Overview

overview

10

Static

static

7

a4b86f0f8e...d7.apk

android-9-x86

10

a4b86f0f8e...d7.apk

android-10-x64

10

a4b86f0f8e...d7.apk

android-11-x64

10

AlphaPresentForms.js

windows7-x64

1

AlphaPresentForms.js

windows10-2004-x64

1

BasicLatin.js

windows7-x64

1

BasicLatin.js

windows10-2004-x64

1

BoxDrawing.js

windows7-x64

1

BoxDrawing.js

windows10-2004-x64

1

CombDiactF...ols.js

windows7-x64

1

CombDiactF...ols.js

windows10-2004-x64

1

ControlPictures.js

windows7-x64

1

ControlPictures.js

windows10-2004-x64

1

CurrencySymbols.js

windows7-x64

1

CurrencySymbols.js

windows10-2004-x64

1

Cyrillic.js

windows7-x64

1

Cyrillic.js

windows10-2004-x64

1

EnclosedAlphanum.js

windows7-x64

1

EnclosedAlphanum.js

windows10-2004-x64

1

GeneralPunctuation.js

windows7-x64

1

GeneralPunctuation.js

windows10-2004-x64

1

GreekAndCoptic.js

windows7-x64

1

GreekAndCoptic.js

windows10-2004-x64

1

GreekBoldItalic.js

windows7-x64

1

GreekBoldItalic.js

windows10-2004-x64

1

GreekSSBoldItalic.js

windows7-x64

1

GreekSSBoldItalic.js

windows10-2004-x64

1

IPAExtensions.js

windows7-x64

1

IPAExtensions.js

windows10-2004-x64

1

Latin1Supplement.js

windows7-x64

1

Latin1Supplement.js

windows10-2004-x64

1

LatinExtendedA.js

windows7-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a4b86f0f8e904e8d8f3472b04c3054b004a503a5ace1c6409f7f55b7c0e62cd7.bin

  • Size

    1.9MB

  • Sample

    231123-1xpatsde8z

  • MD5

    6c0f7526671497f0a925a16d2e7234ce

  • SHA1

    c8d160e6b568e2db42ebe618ee8aa3c57cc45310

  • SHA256

    a4b86f0f8e904e8d8f3472b04c3054b004a503a5ace1c6409f7f55b7c0e62cd7

  • SHA512

    a2c37a78561cbb444492ee574a081715562ecf7b694e83058981b6b6d957132aba68d941fe4a79bd4bde35a22477a7e5fd90ba96a8601bb573c5d2f188e4c3d2

  • SSDEEP

    49152:/VP5Iq9H7Ec/HFV3Xvk8lzWJI6e6VdQEjDBs:/f77EWlZXZWRVSEj1s

Score
10/10
hydraandroidbankerinfostealertrojan

Malware Config

Extracted

Family

hydra

C2

http://ihfwiohefwhiwririhererf.store

Targets

    • Target

      a4b86f0f8e904e8d8f3472b04c3054b004a503a5ace1c6409f7f55b7c0e62cd7.bin

    • Size

      1.9MB

    • MD5

      6c0f7526671497f0a925a16d2e7234ce

    • SHA1

      c8d160e6b568e2db42ebe618ee8aa3c57cc45310

    • SHA256

      a4b86f0f8e904e8d8f3472b04c3054b004a503a5ace1c6409f7f55b7c0e62cd7

    • SHA512

      a2c37a78561cbb444492ee574a081715562ecf7b694e83058981b6b6d957132aba68d941fe4a79bd4bde35a22477a7e5fd90ba96a8601bb573c5d2f188e4c3d2

    • SSDEEP

      49152:/VP5Iq9H7Ec/HFV3Xvk8lzWJI6e6VdQEjDBs:/f77EWlZXZWRVSEj1s

    Score
    10/10
    hydrabankerinfostealertrojan

    • Hydra

      Android banker and info stealer.

      bankertrojaninfostealerhydra

    • Hydra payload

    • Makes use of the framework's Accessibility service.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

    behavioral1behavioral2behavioral3

    • Target

      AlphaPresentForms.js

    • Size

      749B

    • MD5

      96ec688255f942d2a95225f8382f17ed

    • SHA1

      f4a8477397d15f027577a72fdad31b3dbcb0d6b5

    • SHA256

      b0c3b964fae558ffac89cf5bd351b4b21457106514bdd85abdc5fcd43b2a4941

    • SHA512

      ad28523e886da841bc0bcd1280babc40e83024b552994ce5615c7e63b816984d6d7a241df0e2c77f043db1435174a6984069bb8dc44693cc2ed408458e8034cc

