hydra

Sharing

Copy URL

Twitter E-mail

General

Target

d35d02cba96bd5cb9ef8e1eaa50a86eeb9e00cb5e345309471e8c28251efc125.bin
Size

2.8MB
Sample

231012-1wqr9scf21
MD5

161b718eac0fa3d2987d7ea37830d49d
SHA1

2504194ac8fdbc893ee81ee83ec268600913462e
SHA256

d35d02cba96bd5cb9ef8e1eaa50a86eeb9e00cb5e345309471e8c28251efc125
SHA512

7f9cf9deb05bd4342ebd77230ed09b8f99a29fb9a7e6c33d796e7788b8a958d0d493d068167a13c4617346c0c0f1d038b4fd8631b7926696be47f266a9ef6b86
SSDEEP

49152:PLzV33iA28pmNL+mbn112lZuF74jGCERrkD3jZsSAym4PMszFXK+VgrQ8a7W3++:PV33I9+2n1b54jRERrcSyQAFXK+Aa7WP

Score

10^/10

Malware Config

Targets

- Target
  
  d35d02cba96bd5cb9ef8e1eaa50a86eeb9e00cb5e345309471e8c28251efc125.bin
- Size
  
  2.8MB
- MD5
  
  161b718eac0fa3d2987d7ea37830d49d
- SHA1
  
  2504194ac8fdbc893ee81ee83ec268600913462e
- SHA256
  
  d35d02cba96bd5cb9ef8e1eaa50a86eeb9e00cb5e345309471e8c28251efc125
- SHA512
  
  7f9cf9deb05bd4342ebd77230ed09b8f99a29fb9a7e6c33d796e7788b8a958d0d493d068167a13c4617346c0c0f1d038b4fd8631b7926696be47f266a9ef6b86
- SSDEEP
  
  49152:PLzV33iA28pmNL+mbn112lZuF74jGCERrkD3jZsSAym4PMszFXK+VgrQ8a7W3++:PV33I9+2n1b54jRERrcSyQAFXK+Aa7WP
Score

10^/10

hydra banker infostealer trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Hydra payload
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests enabling of the accessibility settings.
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Reads information about phone network operator.
behavioral1 behavioral2 behavioral3
- Target
  
  .eslintrc.js
- Size
  
  2KB
- MD5
  
  9a2bc5883aaa0791d838d15543cc1b51
- SHA1
  
  46f8035b5835d18930687aea1da4e35e010921c1
- SHA256
  
  46b03860d744aeaebd384df7117b03a49bf637fe4395c4859a43a97746a591ea
- SHA512
  
  c96dd00e94cac3328c5cc94e40a8ef287d2df30886c5233aaeda2a09adb789f656a00e9ff7d086e077c7ff277d66e11373341393d955406179eed09377a8da77
Score

1^/10
behavioral4 behavioral5
- Target
  
  aboutConfigPrefs.js
- Size
  
  1KB
- MD5
  
  9e80af79734eb0fba75da162160543ac
- SHA1
  
  a63fb8cc6325d71382c09ce8da55a28821e4f48d
- SHA256
  
  30a6c05623016b39be6fc81771b66b30fa634f080f1aeee523311555450b80b0
- SHA512
  
  f3214b59d29a10c2e381c571c4463d8b267460990b23532bf093d76fbe8433a6e55b08baf69cbc032ec1a33e638aac607a9462fc55f457610e69ba0e84c43599
Score

1^/10
behavioral6 behavioral7
- Target
  
  avalon.js
- Size
  
  62KB
- MD5
  
  24259ea82804c9707fb87a971c6e3626
- SHA1
  
  1ca3849f51d8b9c1f79e9be7b14a4e1ed63c4956
- SHA256
  
  08638ae1b0f8f0e59ed47f23ae892fe5d793665f3a5148cb6a057a3f63a002fc
- SHA512
  
  f5ad171f339ba3b7dd202c79553219119ffd30599a79bd7dc81e92c567e715adb9d491117d47e954f5532983961f34dc1ba17b9f2fdae13a6e6b4abc66953a43
- SSDEEP
  
  1536:dsnipxENwitZyS5uIiNYYnkVRHBpjuJExjvrqx:QAsiNY+IPfW
Score

1^/10
behavioral8 behavioral9
- Target
  
  background.js
- Size
  
  5KB
- MD5
  
  038aba8214115b14280541eb6dae0f38
- SHA1
  
  3e43c9c677d7d0a60e80d3cba51d7ca03c49c442
- SHA256
  
  f9a06f3082f01ca3d9f5c923915d7309b327ed68e8d4542331fca6e557a07a96
- SHA512
  
  0fd9b20adac5a68f5bfdba2af51cfa067f141c91246808353133a821a486aa1c1d6a266ab370ed38ac7c83ade8bf674c6e50607ba83b15ceb787247f91e20fa2
- SSDEEP
  
