hydra

Sharing

Copy URL

Twitter E-mail

General

Target

88a50ba6ab5d4368b10010758cc4bedc99d76393239207a2da1626627bfe80aa.bin
Size

3.1MB
Sample

231001-1w7qsaff27
MD5

b92e2c0f63b0a15e7ede358ae20a574e
SHA1

79fd1f97eb69e2950295d534b9bff14eb08dcba4
SHA256

88a50ba6ab5d4368b10010758cc4bedc99d76393239207a2da1626627bfe80aa
SHA512

5a59bc45c94141468babc95c817046be45381cc6061787021bc63abb0cc2657e2f2e24047f627a3ad504a625cb7e1ba92420ddd7d8919bb98f84b3572819c71a
SSDEEP

49152:bpUz3bbjQB/hP54SqbuczzN3tGuwhF8tWj8S2EyH8G7+sr3vJ7PonhuqfXab:bpUjjW/X4SqljkhFUHHJKsr3vJ7ghLfI

Score

10^/10

Malware Config

Extracted

Family

hydra

http://porloausmountr.net

Targets

- Target
  
  88a50ba6ab5d4368b10010758cc4bedc99d76393239207a2da1626627bfe80aa.bin
- Size
  
  3.1MB
- MD5
  
  b92e2c0f63b0a15e7ede358ae20a574e
- SHA1
  
  79fd1f97eb69e2950295d534b9bff14eb08dcba4
- SHA256
  
  88a50ba6ab5d4368b10010758cc4bedc99d76393239207a2da1626627bfe80aa
- SHA512
  
  5a59bc45c94141468babc95c817046be45381cc6061787021bc63abb0cc2657e2f2e24047f627a3ad504a625cb7e1ba92420ddd7d8919bb98f84b3572819c71a
- SSDEEP
  
  49152:bpUz3bbjQB/hP54SqbuczzN3tGuwhF8tWj8S2EyH8G7+sr3vJ7PonhuqfXab:bpUjjW/X4SqljkhFUHHJKsr3vJ7ghLfI
Score

10^/10

hydra banker infostealer trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Hydra payload
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests enabling of the accessibility settings.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Reads information about phone network operator.
behavioral1 behavioral2 behavioral3
- Target
  
  core_wrapper.js
- Size
  
  5KB
- MD5
  
  2558e92bdb03c3e4685d4320a7cbe715
- SHA1
  
  9feff7ec75024ba6d9753ea233ffbe0b7bc04bf7
- SHA256
  
  99a17d18531953e748103eb021738a42eb9fe675532a4d42441d3bc34e048bc8
- SHA512
  
  83409561241255be24558f6b238f1687ea7f703d6950a8ad54ff4c50aa9c62af490b74e9b60379ff074b92942bf4752a653a19c4da2b554ac59ecfa0f5fad9f3
- SSDEEP
  
  96:MIn5NKjaILnYJX+myXjfaw17BLyHjLAHIIJUU/AUYYg8InG+d:N5NKjDrYJX+my7aw17UHjLAHIIJUUAW8
Score

1^/10
behavioral4 behavioral5
- Target
  
  faq.html
- Size
  
  6KB
- MD5
  
  4f033fe746d505abfec1509cd2fe1f3d
- SHA1
  
  e5500741109c4d1c98ed64487d14b7a44a2561a6
- SHA256
  
  453aac1c4afe04028cf46d4ad48da0bf7e6877adb7b5bf3d40e81cfe11b566d7
- SHA512
  
  32f01e9be7e7addd654719d950390c10a633bec8ac248360d3e4b8e121e86fb4de8c81a81d212474dd05ee67e1f5840a4dac8c031b6a39bdeb3260d089acb7cb
- SSDEEP
  
  96:nncFbA5FdzBXUHcMiZmxDHkC5EX8cyqmriC5yEXEyQ6TL3RpF:nncFbWXUHl/xRov0EyX3N
Score

1^/10
behavioral6 behavioral7
- Target
  
  help.htm
- Size
  
  53KB
- MD5
  
  883888def347f0db8dbdec1fe82be5c9
- SHA1
  
  f54280a3690f373a05cf438ca12c3e482bc1ed8a
- SHA256
  
  766c2b736da4683d0f7cd5927cab1441dc13bca47af33b0911d5aaaa70da6ab2
- SHA512
  
  4538af3b0b7b2786461d37ca6e3b93290ff9d6a6b7820f7dd3bf3840414c06e0c271786a91e5164d8767ecc66645f9a09599af661ddc39384717dbb80d9cc546
- SSDEEP
  
  768:FWAtJoDQSUPSEXVe5wSsRz1K4I8Cnsro7:b6kxPSGowS+E4I8Wsa
Score

1^/10
behavioral8 behavioral9
- Target
  
  help_cs.htm
- Size
  
  54KB
- MD5
  
  22d33848ee6cae8aa8c1e90bdcd65226
- SHA1
  
  982e9769391e13507289928289f11aa6e5b6c91b
- SHA256
  
  b8a728e6bd697922bc23732cd444d25697d418ec6fd7a8cc322029cd71670148
- SHA512
  
  25f1415f0b3e9c34fcd7f896b784d340622f74a7ff308c62da8961c1b7fa82f7ff038b54fed3d9a048a67039058d1c9f604f3be56f495288e417eacc034f7822
- SSDEEP
  
