hydra | 6a483d3e3827ad58d08422dc50ca74878205f09d884fc355985dac9e342fa2b1 | Triage

Sharing

General

Target

6a483d3e3827ad58d08422dc50ca74878205f09d884fc355985dac9e342fa2b1.bin
Size

2.6MB
Sample

231112-1w89lscf2v
MD5

26a2a37e01f3537d7dfb9c5895997992
SHA1

2e7b8103048489b870a67389dbcde0cdc352b025
SHA256

6a483d3e3827ad58d08422dc50ca74878205f09d884fc355985dac9e342fa2b1
SHA512

f87bac3bb56474dbb27c550bbd7f8a75101bce286e51a35728a5b34e3c575c62c37f91b90be6693cdb85fb31eeff95e51a9331b026166aee0f9b00ac1e800a3b
SSDEEP

49152:JHsluagI3k4NvkuNZvodwJ6vKzDB0xcY0lPhHmir0Rs+LLcRohk32etO5M1ZEg:5sluIU4JkuNZvKwJpHY0jHXr0RJERoCj

Score

10^/10

hydra android banker infostealer linux trojan

Malware Config

Targets

- Target
  
  6a483d3e3827ad58d08422dc50ca74878205f09d884fc355985dac9e342fa2b1.bin
- Size
  
  2.6MB
- MD5
  
  26a2a37e01f3537d7dfb9c5895997992
- SHA1
  
  2e7b8103048489b870a67389dbcde0cdc352b025
- SHA256
  
  6a483d3e3827ad58d08422dc50ca74878205f09d884fc355985dac9e342fa2b1
- SHA512
  
  f87bac3bb56474dbb27c550bbd7f8a75101bce286e51a35728a5b34e3c575c62c37f91b90be6693cdb85fb31eeff95e51a9331b026166aee0f9b00ac1e800a3b
- SSDEEP
  
  49152:JHsluagI3k4NvkuNZvodwJ6vKzDB0xcY0lPhHmir0Rs+LLcRohk32etO5M1ZEg:5sluIU4JkuNZvKwJpHY0jHXr0RJERoCj
Score

10^/10

hydra banker infostealer trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Hydra payload
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Reads information about phone network operator.
behavioral1 behavioral2 behavioral3
- Target
  
  DefaultWsdlHelpGenerator.aspx
- Size
  
  59KB
- MD5
  
  f7be9f1841ff92f9d4040aed832e0c79
- SHA1
  
  b3e4b508aab3cf201c06892713b43ddb0c43b7ae
- SHA256
  
  751861040b69ea63a3827507b7c8da9c7f549dc181c1c8af4b7ca78cc97d710a
- SHA512
  
  380e97f7c17ee0fdf6177ed65f6e30de662a33a8a727d9f1874e9f26bd573434c3dedd655b47a21b998d32aaa72a0566df37e901fd6c618854039d5e0cbef3f5
- SSDEEP
  
  768:6CEPutHjvpMgMwP9h5Ij7khsp/6JtEZwMXVtkUI3t3CXyEyk3VbNbqDvJ4oT1y:/r6CdsCOZwMX3k5dWyklh+Dvbw
Score

1^/10
behavioral4 behavioral5
- Target
  
  cid
- Size
  
  5KB
- MD5
  
  831105fefa5412b2b365bdf7564fb516
- SHA1
  
  5f0f360513d28bbb54dba7f719e6b83d68cbf4de
- SHA256
  
  bad719b2ae9b5774f724d99b5d9ec701b8e2683919e912e490d7c9ea5389622d
- SHA512
  
  961bce352ab5ab9986efc377c3dfee12a27760cd7b9e4da779d639ebfb4182dd7e00a15979322c9ca769ba87d78806264a45ace65c811008fdd2008e3c78ac15
- SSDEEP
  
  96:auNrX8H2orqoAdRJPr9SgbhWollXU+9z4:DrXbRJJSgbhbl5i
Score

1^/10
behavioral6
- Target
  
  ui.js
- Size
  
  3KB
- MD5
  
  aee241652edfd5d33eb388756e8d2ea5
- SHA1
  
  ecde94d86f65706034b251ff49fba95e1434d19c
- SHA256
  
  3bf2f553433370b95dff0f7b4a17030a51a0fd861a594e8f41fe98ff1e22fad0
- SHA512
  
  a9cafa741e6b37e5fd0125662e6de3384a4963578dbe8db34bcfb2e6cf1ff3914e086f2bf26459fe2b299d3667676d4e6fb9a9ad25feaa473fb6d80464224792
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

hydrabankerinfostealertrojan

behavioral2

hydrabankerinfostealertrojan

behavioral3

hydrabankerinfostealertrojan

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8