  96:Azv5D5nW5eJpLJDo3fL2206G5fQ556MIXLbSzt5DWuQBg0cVCpT5f79FmW0uDMrz:Azv5D5W5eHpo3DdPG5fQ556MIX3S+BgZ
Score

1^/10
behavioral10 behavioral11
- Target
  
  browserInfo.js
- Size
  
  2KB
- MD5
  
  74d5000b49d875254896748d17da6fe8
- SHA1
  
  0d0687c2845f10d4fc8421bf6e0782a64b4fb1e0
- SHA256
  
  d75383ca0736c1b1db8e651b9301e4dd0fe8d6b88c12f3105e508f7af5cec309
- SHA512
  
  c1274f9b30069096a5b3e1c5ed37d14046aca9f8adebb899480cca295b00f754ca34d5ae8a4c612a3075bdf5bb9b6262c5cc34b0c66a69a627e4ce8115d77aba
Score

1^/10
behavioral12 behavioral13
- Target
  
  cxense.js
- Size
  
  16KB
- MD5
  
  ee187d6b44bed0511b19e3fc3929dd0b
- SHA1
  
  cc4d0e2bbef323fbc106abb1f1e9141bc48ad1e8
- SHA256
  
  f8c8c24c152c971c3732faf6acf005ddfc6e3e81e09cd0771019516bdb82bf77
- SHA512
  
  84472d26eb446cb3b620f5f2c179f489fcd8c4d990ae6007353212b5f33f4afaf6611ac5cd8f941039ba562a9280e8203dd72501e0489d3e4fbbf5dbc4a6248a
- SSDEEP
  
  384:qDWFCB/i+ekRH3KqVqNEJes8c07xEvzjPQr69Qeu9Q/YCk8c0Ss5w:RFCB/ifkRH3KqVwEJeX7QzjYrzCLBw
Score

1^/10
behavioral14 behavioral15
- Target
  
  facebook-sdk.js
- Size
  
  16KB
- MD5
  
  63199cda394b2271bf85cc677bfe443a
- SHA1
  
  bab5646ec82e13894d615e7e6e6f859889536db2
- SHA256
  
  6129f1feaa54682b96753e803210e32ff7ab1f4ad32dedf2363b6ff3359b1b27
- SHA512
  
  101900c3f074eb533abb084dbeaca000a54cd85bae0d8347eed47ecf41650431e98424643f129cb4e93ea6b4cd19cad7c750b9e7703818d73951c13b67d0aa53
- SSDEEP
  
  384:Ps5FfMCmA9SQM/Psw1A9uW1HVMJDXMlS3RpZxCoBwiLF:kh9SVjoHqXMA3dxCo+iLF
Score

1^/10
behavioral16 behavioral17
- Target
  
  google-safeframe.html
- Size
  
  839B
- MD5
  
  6325f815a40fe14ce28726e89811ac5c
- SHA1
  
  b2fdc5912d726cf90ead7e1a4503905478f7bc5c
- SHA256
  
  ebe18dfb583a23df1fa0e0a8d8710aecda2cf9ff2f17f890d11c9074ec635e19
- SHA512
  
  bad6603af3e80e7e66a97b29c2114cf8b617d919e7e43aefe48c59a01cb242f921c60bbf92b82de0aae5e849482237e6179fa5a37d350dee2922ab8e0002a2a9
Score

1^/10
behavioral18 behavioral19
- Target
  
  mask_frag.sh
- Size
  
  387B
- MD5
  
  9f1d977cabaef58dd9ace5a85c411d45
- SHA1
  
  fdc57f80881b492e305c48505c245a3211705530
- SHA256
  
  5331f0612a6c774a0c50de339f78fadb604711c60109906a0d44a6ecaa5c2dc8
- SHA512
  
  8ba72c46904b99f5dbc4ba33bc17a94c190d8f3fb2feb18a9d96042abf7eb2cfb6006254996ae313ae41d180cdc8a7b9860959de22a4f7ed9f780ab28c44b4bc
Score

