hydra | 824fd338bc6728c891cde35ab8cb77c268b60ed291d2b465e289133a5f60869f | Triage

Submit
Reports

Overview

overview

Static

static

6

824fd338bc...9f.apk

android-9-x86

824fd338bc...9f.apk

android-10-x64

824fd338bc...9f.apk

android-11-x64

Sharing

General

Target

824fd338bc6728c891cde35ab8cb77c268b60ed291d2b465e289133a5f60869f
Size

7.2MB
Sample

231220-ekqr8sbaeq
MD5

15d7fdda9dd8ad83c24137e8679b3281
SHA1

f0fb7702219964e1867699c45a1d009409cc465f
SHA256

824fd338bc6728c891cde35ab8cb77c268b60ed291d2b465e289133a5f60869f
SHA512

d51f86029710f02ea50e509c411b70f5368561ea0e67c6372dbc67c417526f6907e1cc35cc2f8c62b2940e9d0e66a06b05f314550a0295b9dac873fb41e0c5f5
SSDEEP

196608:UZ82ycSjyviRe37EmD86Rn4Tzc8ihqQXCubLDaADXq:UZATjyp3tDLn43c8iyKLDc

Score

10^/10

hydra android banker infostealer trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

824fd338bc6728c891cde35ab8cb77c268b60ed291d2b465e289133a5f60869f.apk

Resource

android-x86-arm-20231215-en

hydra banker infostealer trojan

android-9-x86

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

824fd338bc6728c891cde35ab8cb77c268b60ed291d2b465e289133a5f60869f.apk

Resource

android-x64-20231215-en

hydra banker infostealer trojan

android-10-x64

7 signatures

150 seconds

Behavioral task

behavioral3

Sample

824fd338bc6728c891cde35ab8cb77c268b60ed291d2b465e289133a5f60869f.apk

Resource

android-x64-arm64-20231215-en

hydra banker infostealer trojan

android-11-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  824fd338bc6728c891cde35ab8cb77c268b60ed291d2b465e289133a5f60869f
- Size
  
  7.2MB
- MD5
  
  15d7fdda9dd8ad83c24137e8679b3281
- SHA1
  
  f0fb7702219964e1867699c45a1d009409cc465f
- SHA256
  
  824fd338bc6728c891cde35ab8cb77c268b60ed291d2b465e289133a5f60869f
- SHA512
  
  d51f86029710f02ea50e509c411b70f5368561ea0e67c6372dbc67c417526f6907e1cc35cc2f8c62b2940e9d0e66a06b05f314550a0295b9dac873fb41e0c5f5
- SSDEEP
  
  196608:UZ82ycSjyviRe37EmD86Rn4Tzc8ihqQXCubLDaADXq:UZATjyp3tDLn43c8iyKLDc
Score

10^/10

hydra banker infostealer trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Hydra payload
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Reads information about phone network operator.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

hydrabankerinfostealertrojan

behavioral2

hydrabankerinfostealertrojan

behavioral3

hydrabankerinfostealertrojan

© 2018-2024

Terms | Privacy