hydra | 817dd433f3854717f8923d0b91daa9616bf22872cf4f30f5278f63fc310a9693 | Triage

Sharing

General

Target

817dd433f3854717f8923d0b91daa9616bf22872cf4f30f5278f63fc310a9693.bin
Size

3.1MB
Sample

231014-1wm2dadh87
MD5

590f836626e83e163b57e9aaba3550f6
SHA1

c9c1a7ede7fd212ae42dd55314cefcb75d0d2da3
SHA256

817dd433f3854717f8923d0b91daa9616bf22872cf4f30f5278f63fc310a9693
SHA512

9e770d2483f0f3fe1c0c4f7544b89d77437f86fbffe4188c1399499c24dfd27348696abd9edc9803c399d76a6f77d641dd892b7c625f6f2f56844197f73ff365
SSDEEP

98304:g4tzA6xu3CtC+YiS7CdgF30Ky8mhQZfr5P:g4txxu3ACaS7Cc30KyWF

Score

10^/10

hydra android banker infostealer trojan

Malware Config

Targets

- Target
  
  817dd433f3854717f8923d0b91daa9616bf22872cf4f30f5278f63fc310a9693.bin
- Size
  
  3.1MB
- MD5
  
  590f836626e83e163b57e9aaba3550f6
- SHA1
  
  c9c1a7ede7fd212ae42dd55314cefcb75d0d2da3
- SHA256
  
  817dd433f3854717f8923d0b91daa9616bf22872cf4f30f5278f63fc310a9693
- SHA512
  
  9e770d2483f0f3fe1c0c4f7544b89d77437f86fbffe4188c1399499c24dfd27348696abd9edc9803c399d76a6f77d641dd892b7c625f6f2f56844197f73ff365
- SSDEEP
  
  98304:g4tzA6xu3CtC+YiS7CdgF30Ky8mhQZfr5P:g4txxu3ACaS7Cc30KyWF
Score

10^/10

hydra banker infostealer trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Hydra payload
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Reads information about phone network operator.
behavioral1 behavioral2 behavioral3
- Target
  
  createjs-2015.11.26.min.js
- Size
  
  186KB
- MD5
  
  1205efae277bfd4bfe5c75dbd1dfade1
- SHA1
  
  9160eadae861580ff961ddb1b365d16fe6bcfdcc
- SHA256
  
  d4267b6065b7a533bcb376478dc335444fc8d4019b1de2787e88fc488c95787a
- SHA512
  
  1a919cf78d197faeee50bb5b17298804acd7aea9f6c5ac6242ff62ab991cd06d1ad7f299d7052b58d654678f7f61172b8e63c4329f52eacbcaa97677d6954004
- SSDEEP
  
  1536:H4fYm38CwnLjOv+pWKE554MPTCBNmCuyE2aSXK53ptxBjESleWmePKeMcZ6i7VOL:sf1tMM2BNmBXtxBjESlF0t
Score

1^/10
behavioral4 behavioral5
- Target
  
  vpaid_html_template.html
- Size
  
  16KB
- MD5
  
  7d7cb3d6c22da954fccb084f6c18ee01
- SHA1
  
  529871b15146f802c1c1fe2342b31db9e328bb7b
- SHA256
  
  05cb7160ec6766397cacbfc5d57373edbcb028917d81e2f2d748e27086db23cf
- SHA512
  
  a73d034079dba15d38bd14ddb81afd8af51b31a5c80cd83346556e7ca7f2ec927511ec3c151abf7cdc108ac4671b7623066e0375b30536e1503125354fa1a15b
- SSDEEP
  
  192:mrLYJFkVvGFQshArPtP842+Lw1wOEeR6kad8bWXSrJEBOn8TsjNC4ck8aanlDTtI:8U42Fn9qW4+EQNuSXIlodo4
Score

1^/10
behavioral6 behavioral7
- Target
  
  webClipper.js
- Size
  
  14KB
- MD5
  
  d6b2fd4e3b6d19d03d953651bf20307d
- SHA1
  
  f390fe2bf68b626caba2c170646ffba2712fa456
- SHA256
  
  45d4279ef1c80ee5298d92bc6100496005e214873f9009397f609cde426aaf12
- SHA512
  
  8ab487a95f4de005d0516aceaa75d1e4150d6cb06e9b9d168a9d35547f62461a2520f46d2c43b1b87b7d0787be70fbcf7db3e3d44b1c802ec30c81a9d1907115
- SSDEEP
  
  192:rSpXZhkiH3dECDJd+GnnQwwHiUw8p78CyiiajhXan4f3fjwYd2amP6DmWatUZOb:odXdFPkb3rj0amP6DmWatUZOb
Score

1^/10
behavioral8 behavioral9

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

hydrabankerinfostealertrojan

behavioral2

hydrabankerinfostealertrojan

behavioral3

hydrabankerinfostealertrojan

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9