hydra | 88a50ba6ab5d4368b10010758cc4bedc99d76393239207a2da1626627bfe80aa

Analysis

max time kernel
3980715s
max time network
146s
platform
android_x64
resource
android-x64-arm64-20230831-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230831-enlocale:en-usos:android-11-x64system
submitted
01-10-2023 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

88a50ba6ab5d4368b10010758cc4bedc99d76393239207a2da1626627bfe80aa.apk
Size

3.1MB
MD5

b92e2c0f63b0a15e7ede358ae20a574e
SHA1

79fd1f97eb69e2950295d534b9bff14eb08dcba4
SHA256

88a50ba6ab5d4368b10010758cc4bedc99d76393239207a2da1626627bfe80aa
SHA512

5a59bc45c94141468babc95c817046be45381cc6061787021bc63abb0cc2657e2f2e24047f627a3ad504a625cb7e1ba92420ddd7d8919bb98f84b3572819c71a
SSDEEP

49152:bpUz3bbjQB/hP54SqbuczzN3tGuwhF8tWj8S2EyH8G7+sr3vJ7PonhuqfXab:bpUjjW/X4SqljkhFUHHJKsr3vJ7ghLfI

Score

10^/10

hydra banker infostealer trojan

Malware Config

Extracted

Family

hydra

http://porloausmountr.net

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Hydra payload 2 IoCs

resource	yara_rule
behavioral3/memory/4596-0.dex	family_hydra1
behavioral3/memory/4596-0.dex	family_hydra2

Makes use of the framework's Accessibility service. 2 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.jealous.pattern
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.jealous.pattern

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.jealous.pattern/app_DynamicOptDex/bWmC.json	4596	com.jealous.pattern

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.jealous.pattern

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
27	ip-api.com

Reads information about phone network operator.

com.jealous.pattern
1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
PID:4596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.jealous.pattern/app_DynamicOptDex/bWmC.json

Filesize
1.3MB

MD5
6f65b65e67121ffa30f2df0a1ab611c7

SHA1
2294f80a0abd2784e1def448df6f8095b2f56563

SHA256
b50ad898b07e66c6ea8cb265b27debd0b34f5e7b7c8f8da7d96c9d04abf500ae

SHA512
586fbda43ddbb04c1d2ea16338bcc93ffce8106f0a90c4531b5a8b5ab5ec6b680b15e18201ee1a0d7ec3c4c5a06ecc912d04ae98711bf98c4ea9848c34888684

Download Submit
/data/user/0/com.jealous.pattern/app_DynamicOptDex/bWmC.json

Filesize
1.3MB

MD5
d9c49539f3545439539256ed69c68113

SHA1
bba2be7f4de4a30111296995386e99525c3aaf6c

SHA256
2f47190b06a4dd9da217ce9da822a519847c1ada29deaeac2e7d3a00ce49d738

SHA512
36c71991cae1f3e67d43e7c1fb09349a7d674840c6ea6f4e7e49551cd81489de1453d4b9df75d6ed982ab72db8422e7dc6bd054bdca031876dd889490103a2c8

Download Submit
/data/user/0/com.jealous.pattern/app_DynamicOptDex/bWmC.json

Filesize
3.6MB

MD5
90db906dcdd598d34fe9c8d318eb9427

SHA1
07677d4434e7a2a4921bc5a0c9a6840c82216aed

SHA256
b9c5fb3b9ae2f495a7126d1562978628b16f6aa25c415dc752e2b9d21375970a

SHA512
9c831496481cd4c2065d4c8194b31ec5e098db968678838bf50ca4725fe77747c1c05e2209610f6a39c82742380dff32c04ccaba954c69ce4c1562624aea738b

Download Submit