  768:/3AjqEZHfLqlREwa3CL+9pcYX/wXBSBHz114I8h9KQc3G6mq/zAIjRK0:/4qC/KEwan7/wXBSlD4I8h9KQc3GX0
Score

1^/10
behavioral10 behavioral11
- Target
  
  help_de.htm
- Size
  
  59KB
- MD5
  
  52e18bac42fb06e4116cdaee988e0661
- SHA1
  
  9d0ef32f76cab08d380ec1359e414fbbd1d207ae
- SHA256
  
  54d12be384ad0a78c68a416873338edf8ceb5601a20895ca6aef9360b0cd75e8
- SHA512
  
  8a2b4e11b1a368075b8871bf90517890c79dfa88ac2bc9b355af305fe134b6ec4c6d02a50d334ee3b734628f4a0f7df142fe30b5acbfd33abc9904cd48c485cb
- SSDEEP
  
  768:cklY6UHcqSlF+xUVPB6rKboSNzCWidlub1uaablOEhEs8e2gcaUrF20OzGJPCGdC:AH7SlFs2Pam9idlub4los8e3ZUrgVETC
Score

1^/10
behavioral12 behavioral13
- Target
  
  help_es.htm
- Size
  
  61KB
- MD5
  
  31772dae5e7e480072ed6d872134201e
- SHA1
  
  4c19adebf12a2aa4be9773ee4226fcbc79b89e84
- SHA256
  
  f088fe7faadb088d3f63ad8f6d6eea2d88abf4e7318e31e17dbe52d5e4f92707
- SHA512
  
  5f19c826336d100b5d104002eb0b35dbaf24889225630a3e9c31aeab3d77d912adaec0470d1d0fbd2e60956a11eaccbff385bd7d28ef8acf7dbccc9434fe8e2b
- SSDEEP
  
  768:hLYLmYEm9UhhJ6TJ5w7NKVwvTAybuosWqPOg+YS3+brRzf:hlYjikW7NKVwbootYXfS3Sx
Score

1^/10
behavioral14 behavioral15
- Target
  
  help_ru.htm
- Size
  
  58KB
- MD5
  
  0b8a2f9f0fefa77f9b5e53371195d732
- SHA1
  
  53cdd30958d2863ba976fa4e9e7ceabdd85ffb60
- SHA256
  
  88212e9f4c88a33b0147f5aa5dd3f8fa434707b1b925e3d45fb03366e909ec5a
- SHA512
  
  5b3f90561d9b819dcfa05ef463c2453786b7d4adddc9ea5d84b2b2ebc07106fd6aa3b906e04b386cda7103e22e10d5430e258983d2aaf8880c4230ef06894309
- SSDEEP
  
  768:PRtY5bm3l9Q/DVcYRTI3n81skx61fJBwghQg:p+5C3l8Pu3n81sFBAg
Score

1^/10
behavioral16 behavioral17
- Target
  
  help_uk.htm
- Size
  
  57KB
- MD5
  
  6f351ddb8050526c77850db00448d3c8
- SHA1
  
  dd253c3d52261d3504bfeadeee08266ab01da749
- SHA256
  
  6bf22746ea6b58743544aeebb5f47fdc690e19037d4702926567a69ad426c463
- SHA512
  
  e52e1b60b6866175249c33e5b72329c02d2a743673d6845d2ccc2051f4e77967367b095714c583d315ad03e849ab6877e958f6beb5314274e263bc03a8362551
- SSDEEP
  
  768:m6At7jfON+B88ArRwU5XG0uUOBiKaBb4JKpBbZM5XyZwhDmILSsb:1UOnrRwtfiKaBb4WXMoaqI2sb
Score

1^/10
behavioral18 behavioral19
- Target
  
  license.htm
- Size
  
  6KB
- MD5
  
  407f13382c8d7a039a9eaef44f79642e
- SHA1
  
  d16f70c6d1703efc33823ab385ceabd8447ac1bc
- SHA256
  
  657c157f78e360d37e2485f6245b4f87789ece5a2b150a4f4fe9fead0c6facd3
- SHA512
  
  213e32e5f04199153ad3702e8706b0399fdb8c683a47dfbde7dce8a91ef7786c7d43830eeaf5d03fade136a74ca0908eabd797be806d15c106a2e070579ada9c
- SSDEEP
  
  96:27r6shoCs4pHbHF0cRKKxUREEQAk5cVB54x/XHFCWFJYJzzTF3G3zVHCU:DsmQHbHxRKKME6FWXHZLsXTF3G3BCU
Score

