hydra

Sharing

Copy URL

Twitter E-mail

General

Target

b6b59a54d67199717390a8f67751019b65be5aa791c2a605a564c897e21fe90e.bin
Size

1.2MB
Sample

230807-zbbbeahc83
MD5

cf050524e311430413cf6e4f5bf4fd80
SHA1

bfdd6b22fd8c0a418212e4d1fc4c3009c55d070f
SHA256

b6b59a54d67199717390a8f67751019b65be5aa791c2a605a564c897e21fe90e
SHA512

bbe5b0f0c572205f59071a53532a24b50d236b14aca7c0a8e76b75cfa2f1ded6764e376ed1138651bf6b9cf3d6e89399d6848084cc8135c9db3a37ca8bdd082e
SSDEEP

24576:ykkkrRUhjjjiXC5p4RsRbfPJkxq5vKVMHzlnhJV3YY/DNXl:BRAjOCPRb3JkivKVIlnhJV3Fl

Score

10^/10

Malware Config

Extracted

Family

hydra

http://lanagarza441.lol

Targets

- Target
  
  b6b59a54d67199717390a8f67751019b65be5aa791c2a605a564c897e21fe90e.bin
- Size
  
  1.2MB
- MD5
  
  cf050524e311430413cf6e4f5bf4fd80
- SHA1
  
  bfdd6b22fd8c0a418212e4d1fc4c3009c55d070f
- SHA256
  
  b6b59a54d67199717390a8f67751019b65be5aa791c2a605a564c897e21fe90e
- SHA512
  
  bbe5b0f0c572205f59071a53532a24b50d236b14aca7c0a8e76b75cfa2f1ded6764e376ed1138651bf6b9cf3d6e89399d6848084cc8135c9db3a37ca8bdd082e
- SSDEEP
  
  24576:ykkkrRUhjjjiXC5p4RsRbfPJkxq5vKVMHzlnhJV3YY/DNXl:BRAjOCPRb3JkivKVIlnhJV3Fl
Score

10^/10

hydra banker infostealer trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Hydra payload
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Reads information about phone network operator.
behavioral1 behavioral2 behavioral3
- Target
  
  callout_11_shadow.svg
- Size
  
  2KB
- MD5
  
  a43eaf2037b2a882b41912e5bf68e3f4
- SHA1
  
  b1b73e482269c1c5370f7a6e4ab5a3b47d2c6373
- SHA256
  
  354cbc8433a0fb42c500fa7039f4c7254db20eb9f589f8866846f142c45d94c2
- SHA512
  
  5aa4640b5cc83376ae6f61c80bfe6e1aedd2e6eec2337f9478f4a5544cba6b1a09fd46cb4c93a8313d4843a7c42b498f610bf51ca90d476819088e8fd52b2c69
Score

3^/10
behavioral4 behavioral5
- Target
  
  callout_7_overlay.svg
- Size
  
  1KB
- MD5
  
  13da4f83c32b6af839f40448ad4093dd
- SHA1
  
  2dd817cbb6c2198c9b622bf8a4a4bd0f58c5980d
- SHA256
  
  22a5b339c8e15d0b1393e540966b414ca577f1e6c2c4682bef22e98f74e5a5d3
- SHA512
  
  3c5e37b7638099495ca3773edd1b4c780ceced0db68749c7c7437ad460ae765f1e3f952e146f7851a778f9dd32a5c7cce57ee616c0f015231b0071c9a39013cb
Score

3^/10
behavioral6 behavioral7
- Target
  
  callout_8_overlay.svg
- Size
  
  2KB
- MD5
  
  65a2809f038ffa4146cf59a57e6bb32d
- SHA1
  
  3b5e30bf5de229cbeb085e1ea355288d63ebea51
- SHA256
  
  8dc35b01684c284e85275509e698edea94e73f6e328732993a96b881f20eaaff
- SHA512
  
  2f792059b6aa0a1dd32924169fb9176e9c6523c6f17b17cbaa2486bb246b6f726e01717b47372d9558501cb2dc5f51c1564b7ce195bcde1769e07b3fb8a7879b
Score

1^/10
behavioral8 behavioral9
- Target
  
  callout_cloud.svg
- Size
  
  4KB
- MD5
  
  cd47d4b3192545c91fdddeae5adb3d8a
- SHA1
  
  8d389882bb4a501bd8d2c9690a023d0c808213d7
- SHA256
  
  8ec8ca9e56edab13c9b45aa0dc21a4970398ba6917efb981e4533cd510c56d58
- SHA512
  
  58f8482402652807229c3d5a563c785f4f85d6f768592521b951ade7555826f49f45e41881b1012c0350ee5aa77e0e4daa22f207e0fa3ddf3f06c16e49817ddc
- SSDEEP
  
