hydra

Sharing

Copy URL

Twitter E-mail

General

Target

b59d43079747f8f280d0f2080cbee060e9fb7d3e0ccdd2882f6f5ffcac350efc.bin
Size

3.2MB
Sample

231013-fc9e2sec8x
MD5

28e8e9410267495b26dac4e384d7d738
SHA1

35e4c10b45c3354a32cd8e57bf1884e06a42988b
SHA256

b59d43079747f8f280d0f2080cbee060e9fb7d3e0ccdd2882f6f5ffcac350efc
SHA512

073140a03ee40e9589a40c0c9fff205c60e9aef333989ddda01aa43bf1e6cb708e756a00edc8ccd2b6fb9d247d17f0763c1603ff4b46226d0cf4c45e583a4c99
SSDEEP

98304:WeBihQKs25/JKqFA3jA0VQMULcIyEJmdzFTUFqdtCryR:XZkKqF6A0VQ7JyEJGzmqvCGR

Score

10^/10

Malware Config

Extracted

Family

hydra

http://polkamoturnos.com

Targets

- Target
  
  b59d43079747f8f280d0f2080cbee060e9fb7d3e0ccdd2882f6f5ffcac350efc.bin
- Size
  
  3.2MB
- MD5
  
  28e8e9410267495b26dac4e384d7d738
- SHA1
  
  35e4c10b45c3354a32cd8e57bf1884e06a42988b
- SHA256
  
  b59d43079747f8f280d0f2080cbee060e9fb7d3e0ccdd2882f6f5ffcac350efc
- SHA512
  
  073140a03ee40e9589a40c0c9fff205c60e9aef333989ddda01aa43bf1e6cb708e756a00edc8ccd2b6fb9d247d17f0763c1603ff4b46226d0cf4c45e583a4c99
- SSDEEP
  
  98304:WeBihQKs25/JKqFA3jA0VQMULcIyEJmdzFTUFqdtCryR:XZkKqF6A0VQ7JyEJGzmqvCGR
Score

10^/10

hydra banker infostealer trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Hydra payload
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests enabling of the accessibility settings.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Reads information about phone network operator.
behavioral1 behavioral2 behavioral3
- Target
  
  bootstrap.min.js
- Size
  
  76KB
- MD5
  
  3b0446cf80dff3a0292be13d4f039ab9
- SHA1
  
  332220a2e33a59c9d27bf8199aeaa548a8dc9341
- SHA256
  
  c91b210d922dfc5d18976c860c280de44c14777097e279500da8fbb06b4aea6b
- SHA512
  
  9501918e786ba1433a1f55dd44f856711e063b3f6f66b680d734258b25239e53c003b93a2a44297aa701b1777c248c8b0614f30f311504a2692838a653d59f75
- SSDEEP
  
  1536:itAs7TPR2t4qqDMi/GgSe7hyuvsnKjIx8L0Sem49MVcUzo:Yx/XIe0Sem49t
Score

1^/10
behavioral4 behavioral5
- Target
  
  epl1.html
- Size
  
  12KB
- MD5
  
  3e7834963816ca77838268576a8b74b0
- SHA1
  
  5ffc057313b98733454f70b111bab2dfd3dc583d
- SHA256
  
  100060f98b85e04f3c5b5b4f9be014396b7247ba3bb142c806556618dc3c482d
- SHA512
  
  fb33d7aeb25c74b83d5bf6eeca35ca6781e95115c9e9bf086ee326df14c6f4a4c42bfbdf990b3339cb783c4b0b9d7d5ad6dffcb680a43567a85d8e96c49be10f
- SSDEEP
  
  192:lanSWw8dYMuH9OJ6wBnmJht5NFY1khHVh5zxQumM9cupXXfxZe1rJJ:l6SIKWHODY121Rmxsf6L
Score

1^/10
behavioral6 behavioral7
- Target
  
  gpl_3.html
- Size
  
  33KB
- MD5
  
  5851f1dcf33b54befced1f620808e985
- SHA1
  
  315b4e8585e7b3dd295cd6ae14acaa7317e949f0
- SHA256
  
  ec7755520ab49908e26961200839cb5716f483bdcbb6678a23b425196ffb499b
- SHA512
  
  ffbdc7389cfba218e3e752282e953b2f9088be4e138e27f73b1a48ce0fc6331c30bfb88f392b7519c15ea27fb34d6383401f91edfee24d6a1e27ecd2e606bf86
- SSDEEP
  
