hydra | 8de309b3b12ec3f0115d8522179c825d77f111a56aa268f7eacb68afaa4d33c3 | Triage

Submit
Reports

Overview

overview

Static

static

6

8de309b3b1...c3.apk

android-9-x86

8de309b3b1...c3.apk

android-10-x64

8de309b3b1...c3.apk

android-11-x64

Sharing

General

Target

8de309b3b12ec3f0115d8522179c825d77f111a56aa268f7eacb68afaa4d33c3
Size

3.0MB
Sample

231220-hvxkbaggdr
MD5

43cd96c840d9f2c91ff47948ad7e734b
SHA1

3001104f5014c576a840fdf6f3734a44a2361404
SHA256

8de309b3b12ec3f0115d8522179c825d77f111a56aa268f7eacb68afaa4d33c3
SHA512

a4b6e533e9314728ef47aa7e448d0f890d24521b42c6bcfd6a57b6f3074a37016fca55eed8db4b40e1afb04b7fd8fd6b55bf04ae646db3b12ae134d4483cf20d
SSDEEP

49152:SEsaNpGD0I8RlP2Oe/SOVjdxTtWNWon/cQrS8Y9vpLMP3E:fsaNpGwJu7VjdxT0N8GS8Y9vpLMM

Score

10^/10

hydra android banker infostealer trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

8de309b3b12ec3f0115d8522179c825d77f111a56aa268f7eacb68afaa4d33c3.apk

Resource

android-x86-arm-20231215-en

hydra banker infostealer trojan

android-9-x86

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

8de309b3b12ec3f0115d8522179c825d77f111a56aa268f7eacb68afaa4d33c3.apk

Resource

android-x64-20231215-en

hydra banker infostealer trojan

android-10-x64

7 signatures

150 seconds

Behavioral task

behavioral3

Sample

8de309b3b12ec3f0115d8522179c825d77f111a56aa268f7eacb68afaa4d33c3.apk

Resource

android-x64-arm64-20231215-en

hydra banker infostealer trojan

android-11-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  8de309b3b12ec3f0115d8522179c825d77f111a56aa268f7eacb68afaa4d33c3
- Size
  
  3.0MB
- MD5
  
  43cd96c840d9f2c91ff47948ad7e734b
- SHA1
  
  3001104f5014c576a840fdf6f3734a44a2361404
- SHA256
  
  8de309b3b12ec3f0115d8522179c825d77f111a56aa268f7eacb68afaa4d33c3
- SHA512
  
  a4b6e533e9314728ef47aa7e448d0f890d24521b42c6bcfd6a57b6f3074a37016fca55eed8db4b40e1afb04b7fd8fd6b55bf04ae646db3b12ae134d4483cf20d
- SSDEEP
  
  49152:SEsaNpGD0I8RlP2Oe/SOVjdxTtWNWon/cQrS8Y9vpLMP3E:fsaNpGwJu7VjdxT0N8GS8Y9vpLMM
Score

10^/10

hydra banker infostealer trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Hydra payload
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Reads information about phone network operator.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

hydrabankerinfostealertrojan

behavioral2

hydrabankerinfostealertrojan

behavioral3

hydrabankerinfostealertrojan

© 2018-2024

Terms | Privacy