hydra | 7aea29658ad2b4aa603442ab56ff391d0d9b30f3996c8fafb6e10d50bc0ab7ae | Triage

Submit
Reports

Overview

overview

Static

static

6

7aea29658a...ae.apk

android-9-x86

7aea29658a...ae.apk

android-10-x64

7aea29658a...ae.apk

android-11-x64

Sharing

General

Target

7aea29658ad2b4aa603442ab56ff391d0d9b30f3996c8fafb6e10d50bc0ab7ae
Size

3.7MB
Sample

231220-b7djmsacc4
MD5

645e0e45a9f31643af73cafb6ade5229
SHA1

90ca44e4a382bb8ce2567b0606f6cd38e6b1c087
SHA256

7aea29658ad2b4aa603442ab56ff391d0d9b30f3996c8fafb6e10d50bc0ab7ae
SHA512

5cf79cc779c64d0745cf278079ad20680e6595378ece72d1496d369484f18a42ac4390ca2b8f9ed7217e1b33af4419eb9ae4dbd31776eed5152c8b0d373b8c27
SSDEEP

98304:mOHNetf++GWwfXgbSP8k38Ug55Cgy/DJ0LMheUi6LjL/:B8f9GJXBP8W8Uk5SbJ0LMcCL/

Score

10^/10

hydra android banker infostealer trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

7aea29658ad2b4aa603442ab56ff391d0d9b30f3996c8fafb6e10d50bc0ab7ae.apk

Resource

android-x86-arm-20231215-en

hydra banker infostealer trojan

android-9-x86

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

7aea29658ad2b4aa603442ab56ff391d0d9b30f3996c8fafb6e10d50bc0ab7ae.apk

Resource

android-x64-20231215-en

hydra banker infostealer trojan

android-10-x64

7 signatures

150 seconds

Behavioral task

behavioral3

Sample

7aea29658ad2b4aa603442ab56ff391d0d9b30f3996c8fafb6e10d50bc0ab7ae.apk

Resource

android-x64-arm64-20231215-en

hydra banker infostealer trojan

android-11-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  7aea29658ad2b4aa603442ab56ff391d0d9b30f3996c8fafb6e10d50bc0ab7ae
- Size
  
  3.7MB
- MD5
  
  645e0e45a9f31643af73cafb6ade5229
- SHA1
  
  90ca44e4a382bb8ce2567b0606f6cd38e6b1c087
- SHA256
  
  7aea29658ad2b4aa603442ab56ff391d0d9b30f3996c8fafb6e10d50bc0ab7ae
- SHA512
  
  5cf79cc779c64d0745cf278079ad20680e6595378ece72d1496d369484f18a42ac4390ca2b8f9ed7217e1b33af4419eb9ae4dbd31776eed5152c8b0d373b8c27
- SSDEEP
  
  98304:mOHNetf++GWwfXgbSP8k38Ug55Cgy/DJ0LMheUi6LjL/:B8f9GJXBP8W8Uk5SbJ0LMcCL/
Score

10^/10

hydra banker infostealer trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Hydra payload
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Reads information about phone network operator.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

hydrabankerinfostealertrojan

behavioral2

hydrabankerinfostealertrojan

behavioral3

hydrabankerinfostealertrojan

© 2018-2024

Terms | Privacy