1^/10
behavioral20 behavioral21
- Target
  
  mraid.js
- Size
  
  40KB
- MD5
  
  6c5dc1711df01a9d43b5777cb790f852
- SHA1
  
  a848e140eb214102bf4bf7cc43ed47e62a48dfc3
- SHA256
  
  a14616848262f5ed49f0727c4dc40b95df7c2e3d145c4bed91d3a1183d9e9399
- SHA512
  
  00d4f7897c3d7f4c6d53fbad32addc97ccfdb781d7792e775c51e385fb90b43694d74bfd7e82dce6ea5c185fb91143f8a01bc4408a3f73bd394091d54031eaff
- SSDEEP
  
  384:EYSdGfT2QJIGCOIyzuP2QESHmz/SXZ3hsyGENyyFXHjFeYSpyObjw7NLhdlrdT97:RXaoyFX7SIXEmz
Score

1^/10
behavioral22 behavioral23
- Target
  
  omsdk-v1.js
- Size
  
  38KB
- MD5
  
  068a1502b5c85368af0a863d2de2230b
- SHA1
  
  04622229d0a7fa0c66f8d43624f3365a0bd0d81f
- SHA256
  
  463080e38d9e1eb87cf8fdb9447d76b5b0e2ace83b04dc503820908765636306
- SHA512
  
  23fe8e1f40fa7e1d46fde168149f6cac79a23a6d75ca5a72a9b6e1eee7c1315e8c04c1f978cc7a350df124be1688b840a2f03cb406357cc10148396de5338037
- SSDEEP
  
  768:BVFKe8jgobTdXDKZO3OCy0PxjggF4boPq9KMIQ2/9vt5ZBFus9cAZhmUsaZf2ceE:BVFH8UoYO3uIn6boPq9KMIQ2/9vt5ZBZ
Score

1^/10
behavioral24 behavioral25
- Target
  
  playstore.htm
- Size
  
  4KB
- MD5
  
  b5761ec7f4412406c8f521379cbfe466
- SHA1
  
  621c6720da697ab81116bfdd6bf81d1c8ad5e7a1
- SHA256
  
  27b9dbf27f7d81fc3cb84c6b3b2430a14fcf78d82d351d38b92dd18537f0bc26
- SHA512
  
  e4115829d744cfe44891eb753c4b2ef042d6d5397e5138899ddcfbf9f5a7ac84f2a47af3ca496e11505ca501b8ccadd51b276adafa42d709525b337049d7ed4d
- SSDEEP
  
  48:mB79CNoW1ii1n8BfDaqDUMmckWmk1ZVEsMToZtME1NOar5McIp9AMF3Y:mB79C2WT16DaqAMv5ZxoMMUbMrHBFI
Score

1^/10
behavioral26 behavioral27
- Target
  
  privacy_cn.htm
- Size
  
  42KB
- MD5
  
  49b9a40f599b1089ad0b0394c47c1102
- SHA1
  
  d0b0fdb5f6596afedf37032eee87290683b911d3
- SHA256
  
  735ba8ee4875ef6529757139876824ac572d255b17db2c75a9887053fd0d9b16
- SHA512
  
  43a9be239f71d82efdd06855b9532c9a25a3cd9af3c41fbe407a6b10542bdfd1a3da76b154f0e5d6487a5b66a2521a3f88598982b190660301aef99cd03d5bb9
- SSDEEP
  
  768:XEqzEM+RdDBF/f51efzdYSFXKtrhs6WIssFXVqCrX8J/2ue5AFuanVzA+tZxMAXp:2jupQFX9As23Egvxj8TWK0HWZ4Mu
Score

1^/10
behavioral28 behavioral29
- Target
  
  totalcmd_datenschutzerklaerung.htm
- Size
  
  3KB
- MD5
  
  41cb1edf3388232ed16c7827671b6437
- SHA1
  
  0f48049463f07cbd9da8a8c32431e3cd398dec2f
- SHA256
  
  d4e95c717f4af725ace14cdcf249171f842186b56c365c9897c5f273ad41af57
- SHA512
  
  0c649466d7af3ea3c3985b94f44b5d689fab96226c7667fe798727faabe798edb92cbf8abcc67ec559377da7250c19fc15a116d09e3521c0445d2ee66585fd63
Score

1^/10
behavioral30 behavioral31
- Target
  
  totalcmd_privacy_policy.htm
- Size
  
  3KB
- MD5
  
  f5bd54f89d624a56a0368d1bf532c60b
- SHA1
  
  6fdb247506d811132bc5b51ffc1d82afeb6e72b4
- SHA256
  
  eb87dd5ca31a26b9d8a8bc650c324b49027d38242ffc71a89b04e0aae8b4cb4b
- SHA512
  
  8dc96be4781bb08b1dcbc3205f59eac592285e98a349a330301ab32e81a25beebd9224880215c62e431d9926c7ed0433e886b61730ada1012ca2f907fcceb263
Score

1^/10
behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Hydra payload

Makes use of the framework's Accessibility service.

Loads dropped Dex/Jar

Requests enabling of the accessibility settings.

Looks up external IP address via web service

Reads information about phone network operator.

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32