hydra

Sharing

Copy URL

Twitter E-mail

General

Target

a4b86f0f8e904e8d8f3472b04c3054b004a503a5ace1c6409f7f55b7c0e62cd7.bin
Size

1.9MB
Sample

231123-1xpatsde8z
MD5

6c0f7526671497f0a925a16d2e7234ce
SHA1

c8d160e6b568e2db42ebe618ee8aa3c57cc45310
SHA256

a4b86f0f8e904e8d8f3472b04c3054b004a503a5ace1c6409f7f55b7c0e62cd7
SHA512

a2c37a78561cbb444492ee574a081715562ecf7b694e83058981b6b6d957132aba68d941fe4a79bd4bde35a22477a7e5fd90ba96a8601bb573c5d2f188e4c3d2
SSDEEP

49152:/VP5Iq9H7Ec/HFV3Xvk8lzWJI6e6VdQEjDBs:/f77EWlZXZWRVSEj1s

Score

10^/10

Malware Config

Extracted

Family

hydra

http://ihfwiohefwhiwririhererf.store

Targets

- Target
  
  a4b86f0f8e904e8d8f3472b04c3054b004a503a5ace1c6409f7f55b7c0e62cd7.bin
- Size
  
  1.9MB
- MD5
  
  6c0f7526671497f0a925a16d2e7234ce
- SHA1
  
  c8d160e6b568e2db42ebe618ee8aa3c57cc45310
- SHA256
  
  a4b86f0f8e904e8d8f3472b04c3054b004a503a5ace1c6409f7f55b7c0e62cd7
- SHA512
  
  a2c37a78561cbb444492ee574a081715562ecf7b694e83058981b6b6d957132aba68d941fe4a79bd4bde35a22477a7e5fd90ba96a8601bb573c5d2f188e4c3d2
- SSDEEP
  
  49152:/VP5Iq9H7Ec/HFV3Xvk8lzWJI6e6VdQEjDBs:/f77EWlZXZWRVSEj1s
Score

10^/10

hydra banker infostealer trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Hydra payload
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Reads information about phone network operator.
behavioral1 behavioral2 behavioral3
- Target
  
  AlphaPresentForms.js
- Size
  
  749B
- MD5
  
  96ec688255f942d2a95225f8382f17ed
- SHA1
  
  f4a8477397d15f027577a72fdad31b3dbcb0d6b5
- SHA256
  
  b0c3b964fae558ffac89cf5bd351b4b21457106514bdd85abdc5fcd43b2a4941
- SHA512
  
  ad28523e886da841bc0bcd1280babc40e83024b552994ce5615c7e63b816984d6d7a241df0e2c77f043db1435174a6984069bb8dc44693cc2ed408458e8034cc
Score

1^/10
behavioral4 behavioral5
- Target
  
  BasicLatin.js
- Size
  
  2KB
- MD5
  
  504a513ac07aa45f9830f9442b89fc81
- SHA1
  
  00625d8b2567dafce9a25c7f5c101be6f613f736
- SHA256
  
  68f1b4c6f30d2768fa1036b8fa0af1446ad8ff7dfd7624e1c15e4d9ff8ae2e32
- SHA512
  
  eeea159511cf4c56543a10471be2b45bea3f4f36993828d9c419b4ad3b831d8b8cf9f37139a1b8a52c93cd6fbc9ce06e1781c9b11c80a36cf5f17115d8039681
Score

1^/10
behavioral6 behavioral7
- Target
  
  BoxDrawing.js
- Size
  
  1KB
- MD5
  
  63dcd3f5d1acc11bf35909f915170999
- SHA1
  
  313a2f56d56cc6382c28ad590292aee1536cb61c
- SHA256
  
  1f7610544efdd54ac4186ce14dd46b384ec97cb4e82c9b6aca562f54dc0ea76a
- SHA512
  
  5296522bb6a2090f2230a79e31ac438e273c75a5ed2d84ec9e8e128fcec506bdaacee10a0937eddd5f0a189967775f1c6476dfecb932bf6d2ac225dbcec8f094
Score

