hydra | a4b86f0f8e904e8d8f3472b04c3054b004a503a5ace1c6409f7f55b7c0e62cd7

Analysis

max time kernel
4265243s
max time network
166s
platform
android_x64
resource
android-x64-20231023.1-en
resource tags

androidarch:x64arch:x86image:android-x64-20231023.1-enlocale:en-usos:android-10-x64system
submitted
23-11-2023 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a4b86f0f8e904e8d8f3472b04c3054b004a503a5ace1c6409f7f55b7c0e62cd7.apk
Size

1.9MB
MD5

6c0f7526671497f0a925a16d2e7234ce
SHA1

c8d160e6b568e2db42ebe618ee8aa3c57cc45310
SHA256

a4b86f0f8e904e8d8f3472b04c3054b004a503a5ace1c6409f7f55b7c0e62cd7
SHA512

a2c37a78561cbb444492ee574a081715562ecf7b694e83058981b6b6d957132aba68d941fe4a79bd4bde35a22477a7e5fd90ba96a8601bb573c5d2f188e4c3d2
SSDEEP

49152:/VP5Iq9H7Ec/HFV3Xvk8lzWJI6e6VdQEjDBs:/f77EWlZXZWRVSEj1s

Score

10^/10

hydra banker infostealer trojan

Malware Config

Extracted

Family

hydra

http://ihfwiohefwhiwririhererf.store

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Hydra payload 2 IoCs

resource	yara_rule
behavioral2/memory/5106-0.dex	family_hydra1
behavioral2/memory/5106-0.dex	family_hydra2

Makes use of the framework's Accessibility service. 2 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.dress.pigeon
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.dress.pigeon

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.dress.pigeon/app_DynamicOptDex/mL.json	5106	com.dress.pigeon

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
19	ip-api.com
17	ip-api.com

Reads information about phone network operator.

com.dress.pigeon
1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
PID:5106

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.dress.pigeon/app_DynamicOptDex/mL.json

Filesize
973KB

MD5
cec05dccd70934dd89864ccb3e1181e5

SHA1
3d8b400e2d684ad53be51f0f7ce4ab044f81fd28

SHA256
54a04510955b9d285044af0d0a3bb704db88cb6c57ccbbd45e326917019c581d

SHA512
62d206054eeecafbd93ae6401e47134241dfea368f4a9984d32fca7a72cebfa9787194e9b496873abc800e8c40aaa49339c698ed089064680d4bd154d2bcd631

Download Submit
/data/data/com.dress.pigeon/app_DynamicOptDex/mL.json

Filesize
973KB

MD5
1cfff3092a7c49e093def19e3ba245b0

SHA1
add0d4edff7d35ed60e5725447b0e527be16993e

SHA256
14162502f769f2b78815d5dad25df7a6e2756860e8bdd7f5cd5ad6c2406ed5af

SHA512
89259335c432a83dfb07f84cc4075a9c95cbcbff167dc771f9d6637df491e338c353809a0fcdb97ef0cb0623e72843e105ff4010dc01da8be0f90cd5b68a0100

Download Submit
/data/data/com.dress.pigeon/app_DynamicOptDex/oat/mL.json.cur.prof

Filesize
1KB

MD5
80d52dda73a346bb6932e96addb5ff30

SHA1
eac3199a1294124315967d774cbfa3df8174383f

SHA256
8fa6e1ff8aa0901b92bcd61b2fc81222d0a1cbf3639d3a849151cd0bd20661d4

SHA512
3121e715dca8a0579531c4b01ece69eabf1213707610c7b6737f72f31b6e3b892e6c1cc8fa9a69e25bfc966fdd59c03dc36681c10bb176d2615afec90dce959e

Download Submit
/data/user/0/com.dress.pigeon/app_DynamicOptDex/mL.json

Filesize
2.2MB

MD5
f1e4e15f6053f0b6d460b32d39e9c59a

SHA1
ff6a25fffa8fe34c9d0274a89d2b05963e97127e

SHA256
da1b508761ff1ff20564417804e02a3a058be3c12dafa6e559b43f33383b20ff

SHA512
76084bb959e5a86286d41432746e105a8f00c0213883a65168110721587ee02a6b24fe72f4445a11a4a59bd1055de2c35c98000965b9b0b6a0100fae549ea780

Download Submit