hydra

Sharing

Copy URL

Twitter E-mail

General

Target

a5ca7aaf8b5324b1414760517bef1517527f952cd1c2fac907c2f83d2e3e4bec.bin
Size

2.4MB
Sample

230807-zbec3aag3w
MD5

1b5f1dfe3bb361d3b49bbe6c257d15b7
SHA1

bb2fc3f5a9d83f57170e58e47d77406088ddca45
SHA256

a5ca7aaf8b5324b1414760517bef1517527f952cd1c2fac907c2f83d2e3e4bec
SHA512

59192b55fb440ccc2d53245b0eaebb5340712d26166ff258a584971ded7c5618d0653f6ac5b78467a8ef5f988397828b4cdcfc8c022e9d16939857c04b4e022b
SSDEEP

49152:A5fbH5QSQpB4QczFiziv6WmEcJ0S8o7jEho/TK5OW4N:A5fr63RczwzTnjDgWW5aN

Score

10^/10

Malware Config

Extracted

Family

hydra

http://flocomonuncomunters.net

Targets

- Target
  
  a5ca7aaf8b5324b1414760517bef1517527f952cd1c2fac907c2f83d2e3e4bec.bin
- Size
  
  2.4MB
- MD5
  
  1b5f1dfe3bb361d3b49bbe6c257d15b7
- SHA1
  
  bb2fc3f5a9d83f57170e58e47d77406088ddca45
- SHA256
  
  a5ca7aaf8b5324b1414760517bef1517527f952cd1c2fac907c2f83d2e3e4bec
- SHA512
  
  59192b55fb440ccc2d53245b0eaebb5340712d26166ff258a584971ded7c5618d0653f6ac5b78467a8ef5f988397828b4cdcfc8c022e9d16939857c04b4e022b
- SSDEEP
  
  49152:A5fbH5QSQpB4QczFiziv6WmEcJ0S8o7jEho/TK5OW4N:A5fr63RczwzTnjDgWW5aN
Score

10^/10

hydra banker infostealer trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Hydra payload
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests enabling of the accessibility settings.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Reads information about phone network operator.
behavioral1 behavioral2 behavioral3
- Target
  
  SFTi.json
- Size
  
  1.3MB
- MD5
  
  eb6455b79b9d97da49636f52f4115409
- SHA1
  
  d192c93bf516cd75a1d4926e13c0fb1b64f87ac3
- SHA256
  
  336d1293dd2e21ea145f437ca387a5c8d2ead20bb6c789335eec2bd161d4de62
- SHA512
  
  e470c2409b2357e870dfa243075188b3886e7b38096c123146932c1c45b9cd6a1f6390060a9515b928bf74748d3525b4e414e62a210bbea2273195970b31ae3a
- SSDEEP
  
  24576:dByO1dUjofyz06kh9+yyiie6U6ZQWC3EheDto0oSUhvS7jnEfpCBE2Tt:dRIuyzlyDiJU4yEEtoSUs7rEfMbTt
Score

1^/10
behavioral4 behavioral5
- Target
  
  actionsQueue.js
- Size
  
  14KB
- MD5
  
  02b28e8b78ee30fa36b451f59984e265
- SHA1
  
  4ed97513f394305e3fde9b217945a919cafc1181
- SHA256
  
  61de71f86447e698d48ca9e4f691c3bbbe3997f31323ea8441c3e5994092a09b
- SHA512
  
  e0e82b929c05670cba2d2fdb85a0092665648bc0a299546e80ef091d61fbca3e63fcb576443cd6c047f3eaa8d8443c61eeaf258fe56251cf83889a7a560dec57
- SSDEEP
  
  192:ylpi0RiSH+IGqSCz84o3SCFia31NsjIsjYxqi+MC/RSYFIF8zE4Ogtu69xIOHEMa:mNeICibDI94OnXgPKce
Score

1^/10
behavioral6 behavioral7
- Target
  
  mraid.js
- Size
  
  44KB
- MD5
  
  b8e2504def9c61f2d1350a6fb33c8ab6
- SHA1
  
  29b50211f8c1adce03de566dc04ab8e00a28b0a5
- SHA256
  
  3bc6833d3a84fae3e4a74ba05b12945e8cd76b5a9f2a1ff5ccffbf61cdb4ed3a
- SHA512
  
  ea33c05fa27aae50bf2b2424994e998bae86d32fa2c5b8f19f7cecb2f2c700e731c25721c38acca76155a9b485b84df6f6ee0f70aa6ae8ac3c326bf0f70403af
- SSDEEP
  
