1599c4ee980cfd67fbb1a54c1a4
- SHA256
  
  494693c2ac56ecac1a2588c25631e1bf71211fb0f06108649a983c879315b1aa
- SHA512
  
  db6c9817469c937a41eedbbbdaeb21a0860fa5228258978fe59d29c75ab1497b8d1a0ceaae2b236206d6935e186deaf0d83a73791658fa68a985dfc5c314aed2
Score

1^/10
behavioral4 behavioral5
- Target
  
  core_wrapper.js
- Size
  
  5KB
- MD5
  
  2558e92bdb03c3e4685d4320a7cbe715
- SHA1
  
  9feff7ec75024ba6d9753ea233ffbe0b7bc04bf7
- SHA256
  
  99a17d18531953e748103eb021738a42eb9fe675532a4d42441d3bc34e048bc8
- SHA512
  
  83409561241255be24558f6b238f1687ea7f703d6950a8ad54ff4c50aa9c62af490b74e9b60379ff074b92942bf4752a653a19c4da2b554ac59ecfa0f5fad9f3
- SSDEEP
  
  96:MIn5NKjaILnYJX+myXjfaw17BLyHjLAHIIJUU/AUYYg8InG+d:N5NKjDrYJX+my7aw17UHjLAHIIJUUAW8
Score

1^/10
behavioral6 behavioral7
- Target
  
  lynx_core.js
- Size
  
  179KB
- MD5
  
  e7cfc2c0ca21ac6ed87869dbaf29afda
- SHA1
  
  b4db4af75b92b08408c8f0b9d9ac5ddd32d80b1d
- SHA256
  
  015c037a7efc9b28b6a55c6b1c18c1b71fed16e3ee1e630dd45906864ad709ec
- SHA512
  
  a51e1247a451d0f12872455d2425771a7ba335c79630ccb7e423c4cdbfb48be7b6402c7283602c812930d46f562999edef809e5215516c5f4e89bf3037d2455f
- SSDEEP
  
  1536:te01PJrNd3xF5KPIL0B/8kX9RHytxM9+Wn3Ocm3RzC4+KmbDEyJ7NRIY36Sq+HzM:3RJrZztUKC4+HIfSqL414T
Score

1^/10
behavioral8 behavioral9
- Target
  
  nd
- Size
  
  6KB
- MD5
  
  f6c6587ac2127318e57df26f29f9d92e
- SHA1
  
  b68b68ee5b2aa52d0e93a795ee83d0084eb3b4f1
- SHA256
  
  5a2c00182af9b6062876f1ebf9076a4f53bd78da5d59bcc8a9e51ffc0eb93a59
- SHA512
  
  3465e098e7c9f00873375c156d97417c6ae0328fbaab33796e498edf05f6b917cb2de31eea6a9b2b76c0c4798aca0aadb6b211e5c06563d637ce5220b3e30700
- SSDEEP
  
  96:BxEnFiv6dMo0mqOoLR9ooXo7GUGcbhWVevATWJ4:YnFi6eo0mqOovooXo7G2bhB8v
Score

1^/10
behavioral10
- Target
  
  slardar_bridge.js
- Size
  
  3KB
- MD5
  
  cc0a24c68fce308319dbb627a0836a35
- SHA1
  
  a19813e37b11803b940d9cc636aa9fa6510e42de
- SHA256
  
  751c84bc61085dd3baecfe3a51dd3d2f175ca3c5bd61f0c6bdac0817120a4e79
- SHA512
  
  576f30fca86a1bae7f4fd401c893685472395c39beef7cd0a5b1fe2010d594b77541187e6bf94e50cb477e4c8761af1fd557ddb0a61d2890436d1b7b79e10181
Score

1^/10
behavioral11 behavioral12
- Target
  
  slardar_sdk.js
- Size
  
  51KB
- MD5
  
  adc5dbfdfc9c87ce72f6f73f1809fd7b
- SHA1
  
  3b4233e9e367096cca64ba489172329af9887c4c
- SHA256
  
  5ca3eec94dec06c18431512cbcdcf3d920ce25cbc2774b498f8a1f41d1216027
- SHA512
  
  55e0a7f94f9e7816722b4cfa91f395bf5e418274f0a06b696dbd237f95e45e6da271fd10df21981548dec0fe008c23850eeeeace7752aad2a528dff740c1526b
- SSDEEP
  
  768:x8Z9bbDO4P6/JkK3eqB/jYYzVpKmeu8E3B/6d0:xOW/mK3/jY2
Score

1^/10
behavioral13 behavioral14
- Target
  
  template.js
- Size
  
  131KB
- MD5
  
  dc81f87fea004f156041a43a941d1283
- SHA1
  
  f9877561bcf371421a8672453f5f492a4595813d
- SHA256
  
  54f4fdc9885db4ad3e66e623b5e79e2f9ca0b842cb8facd3c38e108cee1cc6d6
- SHA512
  
  efe4c1bcd913ab08307032f75f7f03db48fa2b4ee0a18c33cd2463cf0a49d81f9d766c0d628fe170e94e43fef3d488a6a3fb1309b78bc40b0c2ee3aac24febcb
- SSDEEP
  
  3072:NUhk+e1Iif77WeCtQC13g/gpMmlOFsy4rU1vxC/u:keCtQC6/ywFB4KE/u
Score

1^/10
behavioral15 behavioral16

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hydrabankerinfostealertrojan

behavioral2

hydrabankerinfostealertrojan

behavioral3

hydrabankerinfostealertrojan

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16