hydra | b0d137f1f9ad7588c6bdd0bdd94652b1ecbf4d30354025eee036d96f223b1273

Analysis

max time kernel
3227967s
max time network
147s
platform
android_x86
resource
android-x86-arm-20231023-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231023-enlocale:en-usos:android-9-x86system
submitted
11-11-2023 22:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b0d137f1f9ad7588c6bdd0bdd94652b1ecbf4d30354025eee036d96f223b1273.apk
Size

2.8MB
MD5

0d95b3fedb55bdb90276467169c28cb4
SHA1

31079fc2813413577b6065da0185afb27e9b4755
SHA256

b0d137f1f9ad7588c6bdd0bdd94652b1ecbf4d30354025eee036d96f223b1273
SHA512

a6c864bebd041cfca6fabd62dfe5f289d66b92ba5e28c7ee9ad01c3b2f6ed1debafe9c78739302be3c0bea2c51a668a97e3effc9e622ba267aff8d9127721f68
SSDEEP

49152:QmyJGiuVhbtuUykHhRPAikjLY6TsoogbpP/BAfrC2Baw3PDsmgtf5mVqrKT4mDS6:QmyJGiuV2Uyk0i4Y6TsiBAfDBa/mgGVv

Score

10^/10

hydra banker infostealer trojan

Malware Config

Extracted

Family

hydra

http://fioklksisisakkkkas.com

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Hydra payload 4 IoCs

resource	yara_rule
behavioral1/memory/4288-0.dex	family_hydra1
behavioral1/memory/4288-0.dex	family_hydra2
behavioral1/memory/4264-0.dex	family_hydra1
behavioral1/memory/4264-0.dex	family_hydra2

Makes use of the framework's Accessibility service. 1 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.sense.balance

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.sense.balance/app_DynamicOptDex/ytxftkF.json	4288	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.sense.balance/app_DynamicOptDex/ytxftkF.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.sense.balance/app_DynamicOptDex/oat/x86/ytxftkF.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.sense.balance/app_DynamicOptDex/ytxftkF.json	4264	com.sense.balance

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.sense.balance

com.sense.balance
1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
PID:4264
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.sense.balance/app_DynamicOptDex/ytxftkF.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.sense.balance/app_DynamicOptDex/oat/x86/ytxftkF.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.sense.balance/app_DynamicOptDex/oat/ytxftkF.json.cur.prof

Filesize
628B

MD5
55bb5bcb3df4edf5bb9bb872c9356654

SHA1
2a9a4d89f2a7c8d3089a1a36c2ffdd3de9fc7582

SHA256
12617893ab1750bd7b97a94f525a805c246f6b905ada5e3a96003acaac48994a

SHA512
579b0184848577aa8362b1ff2f5393f0840426515251e14fda578b0b3b8d4a82e237d0c8b383baca45cb7b92175b54a421f0907035a7f3381d5c22877fa0c308

Download Submit
/data/data/com.sense.balance/app_DynamicOptDex/ytxftkF.json

Filesize
1.6MB

MD5
8fbce57b625bfba74035f27ccdc4cc10

SHA1
532bf8ca44ab9f1dd11c25cc9522e40cb0b77c91

SHA256
fb68688f80986cc596e8f30b4e046734d5e1b747acdc62623b17e6eed23feb3c

SHA512
a488eb1a7b66c66a71d43ea62bb18f04207d0e05cc83cf03640470104f095a9fd5dcac5b51d43786c7c69bcd704081bac47c1fe086dcd0bf4b7b2e41f5a9c676

Download Submit
/data/data/com.sense.balance/app_DynamicOptDex/ytxftkF.json

Filesize
1.6MB

MD5
9dd8b97df15c93ff0f759bf27ecbb303

SHA1
b9026dcf4b68627f32e5d81a1b9ab03b5f0d022e

SHA256
bdbcad82ff25fe5612739fc553a38530605ce512d3532fe0d457c4bf27fc9c2c

SHA512
03d1c6167e792db18ef5889faf8a66cd8c50d68bb2a3ffc47da1f48775b0a8e91312b932e1b2523202226405f45374f68e50a9bb8d7ec9c9793a5789abb191ed

Download Submit
/data/user/0/com.sense.balance/app_DynamicOptDex/ytxftkF.json

Filesize
4.4MB

MD5
fc402cdfbe63d2f705b70d07181cfc66

SHA1
f9028a33f54053c2d64644e380e15403de64d614

SHA256
7f9ac1d64ed82c870492e2d47dce557bb3f90dc0bbb8e5053d055d85988e5c1b

SHA512
8061386685859bdbfc830e22827f0b37424414120f435cb1fd48e2a85123cf75a71ebb08ca8f7bbbc5e815e793bd0ea0bc5ec805b6c01eb5ae57e5753c688732

Download Submit
/data/user/0/com.sense.balance/app_DynamicOptDex/ytxftkF.json

Filesize
4.4MB

MD5
c04b17dd6fb25e27c60cc93483ba68b2

SHA1
79ba39f3beb798bdce2644c4a5f89cb1bbcd99b8

SHA256
817120a36e2e255a7c51da023dfb565dbeb9e64dcc5edcccb40e01c177923b4a

SHA512
2c5c3ac6681dddf08ee551c4e146f1b7827ea22791b8ac24777293325108722fb99ad882bb3f9a8e01619168aa7419a189839a84da56427c247dea63dfc86fbd

Download Submit