  384:QNeICibDI94OnXgPKLeALdCW/yi8Ld8U7mPO:QIIrbJKi
Score

1^/10
behavioral8 behavioral9
- Target
  
  omsdk-v1.js
- Size
  
  38KB
- MD5
  
  ad0804e22766a82341b4cbe639b526cf
- SHA1
  
  a1458ea624e10faaaf141db97d90ccfcb7f3c075
- SHA256
  
  4c61d4b14a471fe10f71845713be9417cfbd90222a41c9c8023e915a231a3be2
- SHA512
  
  a68e23dd287626a3670b1fd52a3cb18a158d3d7636b1a1bc473f61fb213f70a8488dc6c830ac53a3653f4457e74c71a2483992c3d2d69f586c89f810f2bb0907
- SSDEEP
  
  768:RRB6W8jP2VVh4gKqf3y6iPxjggbtoPqaK57Q2/9vt5ZBFus9cAZhmUs+2ZnIezGp:RRBv872zf3anxoPqaK57Q2/9vt5ZBF5J
Score

1^/10
behavioral10 behavioral11
- Target
  
  shape_01.svg
- Size
  
  691B
- MD5
  
  d20372ff49cbc552ba46c3d0e75d7bcc
- SHA1
  
  7e3fd9c5b99a7857fa4d8cd2447f405d2054d6cb
- SHA256
  
  e1dc2b963cac22f2b7d91148108b89131cacab682c7887665303c5bdb66a3ad5
- SHA512
  
  d4864d4f9086ef5ecfe4fd3819983d41500fe9f7e64d787130699b5bcaf09e501a2b3143ebbd3398062446cea650898f9f9ddcd9792ed41a10275a93323254dd
Score

3^/10
behavioral12 behavioral13
- Target
  
  shape_02.svg
- Size
  
  871B
- MD5
  
  b1f4cc6d1c954e73cc6e7d8b47c4db8f
- SHA1
  
  986ea9addedb45a0d3c8c6c70a636e870959b79d
- SHA256
  
  0b0c35ce63044f7756cf201f5978f44c439805e524c365ae9949994347487b79
- SHA512
  
  77d46d25ddf91c010f69ebad82800575b4cb0be4bc5e8199bd5d877a2e6a624e0f455268d8f26aaae2f5180a3c2b6dbe8bb782017c6e342960c1e7a26ae43d64
Score

3^/10
behavioral14 behavioral15
- Target
  
  shape_03.svg
- Size
  
  779B
- MD5
  
  8f9ecb2cd3049793539c46ee7944e909
- SHA1
  
  219d16f259268c617e5a51fe629422b1b27cd297
- SHA256
  
  08384b22c6e21884c41f2472773f93d0d9dd58ccd126c854ffc4ddfdcd4b3a3e
- SHA512
  
  031175aa290fc2d0f0307f5597593dff1355e269f29a0d964e923e4546b72600e0665ad56d737f3f90562152f66070d1ca8c9d15bcd811c37cfb25ac234722b9
Score

3^/10
behavioral16 behavioral17
- Target
  
  shape_04.svg
- Size
  
  828B
- MD5
  
  07377bd1a13bbec7af35e95af89b4245
- SHA1
  
  d2059d04e0072ba94d4267e8c220e56662422fec
- SHA256
  
  8a2ef1ac06c3071986fdc48a0e16934acc6cbbe73b8196d33d3c17d15798ef29
- SHA512
  
  8860e198ca78c09d135afc0852dc995ddfa9fa104c2dcfa55de4f20a31f134ebcc6af285d2112e8db7c0934607917dff62349806c62f29cf755b8ed3f63ddb51
Score

3^/10
behavioral18 behavioral19
- Target
  
  shape_05.svg
- Size
  
  471B
- MD5
  
  d088bfa4b1e206c8c5ed88405855f767
- SHA1
  
  1cc0925ff6a38384f466560cc86b1afcadbeb15c
- SHA256
  
  2f7924e1f2537622b8617a051765bd4fe57272e9f14a37f4bbe127269c522434
- SHA512
  
  d1ceda7c098a5934f1808d9b89bcb7fa8809a1f084e915ea0c12ee9070b854ae9d625eaccee3af3db5d50a07438eeb346b01ea73463fe5e34b988a7663321b79
Score

