hydra | 8b9158ba3138949586cca3973a975745302f6d7e285299cb6b38c53a7c353f2c | Triage

Submit
Reports

Overview

overview

Static

static

6

8b9158ba31...2c.apk

android-9-x86

8b9158ba31...2c.apk

android-10-x64

8b9158ba31...2c.apk

android-11-x64

Sharing

General

Target

8b9158ba3138949586cca3973a975745302f6d7e285299cb6b38c53a7c353f2c
Size

3.3MB
Sample

231220-g6r9asfegn
MD5

0359ed6cf8b99cd8b7f41512755661de
SHA1

cbb56158e4cd662b51b58f61f6efcb2dac4fb7a5
SHA256

8b9158ba3138949586cca3973a975745302f6d7e285299cb6b38c53a7c353f2c
SHA512

e09085e2f5b083c5c3edee06e022105ad96f3c7b8842205e5690c9e7b98ba85dcdc66cf4d72a2863c72c1794e2a5ae7eefde9c97d52f271e92ec9d3c1af48fe0
SSDEEP

98304:TRCDv8/eakNx0Zq4MQEOLMGbcjeB5UY7neMKSR:dM8mRxDLQIEJnLR

Score

10^/10

hydra android banker infostealer trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

8b9158ba3138949586cca3973a975745302f6d7e285299cb6b38c53a7c353f2c.apk

Resource

android-x86-arm-20231215-en

hydra banker infostealer trojan

android-9-x86

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

8b9158ba3138949586cca3973a975745302f6d7e285299cb6b38c53a7c353f2c.apk

Resource

android-x64-20231215-en

hydra banker infostealer trojan

android-10-x64

7 signatures

150 seconds

Behavioral task

behavioral3

Sample

8b9158ba3138949586cca3973a975745302f6d7e285299cb6b38c53a7c353f2c.apk

Resource

android-x64-arm64-20231215-en

hydra banker infostealer trojan

android-11-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  8b9158ba3138949586cca3973a975745302f6d7e285299cb6b38c53a7c353f2c
- Size
  
  3.3MB
- MD5
  
  0359ed6cf8b99cd8b7f41512755661de
- SHA1
  
  cbb56158e4cd662b51b58f61f6efcb2dac4fb7a5
- SHA256
  
  8b9158ba3138949586cca3973a975745302f6d7e285299cb6b38c53a7c353f2c
- SHA512
  
  e09085e2f5b083c5c3edee06e022105ad96f3c7b8842205e5690c9e7b98ba85dcdc66cf4d72a2863c72c1794e2a5ae7eefde9c97d52f271e92ec9d3c1af48fe0
- SSDEEP
  
  98304:TRCDv8/eakNx0Zq4MQEOLMGbcjeB5UY7neMKSR:dM8mRxDLQIEJnLR
Score

10^/10

hydra banker infostealer trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Hydra payload
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Reads information about phone network operator.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

hydrabankerinfostealertrojan

behavioral2

hydrabankerinfostealertrojan

behavioral3

hydrabankerinfostealertrojan

© 2018-2025

Terms | Privacy