3^/10
behavioral20 behavioral21
- Target
  
  mask_vertex.sh
- Size
  
  274B
- MD5
  
  106fc3540ca688b3f2f0a0018f321a64
- SHA1
  
  01f09b8eb07536696c8301924310aefa14d69395
- SHA256
  
  d087f2f4bc4840c8067bee22b11788d00d3c0d6f3099244cebe3105aa1503261
- SHA512
  
  e79c16f9bd30ca47c792829f523925dd5f9e784be9a64460e0a5e2d67fda45a467702745984c6ede5d73320fc9932086c948dcd45af8952ad8f89dc94375bb9e
Score

3^/10
behavioral22 behavioral23
- Target
  
  readability-0.3.0.js
- Size
  
  77KB
- MD5
  
  140a311daf12445df3b8d3b39cd31a94
- SHA1
  
  3ee80515eed46c4626513c0363165788787e885e
- SHA256
  
  fc600d60a7e7a730c3c208377bfe792dfe5399591906207980b24133ee8deee3
- SHA512
  
  e7d22d9e682eed13095437b05aff13bba7d3ebad1b54053cac3732c57fb422aac6c51ed3478ddbd7db80aa2c66ab6cbcafb265d9dfbc74110bfc962acb2dcbbd
- SSDEEP
  
  1536:6+cc4Gq/pUjtbRf+5Ioge9WOeJy4ezvdHf7A6WTVFyApvK4D1rWYMCaQGfAaBasT:6JOqB6bRfmIoAJynVNApvf1rWxv9pwsT
Score

1^/10
behavioral24 behavioral25
- Target
  
  shims.js
- Size
  
  27KB
- MD5
  
  fc7618bd8cdf0432e18418b3e6e1aa73
- SHA1
  
  f3fe88f53b2c2461965de99d75571444de7f996c
- SHA256
  
  4b5330e7b746e3133bba50f025463f5488c899816bc7eab02420c624f5491cd1
- SHA512
  
  df1249a5fd1b37d5cbfbd28ca46a497da7f895d1632752298e830964708bfcdabe73cce726cceebd3fef5c4bc8b54be359057544f97f2a242e04e07afe0a9fe9
- SSDEEP
  
  384:oGRDLu3wjn9TXvv6Jyk/QrRIYD94F43D/lhhAey5exQDQE:bn993qxuQp
Score

1^/10
behavioral26 behavioral27
- Target
  
  swiper-3.3.1.min.js
- Size
  
  76KB
- MD5
  
  ef26ece8a08c246e51a6ab9e74a36481
- SHA1
  
  d84f08102d199a30de8ee381e2cfcc70e76c6d4f
- SHA256
  
  3f625194922d4ad60239b2ffee8d3c49dc39ccb7a5754433f113c5ae2c3c8260
- SHA512
  
  399fdb158cd28bbb860b0c65e08faa7824352049980a54c6ad4cea6f89cc06a40a2e85db16057f3071246a4dbe4accb9c90757ef73b948ab6ee3c9f5ebcc59b0
- SSDEEP
  
  1536:WMRk/+Q3C53Kht5EDZZQCc8pG5yGI5mZkV7i:O/g3w
Score

1^/10
behavioral28 behavioral29
- Target
  
  tabExtras.js
- Size
  
  2KB
- MD5
  
  99cd569756e02c5e05427144e30a7de6
- SHA1
  
  01cb68bbe9b2074fba12a9ceed74f01046c47fd2
- SHA256
  
  c1caea20c3c6d39d3554b134a9c09e3a797677dc8067511462530489c0e5c7f0
- SHA512
  
  764333d2b3327eeea97ba2d458a322cb84ce94d33339381246f2baca0e097d4e222ccd27ea5ba3a606bdf711e58c2ee1e79280a1c6405472c664711dc4f0a2cf
Score

1^/10
behavioral30 behavioral31
- Target
  
  tabExtrasActor.jsm
- Size
  
  3KB
- MD5
  
  3c90a59178ed244e737a67d47214d0b2
- SHA1
  
  e43221aee798cf11df7f178594f4717a24350d51
- SHA256
  
  0d5fb8a7b34c3ec58339ef9dbee92cc2790c4f0a043c5f49fca4952b914cff69
- SHA512
  
  018221379dd4064bd236cf501d07df7a32f9f0838c2bab6a2bcf000ba86c79e4ff9bfbc332befefcfd93d383ded2a42104498da63e1fed3c79c9f1b8e5efe3d8
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Hydra payload

Makes use of the framework's Accessibility service.

Loads dropped Dex/Jar

Requests enabling of the accessibility settings.

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Reads information about phone network operator.

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32