hydra | a5ca7aaf8b5324b1414760517bef1517527f952cd1c2fac907c2f83d2e3e4bec

Analysis

max time kernel
3518827s
max time network
95s
platform
android_x64
resource
android-x64-20230621-en
resource tags

androidarch:x64arch:x86image:android-x64-20230621-enlocale:en-usos:android-10-x64system
submitted
07-08-2023 20:32

Target

a5ca7aaf8b5324b1414760517bef1517527f952cd1c2fac907c2f83d2e3e4bec.apk
Size

2.4MB
MD5

1b5f1dfe3bb361d3b49bbe6c257d15b7
SHA1

bb2fc3f5a9d83f57170e58e47d77406088ddca45
SHA256

a5ca7aaf8b5324b1414760517bef1517527f952cd1c2fac907c2f83d2e3e4bec
SHA512

59192b55fb440ccc2d53245b0eaebb5340712d26166ff258a584971ded7c5618d0653f6ac5b78467a8ef5f988397828b4cdcfc8c022e9d16939857c04b4e022b
SSDEEP

49152:A5fbH5QSQpB4QczFiziv6WmEcJ0S8o7jEho/TK5OW4N:A5fr63RczwzTnjDgWW5aN

Score

10^/10

Family

hydra

http://flocomonuncomunters.net

Hydra payload 1 IoCs

resource	yara_rule
behavioral2/memory/4780-0.dex	family_hydra

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.quiz.public/app_DynamicOptDex/SFTi.json	4780	com.quiz.public

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
54	ip-api.com

/data/user/0/com.quiz.public/app_DynamicOptDex/SFTi.json

Filesize
1.3MB

MD5
eb6455b79b9d97da49636f52f4115409

SHA1
d192c93bf516cd75a1d4926e13c0fb1b64f87ac3

SHA256
336d1293dd2e21ea145f437ca387a5c8d2ead20bb6c789335eec2bd161d4de62

SHA512
e470c2409b2357e870dfa243075188b3886e7b38096c123146932c1c45b9cd6a1f6390060a9515b928bf74748d3525b4e414e62a210bbea2273195970b31ae3a

Download Submit
/data/user/0/com.quiz.public/app_DynamicOptDex/SFTi.json

Filesize
3.6MB

MD5
1495b9ac312e2adad198b70e4b993969

SHA1
968fb1cf9bbdd52658f4a136f90ee6fe6c92d448

SHA256
fa172aba9fac5e75af6b90703fcbbf08074ff96aa9b1613d534a73bf1de36ad9

SHA512
645e9d664f36c486a80e3176e0ab1b8eaf77c74a10ac7c0e568bf79cb91d2c6a48f7a8edf2443e3dcec58873b8cabe6a83ad14ca84df8b350286a9e183f66ce4

Download Submit
/data/user/0/com.quiz.public/shared_prefs/pref_name_setting.xml

Filesize
131B

MD5
e3e3abcb10d8a6f31eca2f03df36b545

SHA1
3865b38216a776ac257b5707e4dbba712b8ac46b

SHA256
5d5c5f26165b375f2f9af493222f5e9dc786c280d05653a5f919d17e347b9fed

SHA512
7e6c99c4c148a5a603858c360b009d696fed60d4d34cee3816cd2760046a8118169502339382345ed84076c0ede5e35ba60b16bf1246afefcd07d81a987aecdf

Download Submit