hydra | 75f9f66bcbfb732b3720f9b56a5b56a3a671ff4386b0b7dc8195124b0db206c0 | Triage

Submit
Reports

Overview

overview

Static

static

6

75f9f66bcb...c0.apk

android-9-x86

75f9f66bcb...c0.apk

android-10-x64

75f9f66bcb...c0.apk

android-11-x64

Sharing

General

Target

75f9f66bcbfb732b3720f9b56a5b56a3a671ff4386b0b7dc8195124b0db206c0
Size

3.2MB
Sample

231220-a5kphafhd8
MD5

abcef2353f293e694fe3073b53528441
SHA1

0ecf181ad163bf5dc4e316ac61b3d2453ade356c
SHA256

75f9f66bcbfb732b3720f9b56a5b56a3a671ff4386b0b7dc8195124b0db206c0
SHA512

253a63c8c677826085727ef6d73b01142503424c3f952515bd9e6bfe0b4900e9c1b08faeb98f3790042255994ff9d57f274066315981711c0f32e1936bf3a608
SSDEEP

98304:Vz2v/oOd4+e/h8WBJbiBUUPBnzvU0C/MHpCNnvB:koJ+e/h8WfmBxVRqMJC/

Score

10^/10

hydra android banker infostealer trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

75f9f66bcbfb732b3720f9b56a5b56a3a671ff4386b0b7dc8195124b0db206c0.apk

Resource

android-x86-arm-20231215-en

hydra banker infostealer trojan

android-9-x86

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

75f9f66bcbfb732b3720f9b56a5b56a3a671ff4386b0b7dc8195124b0db206c0.apk

Resource

android-x64-20231215-en

hydra banker infostealer trojan

android-10-x64

7 signatures

150 seconds

Behavioral task

behavioral3

Sample

75f9f66bcbfb732b3720f9b56a5b56a3a671ff4386b0b7dc8195124b0db206c0.apk

Resource

android-x64-arm64-20231215-en

hydra banker infostealer trojan

android-11-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  75f9f66bcbfb732b3720f9b56a5b56a3a671ff4386b0b7dc8195124b0db206c0
- Size
  
  3.2MB
- MD5
  
  abcef2353f293e694fe3073b53528441
- SHA1
  
  0ecf181ad163bf5dc4e316ac61b3d2453ade356c
- SHA256
  
  75f9f66bcbfb732b3720f9b56a5b56a3a671ff4386b0b7dc8195124b0db206c0
- SHA512
  
  253a63c8c677826085727ef6d73b01142503424c3f952515bd9e6bfe0b4900e9c1b08faeb98f3790042255994ff9d57f274066315981711c0f32e1936bf3a608
- SSDEEP
  
  98304:Vz2v/oOd4+e/h8WBJbiBUUPBnzvU0C/MHpCNnvB:koJ+e/h8WfmBxVRqMJC/
Score

10^/10

hydra banker infostealer trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Hydra payload
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests enabling of the accessibility settings.
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Reads information about phone network operator.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

hydrabankerinfostealertrojan

behavioral2

hydrabankerinfostealertrojan

behavioral3

hydrabankerinfostealertrojan

© 2018-2024

Terms | Privacy