1^/10
behavioral8 behavioral9
- Target
  
  CombDiactForSymbols.js
- Size
  
  634B
- MD5
  
  1428bb262af998db7f299dcfca9dd0ed
- SHA1
  
  eb6a00ccccc8c6d884fb39c5a387339091f2f9e8
- SHA256
  
  bd38ae2f01095a9a15c6714c70c09bd8f64992ef819f3504dfb7e2d27ac4fa24
- SHA512
  
  a62ee99d8bd949f5a60070e0040e87561e393e31302ad91e3afc348398fccc677f11825c0611c3b86213ea1061ce2781e56372742d0c611870d6e6c1fba21c94
Score

1^/10
behavioral10 behavioral11
- Target
  
  ControlPictures.js
- Size
  
  625B
- MD5
  
  cbeb84d18ba6577f6c2748a19e526c44
- SHA1
  
  11ae3612e8280e11923981d7c207a49f3a4b462f
- SHA256
  
  5888effdeb099b276f4f60fa1662c17070d38997360634c1e87b73ab3bfbdc4b
- SHA512
  
  300038328363b48a3d922087c5057af2481c2a18c521b1e865ab89619a7f9d41031e21fc7ba6c21fd4f401c515f3f57ac205b55a9ace3273656007ea4f968947
Score

1^/10
behavioral12 behavioral13
- Target
  
  CurrencySymbols.js
- Size
  
  704B
- MD5
  
  bf4ef0f03d5225d7fd690cb1449834ba
- SHA1
  
  f7b8ea10f7782fe17ba8a4f994013d4e786b68f2
- SHA256
  
  14c07eb40940c2e00417314be67ccf576d9492567085a7c89a48a04e996973cb
- SHA512
  
  7abf979e8f5c02a77b394a82226244a723b64f163d158f1ac20f638c63e8d1933748ba32f7f8948152f64e4365fb6fafb9d20ce73e25403a0cc6757859046f1c
Score

1^/10
behavioral14 behavioral15
- Target
  
  Cyrillic.js
- Size
  
  3KB
- MD5
  
  d8a6c641af159e7c927ba11699ef6a71
- SHA1
  
  2ec4e7c000f008f9c1402cacc684bb5bbe1f75c2
- SHA256
  
  3385ebb9dd9fee5c6b407e2ef39f7e8a800f2e88ecc4f4ac5c6587c352a91545
- SHA512
  
  8744dd6f5aaaa43a4ce229d954d0af6e244b8ea5609373a18bacb2754910b94038d137ed6c90c140aa009479dee3aabd1aa0703085267f9fce2dc945d79b9e7c
Score

1^/10
behavioral16 behavioral17
- Target
  
  EnclosedAlphanum.js
- Size
  
  2KB
- MD5
  
  f7c923bca4ef8253010fce0cd731c326
- SHA1
  
  09a72c9717a3aab3e181091e9c3d435069b672f0
- SHA256
  
  f1a44ffee3c22a93033358fa6c7387b2bd057e8b97b63e8decc9e5e0e972981a
- SHA512
  
  5cf3644d3074a2f94a04983d2b053c83ae66df9f9ccc837bcedb8c43bed2c83ca59227d5f3d016b10ede0ade9bb610a8ee3705ac3297078d1c1ffc1561cfeba6
Score

1^/10
behavioral18 behavioral19
- Target
  
  GeneralPunctuation.js
- Size
  
  1KB
- MD5
  
  97b5acadc06674451360cf690caca49f
- SHA1
  
  013982610bee16a527e43a5fc476a7c870a372ea
- SHA256
  
  5756338eed068c17540925a0f1193a7d6e438db92c4db9e48994c59e26eee85c
- SHA512
  
  1a3a0ba904c404b114a67dc85d1f61b725cb23328d0d0123a20602ddf4271628b54bc7f6c167d2933fca1deeb86419267b776d34409427f1ecffb3ca9df7760e
Score