    Score
    1/10
    behavioral4behavioral5

    • Target

      BasicLatin.js

    • Size

      2KB

    • MD5

      504a513ac07aa45f9830f9442b89fc81

    • SHA1

      00625d8b2567dafce9a25c7f5c101be6f613f736

    • SHA256

      68f1b4c6f30d2768fa1036b8fa0af1446ad8ff7dfd7624e1c15e4d9ff8ae2e32

    • SHA512

      eeea159511cf4c56543a10471be2b45bea3f4f36993828d9c419b4ad3b831d8b8cf9f37139a1b8a52c93cd6fbc9ce06e1781c9b11c80a36cf5f17115d8039681

    Score
    1/10
    behavioral6behavioral7

    • Target

      BoxDrawing.js

    • Size

      1KB

    • MD5

      63dcd3f5d1acc11bf35909f915170999

    • SHA1

      313a2f56d56cc6382c28ad590292aee1536cb61c

    • SHA256

      1f7610544efdd54ac4186ce14dd46b384ec97cb4e82c9b6aca562f54dc0ea76a

    • SHA512

      5296522bb6a2090f2230a79e31ac438e273c75a5ed2d84ec9e8e128fcec506bdaacee10a0937eddd5f0a189967775f1c6476dfecb932bf6d2ac225dbcec8f094

    Score
    1/10
    behavioral8behavioral9

    • Target

      CombDiactForSymbols.js

    • Size

      634B

    • MD5

      1428bb262af998db7f299dcfca9dd0ed

    • SHA1

      eb6a00ccccc8c6d884fb39c5a387339091f2f9e8

    • SHA256

      bd38ae2f01095a9a15c6714c70c09bd8f64992ef819f3504dfb7e2d27ac4fa24

    • SHA512

      a62ee99d8bd949f5a60070e0040e87561e393e31302ad91e3afc348398fccc677f11825c0611c3b86213ea1061ce2781e56372742d0c611870d6e6c1fba21c94

    Score
    1/10
    behavioral10behavioral11

    • Target

      ControlPictures.js

    • Size

      625B

    • MD5

      cbeb84d18ba6577f6c2748a19e526c44

    • SHA1

      11ae3612e8280e11923981d7c207a49f3a4b462f

    • SHA256

      5888effdeb099b276f4f60fa1662c17070d38997360634c1e87b73ab3bfbdc4b

    • SHA512

      300038328363b48a3d922087c5057af2481c2a18c521b1e865ab89619a7f9d41031e21fc7ba6c21fd4f401c515f3f57ac205b55a9ace3273656007ea4f968947

    Score
    1/10
    behavioral12behavioral13

    • Target

      CurrencySymbols.js

    • Size

      704B

    • MD5

      bf4ef0f03d5225d7fd690cb1449834ba

    • SHA1

      f7b8ea10f7782fe17ba8a4f994013d4e786b68f2

    • SHA256

      14c07eb40940c2e00417314be67ccf576d9492567085a7c89a48a04e996973cb

    • SHA512

      7abf979e8f5c02a77b394a82226244a723b64f163d158f1ac20f638c63e8d1933748ba32f7f8948152f64e4365fb6fafb9d20ce73e25403a0cc6757859046f1c

    Score
    1/10
    behavioral14behavioral15

    • Target

      Cyrillic.js

    • Size

      3KB

    • MD5

      d8a6c641af159e7c927ba11699ef6a71

    • SHA1

      2ec4e7c000f008f9c1402cacc684bb5bbe1f75c2

    • SHA256

      3385ebb9dd9fee5c6b407e2ef39f7e8a800f2e88ecc4f4ac5c6587c352a91545

    • SHA512

      8744dd6f5aaaa43a4ce229d954d0af6e244b8ea5609373a18bacb2754910b94038d137ed6c90c140aa009479dee3aabd1aa0703085267f9fce2dc945d79b9e7c

    Score
    1/10
    behavioral16behavioral17

    • Target

      EnclosedAlphanum.js

    • Size

      2KB

    • MD5

      f7c923bca4ef8253010fce0cd731c326

    • SHA1

      09a72c9717a3aab3e181091e9c3d435069b672f0

    • SHA256

      f1a44ffee3c22a93033358fa6c7387b2bd057e8b97b63e8decc9e5e0e972981a

    • SHA512

      5cf3644d3074a2f94a04983d2b053c83ae66df9f9ccc837bcedb8c43bed2c83ca59227d5f3d016b10ede0ade9bb610a8ee3705ac3297078d1c1ffc1561cfeba6

