hydra | 1ebdbd1ae10055d0dc0d56944788df673b866d6fdcf9d9b071b9a5d8798d6dda | Triage

Sharing

General

Target

1ebdbd1ae10055d0dc0d56944788df673b866d6fdcf9d9b071b9a5d8798d6dda.bin
Size

3.3MB
Sample

231013-fc8hraec8w
MD5

8530ca90408626a621b4d13993f693fe
SHA1

12fccd12017eaa691d5decc67587807972214518
SHA256

1ebdbd1ae10055d0dc0d56944788df673b866d6fdcf9d9b071b9a5d8798d6dda
SHA512

d7fb121cc8db08a0692c2cb5fc7757215333ea59079cbfb9cd5680e8bca2de85c3d1fb7af43b402c94f1d60a6926da8e795c430628165ada0ebe5b211e418e6b
SSDEEP

98304:eYt86ltxMwBlAVKKF8EfRtG/tTHBbsngT:xt86nxbBSlpRtGBl

Score

10^/10

hydra android banker infostealer trojan

Malware Config

Extracted

Family

hydra

C2

http://carmonuletusoaszs.net

Targets

- Target
  
  1ebdbd1ae10055d0dc0d56944788df673b866d6fdcf9d9b071b9a5d8798d6dda.bin
- Size
  
  3.3MB
- MD5
  
  8530ca90408626a621b4d13993f693fe
- SHA1
  
  12fccd12017eaa691d5decc67587807972214518
- SHA256
  
  1ebdbd1ae10055d0dc0d56944788df673b866d6fdcf9d9b071b9a5d8798d6dda
- SHA512
  
  d7fb121cc8db08a0692c2cb5fc7757215333ea59079cbfb9cd5680e8bca2de85c3d1fb7af43b402c94f1d60a6926da8e795c430628165ada0ebe5b211e418e6b
- SSDEEP
  
  98304:eYt86ltxMwBlAVKKF8EfRtG/tTHBbsngT:xt86nxbBSlpRtGBl
Score

10^/10

hydra banker infostealer trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Hydra payload
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests enabling of the accessibility settings.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Reads information about phone network operator.
behavioral1 behavioral2 behavioral3
- Target
  
  tcaptcha_webview.html
- Size
  
  2KB
- MD5
  
  91da5d9997c1e6e88bb16013fd2972a4
- SHA1
  
  5678df78fe5f83ce2a0012246aa1bf9f625c5851
- SHA256
  
  15faa9670379fd4c06bff363d2eec13db8ec0c61a0d7e5b59cf6db7b84eda125
- SHA512
  
  f79bb52639cd1f6d889623c8204d9fb3b0d9669a966f48971911b39fe3a1bc95ba8285d24fec9a5e15f4e560471eadbc3eb431403f659e7fcba2f663a0e32cf1
Score

1^/10
behavioral4 behavioral5

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

hydrabankerinfostealertrojan

behavioral2

hydrabankerinfostealertrojan

behavioral3

behavioral4

behavioral5