hydra | 3fc91b032c9fdbd7eef055f5596e7c6f45b163019ab86af102e44df31966ec44

Analysis

max time kernel
402372s
max time network
146s
platform
android_x86
resource
android-x86-arm-20231023-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231023-enlocale:en-usos:android-9-x86system
submitted
28-11-2023 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3fc91b032c9fdbd7eef055f5596e7c6f45b163019ab86af102e44df31966ec44.apk
Size

3.0MB
MD5

8658787a0d5a6b7dbee0ae22dd193d4d
SHA1

231660f83f1c32cc08d4b1d4bf7eb03a4a18beee
SHA256

3fc91b032c9fdbd7eef055f5596e7c6f45b163019ab86af102e44df31966ec44
SHA512

5512e9894c2d8a767ad1fd2a41e5104388da7f81fecaabcb001f6aa3c31a96ea043a0b0b7aa929ce7facbe455a982a6ce574f7f5d18630454a38cf265d9e469d
SSDEEP

49152:EDfvHtz/p0qosFuZ+FkDG8Z4KLvlj5bl3/y3cSTkGVTSmJOQlyBILAkklymKZs:qfv7/w6kqWr3KM6kGxDyBfkeyW

Score

10^/10

hydra banker infostealer trojan

Malware Config

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Hydra payload 2 IoCs

resource	yara_rule
behavioral1/memory/4346-0.dex	family_hydra1
behavioral1/memory/4346-0.dex	family_hydra2

Makes use of the framework's Accessibility service. 2 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.boss.butter
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.boss.butter

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.boss.butter/app_DynamicOptDex/BhUjK.json	4346	com.boss.butter

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.boss.butter

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
11	ip-api.com

Reads information about phone network operator.

com.boss.butter
1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
PID:4346

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.boss.butter/app_DynamicOptDex/BhUjK.json

Filesize
1.9MB

MD5
1caf4e80f11a70398164a82f95ad0dd8

SHA1
52ede92d9986ae45241b2f9c1cdab6cc6aa07857

SHA256
3890cdcc44a8b2916ad382dd48dfd190589e068af774078d9b62f95158e84083

SHA512
4cff8a09bc8c3e182686d6c86d00399667f4ff5ca3e0b8939b5a7f7f5f41bf27b29893711946a0e5a47d36559b69baac43f7e8acf315488b3617b0df9d56443a

Download Submit
/data/data/com.boss.butter/app_DynamicOptDex/BhUjK.json

Filesize
1.9MB

MD5
92456f247ee56926a8f031744087d699

SHA1
4946e57d4829709d10afd71daae709e43ebe209b

SHA256
01f60860114d740fe37b5cf5160a757105f74126a7a1582f99d73a2364fb5355

SHA512
03238877bf358f4f1a632bc218759a8332a7423b298c8b05eaa207e0bc270644a54f31ccb945e2eeef4fa69ffe949ea6d1fbd25952f83376ce25a18480d9b9dc

Download Submit
/data/data/com.boss.butter/app_DynamicOptDex/oat/BhUjK.json.cur.prof

Filesize
1KB

MD5
8ed2b4d46684d94b174b1c0b845a019e

SHA1
2c2175d22455ca2a2255d449958a5ad992aedd0c

SHA256
0bd15dd872378885aab6df7d7a1f1c3192eab128cf602025a33c03d4b93003d5

SHA512
357d4cbae702e93edb1d56c42eb4f7204a3af61ed6c1283e11ddb3620571e7bcc39a74dabab15bfd919f96377a53fa59e8c4b4dbbe0f9b28c93115cefe0d6fab

Download Submit
/data/user/0/com.boss.butter/app_DynamicOptDex/BhUjK.json

Filesize
5.0MB

MD5
b849cbba8d099d24e879fe4d691030cc

SHA1
5aa3dabe43e791c1262e72960fd155fc36b452e0

SHA256
21b562f2ccb7099612361fe26ad15434d4877daf00d266b307cba53d9d13e2fc

SHA512
e896509d54833c674a777487e4a3b8ee7a828054c7bfdd03c31cbd015ed55f8418eeeaedff2c6c71829f92ac5035dacccba3978673201dc3bdf263441ca24ff4

Download Submit