  96:7OKfETG9jU7aGyVS0/K4TL+uhBj0HPDYKnCZB4qdP9:SoZuaGyg01TPhUzMd1
Score

3^/10
behavioral10 behavioral11
- Target
  
  callout_dest_bubble.svg
- Size
  
  1KB
- MD5
  
  5a1b792bf859e656807fb87228b66416
- SHA1
  
  21612430725df233bd8bd7e10ae17a33a7923429
- SHA256
  
  07c9841559f933977b9448e4ed5e18e3000666faa8768526136bccebefe8b104
- SHA512
  
  e908a8dd836b51193f62b60eda3a5371cb9f2548e0b792e90fe624e012c7d64c20c987ead14f591a1e59b7786eec31221f56148447ba8deb53082c7594462b25
Score

3^/10
behavioral12 behavioral13
- Target
  
  callout_shape_2.svg
- Size
  
  4KB
- MD5
  
  6dc1e0aa43dd2a582b24b6487605fb76
- SHA1
  
  c403b4c464908b8d740d03775742fdc72a6e8327
- SHA256
  
  f6ec4c71c9e3ebfc1d23691364cc5736a12c3180ad35e55f4f9dc0fa3ce03669
- SHA512
  
  3cced4fb52552f26f35eac6eacf8fc408b6f5e251984f486e203777b0889261db83ea127a97b5e53c246456c819b23b6d6209fec1bb3a6df5f173e66de370ce2
- SSDEEP
  
  96:7OKfvMkrs4v9rTicBaUTnpI5kS0nvVfiYPl9Cb7dMM/SAWicJPjiBwlH:SoT44Vp3hrnvVqY99CR/SAWicgwN
Score

3^/10
behavioral14 behavioral15
- Target
  
  callout_shape_4.svg
- Size
  
  1KB
- MD5
  
  828a7ba18fb29733210cccea82833faf
- SHA1
  
  0eab9f3bb7bb221a0d54a0da3379edfa80a713ed
- SHA256
  
  fad97a809483b5b59a783e811aea993048047ae6efee1f861233a63067b7a815
- SHA512
  
  ee5fea4dce25d0bc8ea471641e4bfaa3da2305b9be2c494ae8f444e44c65494764180b5412fa7192198280b2aff420c2a76eda41f036ee87a9eb246d2a067944
Score

3^/10
behavioral16 behavioral17
- Target
  
  callout_shape_5.svg
- Size
  
  3KB
- MD5
  
  3b6eb1ca75da44d8df15f66358aa7ed2
- SHA1
  
  6e43efdc6bb028ca022a2bc8bb005ad4f52f0d08
- SHA256
  
  dbac2601ec9c8909b1af9992c835313f62d2f6f8226e3e142136c8e3fa793f0a
- SHA512
  
  08f6e115d5b32e7d6c305be446f4ca9f803031486c6816a50ee981ab68f0d588247dc22f8048881e2319fcad2c935d1fcb2c25560a8a79a5500a97bf68963970
Score

3^/10
behavioral18 behavioral19
- Target
  
  callout_shape_6.svg
- Size
  
  795B
- MD5
  
  05756dcdfc425a86b875a296518e5e7b
- SHA1
  
  f672a1e93bfc33b727a0d453ef66a530dad0de6f
- SHA256
  
  314286468da8ded2d9baf6c2f6c172ae3926024d60efa1b4c2aa22b0155062c2
- SHA512
  
  b19f29e3265f3198037ad6e3d5cbda6d3bf9856df9f76553c83e057c0ce5e5e22848fb264c09fb270762bbf1b97efbfef57e7fcded5cc4e55bb654657389a2e0
Score

3^/10
behavioral20 behavioral21
- Target
  
  help.htm
- Size
  
  53KB
- MD5
  
  883888def347f0db8dbdec1fe82be5c9
- SHA1
  
  f54280a3690f373a05cf438ca12c3e482bc1ed8a
- SHA256
  
  766c2b736da4683d0f7cd5927cab1441dc13bca47af33b0911d5aaaa70da6ab2
- SHA512
  
  4538af3b0b7b2786461d37ca6e3b93290ff9d6a6b7820f7dd3bf3840414c06e0c271786a91e5164d8767ecc66645f9a09599af661ddc39384717dbb80d9cc546
- SSDEEP
  