1^/10
behavioral20 behavioral21
- Target
  
  GreekAndCoptic.js
- Size
  
  2KB
- MD5
  
  798a684f715df5bf76c88832fa97a099
- SHA1
  
  5aa31d2ddedba9136f1d350d886988a063ad9aac
- SHA256
  
  10e96150ddac04b481130e75d5d741b7d53d936f4e7ee0576b4a7b5606b41c6b
- SHA512
  
  c7b3ae826015473e5d19ebb177b29e4379d1d533eb15a1d5fcfe0a0e0e95c16491e4c928a7b25b52cc0e37a148dbe1ca617f86c28ebc4d3f776683f37ec61a32
Score

1^/10
behavioral22 behavioral23
- Target
  
  GreekBoldItalic.js
- Size
  
  2KB
- MD5
  
  b6b3c497f29459f5aa0511ac97642f25
- SHA1
  
  03c643cd5d01c65018dbd607427580f792b2651b
- SHA256
  
  5b419bb00f9cbdad8aa97f6a6a6fd63fca9ca63b285ce979a20ba501f9e80d46
- SHA512
  
  781cee4ed36f9447ac50d5849dbaea4919304fba07eea6edf98868d1e3ddda2e2b975cfad88b01214635c99fea4658f6d9d8715b0ab09d9fecda5d731298fdca
Score

1^/10
behavioral24 behavioral25
- Target
  
  GreekSSBoldItalic.js
- Size
  
  2KB
- MD5
  
  2b7b2ed83cfa9ca29423b785d7a62155
- SHA1
  
  67c9ab3734460f7d869c030355bcc8dfbb6e0741
- SHA256
  
  7a504031ed37a8ac4f3f9a494e747bdedf454ad2a7c658908de2e2cf4f3e9435
- SHA512
  
  5efbd9ba3e6e1e3ed28a57ce20aab8bd60395354ec8d564bfa0050675a248c963621a5925b4e085ff5ef2120f78348d29e4da97e723b324c1ad4c596ccd87656
Score

1^/10
behavioral26 behavioral27
- Target
  
  IPAExtensions.js
- Size
  
  2KB
- MD5
  
  39c102140b3642711fb378ca2e13b485
- SHA1
  
  791a9cc05e402afb1c6339f918cfc38b9274b485
- SHA256
  
  004de51e3124b5c70b10a087a6d7bf134371f95e00c25052c886b90b45444cf4
- SHA512
  
  966a9569f8a1da24d1a7f952ac96991875f2b4b66d7a9066410803f65349ed445de681851532ea58ba0b3836d6f68876b949e36aacbfdf0eb19705ba555934f2
Score

1^/10
behavioral28 behavioral29
- Target
  
  Latin1Supplement.js
- Size
  
  2KB
- MD5
  
  66921a93cd85625793c42c24f65e9761
- SHA1
  
  307e1dd59711089badf5a4dc6152693272259ee9
- SHA256
  
  9f8191dae7c40562d819a2f1333638853667176ad0429a11d624f74451246876
- SHA512
  
  cc513f10ac4ab3365b8bdd4f0b63b9c5f9dad8d36b5458f2631b447c23a4129adfcf9c86c2b3cc0a717b2c66bbf0532a23775d90aa805c0d8fb6d456f14e65c4
Score

1^/10
behavioral30 behavioral31
- Target
  
  LatinExtendedA.js
- Size
  
  3KB
- MD5
  
  675efcd5b99a20fc36a0102e8596e33f
- SHA1
  
  505477d0585f51bc63839e9fdb902392ae644aff
- SHA256
  
  bb6466b7907d55481e5fc580937ee4853cfb6dd61357804c4652c2897526b3fd
- SHA512
  
  59c7938f594c6b91122f9c26978f69295a9d8cf1c1c05ec56cfeae5701997f2cd68e3a3d2edd4f8e46802a5e7296caaa76c2eff5f89124adedadf68bdbf6b7c7
Score

1^/10
behavioral32

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Hydra payload

Makes use of the framework's Accessibility service.

Loads dropped Dex/Jar

Looks up external IP address via web service

Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32