  384:Hbslv0tYdMy1Ic73GAvV+XbTQ25IT3MkZDHXSkPO/aWCGBBm0LLfCgJCJnePxa9Q:HbsBRnIcJCQTckZDHXria9Mm0PC5eA3S
Score

1^/10
behavioral8 behavioral9
- Target
  
  howto.html
- Size
  
  1KB
- MD5
  
  66ed1495a988b3041c43dcb6be845f06
- SHA1
  
  71df8f01c5383c0b4ff944c4f658c67f13df019a
- SHA256
  
  6ef817130ad84e1ab11b6124f2223ab17277e6942a79f95d62f150bf5dc6faeb
- SHA512
  
  167ec0507083e7f0bd1233d5b0079fd0df4ae9d5d7ef698ca78b82a028ecbd4d1b8f4ad1958c7d972dc185c544a577c9a05d8c66c322cfa70d9ab09d7081fbdf
Score

1^/10
behavioral10 behavioral11
- Target
  
  jquery-2.1.1.min.js
- Size
  
  82KB
- MD5
  
  e40ec2161fe7993196f23c8a07346306
- SHA1
  
  afb90752e0a90c24b7f724faca86c5f3d15d1178
- SHA256
  
  874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
- SHA512
  
  5f57cc757fff0e9990a72e78f6373f0a24bce2edf3c4559f0b6fef3cf65edf932c0f3eca5a35511ea11eabc0a412f1c7563282ec76f6fa005cc59504417159eb
- SSDEEP
  
  1536:kPEkjP+iADIOr/NEe876nmBu3HvF38Nd+uJO1z6/A4TqAub0i4ULvguEhjzXpa98:7NMnJiz6oAQKP5a98Hrh
Score

1^/10
behavioral12 behavioral13
- Target
  
  keyboard.ts
- Size
  
  9KB
- MD5
  
  799cab0bf6867cb9ee977b2b21ca0431
- SHA1
  
  4f94e15287610b763d463d3842fb6d44c8199c21
- SHA256
  
  1da580aad511ba7a4de65e697428aa793165cfda5cbc238f69cd05990fac569b
- SHA512
  
  bde400737c48100116e9d8dd063d261662f5cebb0d5d888f643b1d2fee637c2e907465e21e31765553a84ea1fa93824279ccf2942d5588b2b86a4d216cfe167a
- SSDEEP
  
  192:oKKtei1aC7mdEzpM5X4NwSr/ynd3X37Pqssk4Yo13ZikEyb1isFtR:oKKteigZP5y54dnjqs34Yo13wkEyb1io
Score

1^/10
behavioral14 behavioral15
- Target
  
  mit.html
- Size
  
  1KB
- MD5
  
  2b59448d2bf91d9936df3d3d99512ed4
- SHA1
  
  07db88895c80a16dc12c7792feb8b515e883b3e2
- SHA256
  
  afe4673d52c4a4124ada793652da0c69f93dcde8ca89c0ee82ff17d34c5c9139
- SHA512
  
  c7efc4a9bba5b3212db627e00a85cd736aa872e30f9eaffe7161a89cf0c8eb2d8b337ebf0009000b7a165bc8e4e6498c237925e7649151138ab499d092df0784
Score

1^/10
behavioral16 behavioral17
- Target
  
  mpl2.html
- Size
  
  17KB
- MD5
  
  ea5774e8329852655bb7200eadc27752
- SHA1
  
  b2276a8ef099ac79566dfdc7f10185391623e8ca
- SHA256
  
  8a6321ff9c6cff54621744534fb98232e09994c80c305b9fb5f6d70e8c9b84e8
- SHA512
  
  9eb04c4effacf9b6eb36f2fd28e0ee7d9487748aaf801d4c9df9ccc5f0dbe25384e46a140c0181a77d1d704ed5c6c3754c6fd6a4ad4def472c13aeeeac9ebec6
- SSDEEP
  