  768:FWAtJoDQSUPSEXVe5wSsRz1K4I8Cnsro7:b6kxPSGowS+E4I8Wsa
Score

1^/10
behavioral22 behavioral23
- Target
  
  help_cs.htm
- Size
  
  54KB
- MD5
  
  22d33848ee6cae8aa8c1e90bdcd65226
- SHA1
  
  982e9769391e13507289928289f11aa6e5b6c91b
- SHA256
  
  b8a728e6bd697922bc23732cd444d25697d418ec6fd7a8cc322029cd71670148
- SHA512
  
  25f1415f0b3e9c34fcd7f896b784d340622f74a7ff308c62da8961c1b7fa82f7ff038b54fed3d9a048a67039058d1c9f604f3be56f495288e417eacc034f7822
- SSDEEP
  
  768:/3AjqEZHfLqlREwa3CL+9pcYX/wXBSBHz114I8h9KQc3G6mq/zAIjRK0:/4qC/KEwan7/wXBSlD4I8h9KQc3GX0
Score

1^/10
behavioral24 behavioral25
- Target
  
  help_de.htm
- Size
  
  59KB
- MD5
  
  52e18bac42fb06e4116cdaee988e0661
- SHA1
  
  9d0ef32f76cab08d380ec1359e414fbbd1d207ae
- SHA256
  
  54d12be384ad0a78c68a416873338edf8ceb5601a20895ca6aef9360b0cd75e8
- SHA512
  
  8a2b4e11b1a368075b8871bf90517890c79dfa88ac2bc9b355af305fe134b6ec4c6d02a50d334ee3b734628f4a0f7df142fe30b5acbfd33abc9904cd48c485cb
- SSDEEP
  
  768:cklY6UHcqSlF+xUVPB6rKboSNzCWidlub1uaablOEhEs8e2gcaUrF20OzGJPCGdC:AH7SlFs2Pam9idlub4los8e3ZUrgVETC
Score

1^/10
behavioral26 behavioral27
- Target
  
  help_es.htm
- Size
  
  61KB
- MD5
  
  31772dae5e7e480072ed6d872134201e
- SHA1
  
  4c19adebf12a2aa4be9773ee4226fcbc79b89e84
- SHA256
  
  f088fe7faadb088d3f63ad8f6d6eea2d88abf4e7318e31e17dbe52d5e4f92707
- SHA512
  
  5f19c826336d100b5d104002eb0b35dbaf24889225630a3e9c31aeab3d77d912adaec0470d1d0fbd2e60956a11eaccbff385bd7d28ef8acf7dbccc9434fe8e2b
- SSDEEP
  
  768:hLYLmYEm9UhhJ6TJ5w7NKVwvTAybuosWqPOg+YS3+brRzf:hlYjikW7NKVwbootYXfS3Sx
Score

1^/10
behavioral28 behavioral29
- Target
  
  help_ru.htm
- Size
  
  58KB
- MD5
  
  0b8a2f9f0fefa77f9b5e53371195d732
- SHA1
  
  53cdd30958d2863ba976fa4e9e7ceabdd85ffb60
- SHA256
  
  88212e9f4c88a33b0147f5aa5dd3f8fa434707b1b925e3d45fb03366e909ec5a
- SHA512
  
  5b3f90561d9b819dcfa05ef463c2453786b7d4adddc9ea5d84b2b2ebc07106fd6aa3b906e04b386cda7103e22e10d5430e258983d2aaf8880c4230ef06894309
- SSDEEP
  
  768:PRtY5bm3l9Q/DVcYRTI3n81skx61fJBwghQg:p+5C3l8Pu3n81sFBAg
Score

1^/10
behavioral30 behavioral31
- Target
  
  help_uk.htm
- Size
  
  57KB
- MD5
  
  6f351ddb8050526c77850db00448d3c8
- SHA1
  
  dd253c3d52261d3504bfeadeee08266ab01da749
- SHA256
  
  6bf22746ea6b58743544aeebb5f47fdc690e19037d4702926567a69ad426c463
- SHA512
  
  e52e1b60b6866175249c33e5b72329c02d2a743673d6845d2ccc2051f4e77967367b095714c583d315ad03e849ab6877e958f6beb5314274e263bc03a8362551
- SSDEEP
  
  768:m6At7jfON+B88ArRwU5XG0uUOBiKaBb4JKpBbZM5XyZwhDmILSsb:1UOnrRwtfiKaBb4WXMoaqI2sb
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Hydra payload

Makes use of the framework's Accessibility service.

Loads dropped Dex/Jar

Looks up external IP address via web service

Reads information about phone network operator.

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32