hydra | a5ca7aaf8b5324b1414760517bef1517527f952cd1c2fac907c2f83d2e3e4bec

Analysis

max time kernel
3518895s
max time network
158s
platform
android_x64
resource
android-x64-arm64-20230621-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230621-enlocale:en-usos:android-11-x64system
submitted
07-08-2023 20:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a5ca7aaf8b5324b1414760517bef1517527f952cd1c2fac907c2f83d2e3e4bec.apk
Size

2.4MB
MD5

1b5f1dfe3bb361d3b49bbe6c257d15b7
SHA1

bb2fc3f5a9d83f57170e58e47d77406088ddca45
SHA256

a5ca7aaf8b5324b1414760517bef1517527f952cd1c2fac907c2f83d2e3e4bec
SHA512

59192b55fb440ccc2d53245b0eaebb5340712d26166ff258a584971ded7c5618d0653f6ac5b78467a8ef5f988397828b4cdcfc8c022e9d16939857c04b4e022b
SSDEEP

49152:A5fbH5QSQpB4QczFiziv6WmEcJ0S8o7jEho/TK5OW4N:A5fr63RczwzTnjDgWW5aN

Score

10^/10

hydra banker infostealer trojan

Malware Config

Extracted

Family

hydra

http://flocomonuncomunters.net

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Hydra payload 1 IoCs

Processes:

resource	yara_rule
/data/user/0/com.quiz.public/app_DynamicOptDex/SFTi.json	family_hydra

Makes use of the framework's Accessibility service. 2 IoCs

Processes:

com.quiz.public

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.quiz.public
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.quiz.public

Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

com.quiz.public

ioc pid process

/data/user/0/com.quiz.public/app_DynamicOptDex/SFTi.json 4527 com.quiz.public
Requests enabling of the accessibility settings. 1 IoCs

Processes:

com.quiz.public

description ioc process

Intent action android.settings.ACCESSIBILITY_SETTINGS com.quiz.public
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

62 ip-api.com
Reads information about phone network operator.

ioc	pid	process
/data/user/0/com.quiz.public/app_DynamicOptDex/SFTi.json	4527	com.quiz.public

description	ioc	process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.quiz.public

flow	ioc
62	ip-api.com

com.quiz.public
1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
PID:4527

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.quiz.public/app_DynamicOptDex/SFTi.json
Filesize
1.3MB

MD5
eb6455b79b9d97da49636f52f4115409

SHA1
d192c93bf516cd75a1d4926e13c0fb1b64f87ac3

SHA256
336d1293dd2e21ea145f437ca387a5c8d2ead20bb6c789335eec2bd161d4de62

SHA512
e470c2409b2357e870dfa243075188b3886e7b38096c123146932c1c45b9cd6a1f6390060a9515b928bf74748d3525b4e414e62a210bbea2273195970b31ae3a

Download Submit
/data/user/0/com.quiz.public/app_DynamicOptDex/SFTi.json
Filesize
3.6MB

MD5
1495b9ac312e2adad198b70e4b993969

SHA1
968fb1cf9bbdd52658f4a136f90ee6fe6c92d448

SHA256
fa172aba9fac5e75af6b90703fcbbf08074ff96aa9b1613d534a73bf1de36ad9

SHA512
645e9d664f36c486a80e3176e0ab1b8eaf77c74a10ac7c0e568bf79cb91d2c6a48f7a8edf2443e3dcec58873b8cabe6a83ad14ca84df8b350286a9e183f66ce4

Download Submit
/data/user/0/com.quiz.public/app_DynamicOptDex/oat/SFTi.json.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.quiz.public/shared_prefs/pref_name_setting.xml
Filesize
131B

MD5
d04118693bcfa411545e8648fb30d629

SHA1
0ad8f78158d5357312c7abf6aa810414936a6470

SHA256
2738bcff6bae1e34affe960cd4b11fb29c57f51bed1fa42ae3946db48176c565

SHA512
db9cbe51bf0479897ce9adb49889895505dc0b3cb0e945f068ff28957c259a72f33353610f83fc4d11f747764d6c27216da43c6c0ffe8a71d296f8973d2c6a7d

Download Submit