hydra | cf95fc04703d711dcdc8916535dc0a058966fcfa4ac758dc36699ae469bd90bb

Analysis

max time kernel
2796334s
max time network
157s
platform
android_x86
resource
android-x86-arm-20231023-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231023-enlocale:en-usos:android-9-x86system
submitted
06-11-2023 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cf95fc04703d711dcdc8916535dc0a058966fcfa4ac758dc36699ae469bd90bb.apk
Size

3.1MB
MD5

67aa789ed858a78f6ca1f7cb6f6411d7
SHA1

f67e857fdbada5c1dd929dfb552dc39eb82acd07
SHA256

cf95fc04703d711dcdc8916535dc0a058966fcfa4ac758dc36699ae469bd90bb
SHA512

54844aa9ebc73fdfe5b1bad25604da23d6edab24225c53a2e6bee1f9122594bc24baf82d2c285e3745c8f79e0abd7d24bb79748c19cfecb881a3ff67974bf6e9
SSDEEP

98304:WBeghwapHRr2Kf9utMb+sph0qtJpoBMI5l+bKXWM4R1:WBeRaLZFutMbJe4Ytl+2N4R1

Score

10^/10

hydra banker infostealer trojan

Malware Config

Extracted

Family

hydra

http://aykomediki.net

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Hydra payload 2 IoCs

Processes:

resource	yara_rule
/data/user/0/com.bulk.glue/app_DynamicOptDex/tI.json	family_hydra1
/data/user/0/com.bulk.glue/app_DynamicOptDex/tI.json	family_hydra2

Makes use of the framework's Accessibility service. 1 IoCs

Processes:

com.bulk.glue

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.bulk.glue

Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

com.bulk.glue

ioc pid process

/data/user/0/com.bulk.glue/app_DynamicOptDex/tI.json 4325 com.bulk.glue
Requests enabling of the accessibility settings. 1 IoCs

Processes:

com.bulk.glue

description ioc process

Intent action android.settings.ACCESSIBILITY_SETTINGS com.bulk.glue

ioc	pid	process
/data/user/0/com.bulk.glue/app_DynamicOptDex/tI.json	4325	com.bulk.glue

description	ioc	process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.bulk.glue

com.bulk.glue
1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
PID:4325

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.bulk.glue/app_DynamicOptDex/oat/tI.json.cur.prof
Filesize
1KB

MD5
4de565b5818ba2292b7772d806f84084

SHA1
4fdea2a154050c801bb6d02274cbc188defb977b

SHA256
fa5c9dbfd0afce008bda014c55062bc6b6451f2c83ff71c05b17ae8695b13519

SHA512
aa90e8a5fe1f511478623bb43dcde77653523822d8c53150ec344b6a1e237ec5120c883b2971862816884be097b3d7f49e8ecfbb94b0b7be09e1f2f93bde9dbb

Download Submit
/data/data/com.bulk.glue/app_DynamicOptDex/tI.json
Filesize
1.6MB

MD5
c0329676cccbbf125e09f01cfeaf9a8d

SHA1
3b5f4128551c3a86d0b66195ef7436dc2f3bc3b6

SHA256
12f215e2baa08da6de73ad16d5b7ff211b6b3cffbacfe16e27bcdbbc98991013

SHA512
e3563f00dc243e5d4f3a8308e4f3f1664ba0fb426f9b49aee89f50fdeca7287bc123aa7731dc40d361611a0903523fb91b5c9c806bd8fac0a3ef7cd4f7b450bc

Download Submit
/data/data/com.bulk.glue/app_DynamicOptDex/tI.json
Filesize
1.6MB

MD5
1ed8e655c29eabe5db0fee02dea33b7b

SHA1
dc2c8cffb373072c347fc6d9931dd9563cbe299c

SHA256
d89b6c62097f5fea0371b0a17cecdc307bbb6ddd7ac8cd443fe66a759166b882

SHA512
c14a759deea27f209188d8be113c4505772b7e8b36891059111888498cf6e3118b37b9198dd0ed529b7758d1bef2bb8a973e12a319f1918049471fb94d1482d2

Download Submit
/data/user/0/com.bulk.glue/app_DynamicOptDex/tI.json
Filesize
4.4MB

MD5
a4fd8805700bc5c9b41a892171b94c74

SHA1
f956690ac8025296df4e43a55205c159f9049ec6

SHA256
30c02a29fe3af4b305397e538ab66240d8a1c14eaf71f1633adb376647e521f0

SHA512
b1553d87b8b408a7355aa7e675e2b0ce6ce59d8ac454f5c685f6309d17a9cb8206b6a6a407b409c5bd3b47b7a5299de63d8580f2f27ea8928e4babb4c71e90fc

Download Submit