hydra | e5b6731e28b2a601844953c1e8bcbd9a982e2ae78177c7d3d794a6e8c0654003

Analysis

max time kernel
4265081s
max time network
135s
platform
android_x64
resource
android-x64-20231023.1-en
resource tags

androidarch:x64arch:x86image:android-x64-20231023.1-enlocale:en-usos:android-10-x64system
submitted
23-11-2023 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e5b6731e28b2a601844953c1e8bcbd9a982e2ae78177c7d3d794a6e8c0654003.apk
Size

1.9MB
MD5

6ed6937e578ce5f8e5b2bd2ede96926e
SHA1

639d512dd7f40db866c74ba6dc4ee4c26462a4ae
SHA256

e5b6731e28b2a601844953c1e8bcbd9a982e2ae78177c7d3d794a6e8c0654003
SHA512

3b95384265053749ec6913c6caf8cc298b61156352b6dc4a3490c9fc25ec6452e8ea2d7e3006101296965db097b78595467eecac367001378ebb35243c26c503
SSDEEP

49152:xApppp/vn0pafjYZtMZiQqQVzRIzoHOS5PEjX:xA0ycfMZNtHwoXEjX

Score

10^/10

hydra banker infostealer trojan

Malware Config

Extracted

Family

hydra

http://ihfwiohefwhiwririhererf.store

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Hydra payload 2 IoCs

resource	yara_rule
behavioral2/memory/5047-0.dex	family_hydra1
behavioral2/memory/5047-0.dex	family_hydra2

Makes use of the framework's Accessibility service. 2 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.clever.side
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.clever.side

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.clever.side/app_DynamicOptDex/Yqj.json	5047	com.clever.side

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
16	ip-api.com

Reads information about phone network operator.

com.clever.side
1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
PID:5047

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.clever.side/app_DynamicOptDex/Yqj.json

Filesize
973KB

MD5
3a864e804ea2492a4912ebd128cc330f

SHA1
798ef0d8b9f23eecf064b012e58388a338bd4953

SHA256
4ee03b64fc07377e80c9b68e70b024ebc931cfb32fd7c5ffe19a8caa4edcfc45

SHA512
2e218234f81725a069dd9ea83f4a47b8605bd66c9bf20d77924d385caaf87bc63ab8751a6c7017b737210049b46e362b6712358c18e2d36a897449618dd5d287

Download Submit
/data/data/com.clever.side/app_DynamicOptDex/Yqj.json

Filesize
973KB

MD5
e38ffe7196d63ffc31b532cdc25f9a34

SHA1
c006886e2b23df7227e4f816a4dcffbb0bb28094

SHA256
dfb4ca64bfa63c34a3ddcd87105b301d92ae96fadcf2110fd8ac379dc5f4ef19

SHA512
345acfdc2bb669953c0d4b952981c571189bc9c2bd0f94bdbf15c5767d2d3ddef6b39665181d122970cbe102ddba6b03520d4c8302c5ba59c8250643dd760691

Download Submit
/data/data/com.clever.side/app_DynamicOptDex/oat/Yqj.json.cur.prof

Filesize
1KB

MD5
521ff9f9f952c6de3177e0ee424595f2

SHA1
f53284d638471f105844588a3794fc676e919812

SHA256
f462f4fad38ce4e7830949acbe001b85eb142ea7d33a4bf00bba669dd6040f7b

SHA512
b4f0eef758acfdacb220245a32548d36bb45007ee6a6b8f36e996084a71c513c9545a15705049a795cbf67dd3e35796e3faa30dc0da0ad56bf60c72d11ac6bdd

Download Submit
/data/user/0/com.clever.side/app_DynamicOptDex/Yqj.json

Filesize
2.2MB

MD5
f7f65f96beb8f85ff412d2556436b226

SHA1
77b6002e9c66fd0d1ba03014088a9ab531884a02

SHA256
757d11f3f4d5bbeb9b450979f60d879c789b5aa95a29b41d0379994beacd579b

SHA512
80f5af15e306a6b3d736782aa87a513efb641e8b8b4dd32fd7ec53f6e68c33f95980889d85ca4afca44c141980d5e78d6021eba720db9040ef2f9d3af3ea6fc9

Download Submit