    Score
    1/10
    behavioral18behavioral19

    • Target

      GeneralPunctuation.js

    • Size

      1KB

    • MD5

      97b5acadc06674451360cf690caca49f

    • SHA1

      013982610bee16a527e43a5fc476a7c870a372ea

    • SHA256

      5756338eed068c17540925a0f1193a7d6e438db92c4db9e48994c59e26eee85c

    • SHA512

      1a3a0ba904c404b114a67dc85d1f61b725cb23328d0d0123a20602ddf4271628b54bc7f6c167d2933fca1deeb86419267b776d34409427f1ecffb3ca9df7760e

    Score
    1/10
    behavioral20behavioral21

    • Target

      GreekAndCoptic.js

    • Size

      2KB

    • MD5

      798a684f715df5bf76c88832fa97a099

    • SHA1

      5aa31d2ddedba9136f1d350d886988a063ad9aac

    • SHA256

      10e96150ddac04b481130e75d5d741b7d53d936f4e7ee0576b4a7b5606b41c6b

    • SHA512

      c7b3ae826015473e5d19ebb177b29e4379d1d533eb15a1d5fcfe0a0e0e95c16491e4c928a7b25b52cc0e37a148dbe1ca617f86c28ebc4d3f776683f37ec61a32

    Score
    1/10
    behavioral22behavioral23

    • Target

      GreekBoldItalic.js

    • Size

      2KB

    • MD5

      b6b3c497f29459f5aa0511ac97642f25

    • SHA1

      03c643cd5d01c65018dbd607427580f792b2651b

    • SHA256

      5b419bb00f9cbdad8aa97f6a6a6fd63fca9ca63b285ce979a20ba501f9e80d46

    • SHA512

      781cee4ed36f9447ac50d5849dbaea4919304fba07eea6edf98868d1e3ddda2e2b975cfad88b01214635c99fea4658f6d9d8715b0ab09d9fecda5d731298fdca

    Score
    1/10
    behavioral24behavioral25

    • Target

      GreekSSBoldItalic.js

    • Size

      2KB

    • MD5

      2b7b2ed83cfa9ca29423b785d7a62155

    • SHA1

      67c9ab3734460f7d869c030355bcc8dfbb6e0741

    • SHA256

      7a504031ed37a8ac4f3f9a494e747bdedf454ad2a7c658908de2e2cf4f3e9435

    • SHA512

      5efbd9ba3e6e1e3ed28a57ce20aab8bd60395354ec8d564bfa0050675a248c963621a5925b4e085ff5ef2120f78348d29e4da97e723b324c1ad4c596ccd87656

    Score
    1/10
    behavioral26behavioral27

    • Target

      IPAExtensions.js

    • Size

      2KB

    • MD5

      39c102140b3642711fb378ca2e13b485

    • SHA1

      791a9cc05e402afb1c6339f918cfc38b9274b485

    • SHA256

      004de51e3124b5c70b10a087a6d7bf134371f95e00c25052c886b90b45444cf4

    • SHA512

      966a9569f8a1da24d1a7f952ac96991875f2b4b66d7a9066410803f65349ed445de681851532ea58ba0b3836d6f68876b949e36aacbfdf0eb19705ba555934f2

    Score
    1/10
    behavioral28behavioral29

    • Target

      Latin1Supplement.js

    • Size

      2KB

    • MD5

      66921a93cd85625793c42c24f65e9761

    • SHA1

      307e1dd59711089badf5a4dc6152693272259ee9

    • SHA256

      9f8191dae7c40562d819a2f1333638853667176ad0429a11d624f74451246876

    • SHA512

      cc513f10ac4ab3365b8bdd4f0b63b9c5f9dad8d36b5458f2631b447c23a4129adfcf9c86c2b3cc0a717b2c66bbf0532a23775d90aa805c0d8fb6d456f14e65c4

    Score
    1/10
    behavioral30behavioral31

    • Target

      LatinExtendedA.js

    • Size

      3KB

    • MD5

      675efcd5b99a20fc36a0102e8596e33f

    • SHA1

      505477d0585f51bc63839e9fdb902392ae644aff

    • SHA256

      bb6466b7907d55481e5fc580937ee4853cfb6dd61357804c4652c2897526b3fd

    • SHA512

      59c7938f594c6b91122f9c26978f69295a9d8cf1c1c05ec56cfeae5701997f2cd68e3a3d2edd4f8e46802a5e7296caaa76c2eff5f89124adedadf68bdbf6b7c7

    Score
    1/10
    behavioral32

MITRE ATT&CK Matrix

Tasks

static1

Score
7/10

behavioral1

hydrabankerinfostealertrojan
Score
10/10

behavioral2

hydrabankerinfostealertrojan
Score
10/10

behavioral3

hydrabankerinfostealertrojan
Score
10/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10