  384:/6HmBmFwcg8UJsqsQInUdaebkIABBDrR8GzAi7W:/6qmwL8oxb6BhR8GUi7W
Score

1^/10
behavioral18 behavioral19
- Target
  
  mraid.js
- Size
  
  40KB
- MD5
  
  6c5dc1711df01a9d43b5777cb790f852
- SHA1
  
  a848e140eb214102bf4bf7cc43ed47e62a48dfc3
- SHA256
  
  a14616848262f5ed49f0727c4dc40b95df7c2e3d145c4bed91d3a1183d9e9399
- SHA512
  
  00d4f7897c3d7f4c6d53fbad32addc97ccfdb781d7792e775c51e385fb90b43694d74bfd7e82dce6ea5c185fb91143f8a01bc4408a3f73bd394091d54031eaff
- SSDEEP
  
  384:EYSdGfT2QJIGCOIyzuP2QESHmz/SXZ3hsyGENyyFXHjFeYSpyObjw7NLhdlrdT97:RXaoyFX7SIXEmz
Score

1^/10
behavioral20 behavioral21
- Target
  
  mraid3.js
- Size
  
  33KB
- MD5
  
  ae298dd4c1116d1d30eb17a152da23c9
- SHA1
  
  a173dcb77aac246113719ce61330ae8590e18103
- SHA256
  
  39c4e050a9bf6df63d5c8ba592aeec0fb408fc319ca64c8ad545291994c99f76
- SHA512
  
  2b35f65ad78f0ed776c8377e8bc1c1dc3c576953ae80ee3a372c90d3a324438dda6fd4353b4c552317803b1b2bc7b2509632a202152d71620dacdee072344fd5
- SSDEEP
  
  384:eqqirtUfUNi40m7HBSHC3fACmUAxUbhhMjHhhMhEFO:TqilAKHyU
Score

1^/10
behavioral22 behavioral23
- Target
  
  omsdk-v1.js
- Size
  
  39KB
- MD5
  
  f408c2f4c6e711f9e88ddf96080e51d2
- SHA1
  
  304fc64c0843826ca8e012b1936be80c2a3f170f
- SHA256
  
  da28b9fcd31070b16280936a036a0a320073f211f2a4920fd4aacf1743c5bb4f
- SHA512
  
  e87a6224aefc542815783462ffeede323c9223d72e58262a7747215429c35fd73e27bc9cced535ebaf80691bcedc5d32a3406fafebce57a7e00ed9cfe1e0649e
- SSDEEP
  
  768:X6kymXjv8pPXwfBKn3ySNCTTUpdkxs8oPq1KMIQ2/9vt5ZBFus9cAZhmUsadz6f4:X6kPXzps3/T8oPq1KMIQ2/9vt5ZBF59T
Score

1^/10
behavioral24 behavioral25
- Target
  
  privacypolicy.html
- Size
  
  7KB
- MD5
  
  78f32a9019f57a659d6371154c548a35
- SHA1
  
  a77668b9227cc859ac553eb658ea7754a9856649
- SHA256
  
  8182750a9334a3375dd0a2f277a50e70a50312ca49669938bc3bc73c242f0e9d
- SHA512
  
  81a2e99ebe1a7f72fce36b4df6bf5d15f1390cc6086aca84415ea515042b0218bee6bcb1eef0084508e05dc48923468dfad2ee2bce85fd8b12709533a30e7ff3
- SSDEEP
  
  96:MXJuq9eOOa5nKKEeXcgFFOgtIZ6y7PZwJZfx7VwxZuxYMH4Y2+WqI6VT3VCwp:MZuqgOOaQKEnGON6y6JR9kup2dSVjMwp
Score

1^/10
behavioral26 behavioral27
- Target
  
  ui.js
- Size
  
  3KB
- MD5
  
  aee241652edfd5d33eb388756e8d2ea5
- SHA1
  
  ecde94d86f65706034b251ff49fba95e1434d19c
- SHA256
  
  3bf2f553433370b95dff0f7b4a17030a51a0fd861a594e8f41fe98ff1e22fad0
- SHA512
  
  a9cafa741e6b37e5fd0125662e6de3384a4963578dbe8db34bcfb2e6cf1ff3914e086f2bf26459fe2b299d3667676d4e6fb9a9ad25feaa473fb6d80464224792
Score

1^/10
behavioral28 behavioral29

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Hydra payload

Makes use of the framework's Accessibility service.

Loads dropped Dex/Jar

Requests enabling of the accessibility settings.

Looks up external IP address via web service

Reads information about phone network operator.

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29