3^/10
behavioral20 behavioral21
- Target
  
  shape_06.svg
- Size
  
  1KB
- MD5
  
  f804c3c0fc87fae049b25a827c8af161
- SHA1
  
  445ad3b8c8d54a5ef32b25289d76907b4d32c9a2
- SHA256
  
  f51e36583711e18097f4526a3303cec7efa3609f96c8051a5eb4ad0c003abdab
- SHA512
  
  bdded52d78a6dfd4dd37327a752aef85cb9235a03702fec858696643b5d884970e3896b737dc1f894888ae6bc4e5b8ea2bfb7822b3ecfa87e34a7f25ffb33cc7
Score

3^/10
behavioral22 behavioral23
- Target
  
  shape_07.svg
- Size
  
  784B
- MD5
  
  d1bee0d28e01bd093c9ee30578b7fe78
- SHA1
  
  2a8fcb49d4d3db9bba638b7d28b4c4832f4b9509
- SHA256
  
  ac0512690b503d3ffeedada617e823d6406f3376b06f7b8f1f5db2abbc9a3686
- SHA512
  
  ccd64fadcfaa5ea02c586aeeac45e3169a685b4087e23f1fda26522b1286bba434b4431b337349ecfb1f3233aaf054aa8940ba9f03e973718d7a796da53d12c6
Score

3^/10
behavioral24 behavioral25
- Target
  
  shape_08.svg
- Size
  
  878B
- MD5
  
  fd27ff18671bd9933efa7d68dbf44943
- SHA1
  
  eae33d6920e9eafb83a5fb2af395382888b458e4
- SHA256
  
  c7680eccf1e8e90e2d21a0e2662a1a37498707018504cd532d2cfe911587b21c
- SHA512
  
  e362165c993f2907d90ab4a097da695824011cef12b11325e2ba98820332d74430f74d41282ef0b8df5f88cb4d0e3ba5f93a0f38785b3ccb298a67186321be24
Score

3^/10
behavioral26 behavioral27
- Target
  
  shape_09.svg
- Size
  
  768B
- MD5
  
  d27d23e513bd38323c5d0d2330ef3dcf
- SHA1
  
  4a25cabf4c9c56d2bd2c3c900d412794a01f67c8
- SHA256
  
  f50fe6ce471e0fed4114baef0576045b742c49bdd4b611c543e42521db5f2822
- SHA512
  
  3780e6b964cb462594166c2cea602a5473f83567f4cd09a94070499b700a8ef355392f5286bb9ace3b22fe7c066cac5ec4c47e287254cae329fc9accee488d64
Score

3^/10
behavioral28 behavioral29
- Target
  
  shape_10.svg
- Size
  
  715B
- MD5
  
  8545c9dc5c7522eb34ea8d9c68ad5837
- SHA1
  
  c9779b56acf305b9043e6dfdec028c9ed237c3ec
- SHA256
  
  5b636675810369b867dcc1ab60bdae914f55066319220ca108b6f672a66a35ef
- SHA512
  
  6fe3e65e4d090644e73a145d84e13df56f18149cc7240890764e08d64bdcb905df2e99b54f414307ab3d6eba081cb115c27839f4e2dd9eef6033d9f3e4bb62a2
Score

3^/10
behavioral30 behavioral31
- Target
  
  shape_11.svg
- Size
  
  754B
- MD5
  
  c3afcbd5b1c0a44d3a2fcb3022914660
- SHA1
  
  01926b15d96092a156099405a6e7fadfd9f01d73
- SHA256
  
  68be9c2482cd98defc5a883eac39155058dbfc1a42f132d072e11bde535f85f1
- SHA512
  
  a2e2b061f3368c118b4351658c542e9e71116d208d370ad7c86592c36dde254433e92af6ed4a515f1137c9bb0a49f8d83d00a9272a4280aca72e67cf23931dfb
Score

1^/10
behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Hydra payload

Makes use of the framework's Accessibility service.

Loads dropped Dex/Jar

Requests enabling of the accessibility settings.

Looks up external IP address via web service

Reads information about phone network operator.

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32