hydra | b6b59a54d67199717390a8f67751019b65be5aa791c2a605a564c897e21fe90e

Analysis

max time kernel
3518766s
max time network
51s
platform
android_x64
resource
android-x64-20230621-en
resource tags

androidarch:x64arch:x86image:android-x64-20230621-enlocale:en-usos:android-10-x64system
submitted
07-08-2023 20:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b6b59a54d67199717390a8f67751019b65be5aa791c2a605a564c897e21fe90e.apk
Size

1.2MB
MD5

cf050524e311430413cf6e4f5bf4fd80
SHA1

bfdd6b22fd8c0a418212e4d1fc4c3009c55d070f
SHA256

b6b59a54d67199717390a8f67751019b65be5aa791c2a605a564c897e21fe90e
SHA512

bbe5b0f0c572205f59071a53532a24b50d236b14aca7c0a8e76b75cfa2f1ded6764e376ed1138651bf6b9cf3d6e89399d6848084cc8135c9db3a37ca8bdd082e
SSDEEP

24576:ykkkrRUhjjjiXC5p4RsRbfPJkxq5vKVMHzlnhJV3YY/DNXl:BRAjOCPRb3JkivKVIlnhJV3Fl

Score

10^/10

hydra banker infostealer trojan

Malware Config

Extracted

Family

hydra

http://lanagarza441.lol

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Hydra payload 1 IoCs

Processes:

resource	yara_rule
/data/user/0/com.excite.vacuum/app_DynamicOptDex/yuUS.json	family_hydra

Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

com.excite.vacuum

ioc pid process

/data/user/0/com.excite.vacuum/app_DynamicOptDex/yuUS.json 4825 com.excite.vacuum
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

26 ip-api.com
33 ip-api.com
Reads information about phone network operator.

ioc	pid	process
/data/user/0/com.excite.vacuum/app_DynamicOptDex/yuUS.json	4825	com.excite.vacuum

flow	ioc
26	ip-api.com
33	ip-api.com

com.excite.vacuum
1⤵
- Loads dropped Dex/Jar
PID:4825

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.excite.vacuum/app_DynamicOptDex/oat/yuUS.json.cur.prof

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.excite.vacuum/app_DynamicOptDex/yuUS.json

Filesize
239KB

MD5
6db6360030535dbe7a25ec31f8d52e63

SHA1
7ca25dc4af543a29741dc609bb3486237be705e2

SHA256
bafd568eec04acdc89bb01ec6dd1dba0ca484487caa4b4f6c6aa80307d2483d0

SHA512
e5762d9f170d14b9391ef9881a13a402eba50de18e296e5010fd1b98634ba6944ea1066b5d4fbc2ef5499a067945cb2188962ebed1b600dea5e1deea909c133f

Download Submit
/data/user/0/com.excite.vacuum/app_DynamicOptDex/yuUS.json

Filesize
574KB

MD5
291a7fd599d7c94b8fb85a58b2326c79

SHA1
76c8563b0aab60d1333a836b4e7168bc243479b2

SHA256
18be2e790a556f4bd49aad5abcb389fde7eeb2d6ebbd523f3a42b33c4adfe29f

SHA512
c93464a8fd4104205ed94004520954ad706c8125463782d4e34a34d95146b4501b292a62a5df06c8e07d92de70914693c9c6747a3d52368bcacd34c301d215bb

Download Submit
/data/user/0/com.excite.vacuum/shared_prefs/pref_name_setting.xml

Filesize
131B

MD5
a3679996653d40d552003217a1c0a698

SHA1
023f49df8f07658882fd74d3e7e08cb0091a3a60

SHA256
99c2afd754f2d65ba6dd3db3a34dfb1743329dd185c327e94f80dc2f38f73435

SHA512
4bd3b5d863d2170922819be7bd8c43223476f599a01f8d71552c03c3749793467b3aec9db416faa8a231a412ba30a9f104662780630a856b65c797c8d74760fc

Download Submit