hydra | 989b61c69e7bbb1c50a8661975ccb723aa60856b2666c549e0a9f22191d09d8f | Triage

Submit
Reports

Overview

overview

Static

static

6

989b61c69e...8f.apk

989b61c69e...8f.apk

android-10-x64

989b61c69e...8f.apk

android-11-x64

Sharing

General

Target

989b61c69e7bbb1c50a8661975ccb723aa60856b2666c549e0a9f22191d09d8f
Size

6.7MB
Sample

231220-kvklvsgfe9
MD5

0ba895632674c1245059731ccb03e043
SHA1

e4d7f3fcf8836d5c9ea78185b609cc4cb2b97ebc
SHA256

989b61c69e7bbb1c50a8661975ccb723aa60856b2666c549e0a9f22191d09d8f
SHA512

3bb5eb1ab608027cb54c8507fc1c8c87d92e898bf80fe7f70b94ddb962e65d4f7831b53188c3cc4340619580b95920926e94e09f8633df0eae7027d6543c60ef
SSDEEP

196608:s79hBGkJfS+qlDrsyCnhx86A74kCqrMh2yN3:KhBGifHq1syChxHA7yl223

Score

10^/10

hydra android banker infostealer trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

989b61c69e7bbb1c50a8661975ccb723aa60856b2666c549e0a9f22191d09d8f.apk

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

989b61c69e7bbb1c50a8661975ccb723aa60856b2666c549e0a9f22191d09d8f.apk

Resource

android-x64-20231215-en

hydra banker infostealer trojan

android-10-x64

7 signatures

150 seconds

Behavioral task

behavioral3

Sample

989b61c69e7bbb1c50a8661975ccb723aa60856b2666c549e0a9f22191d09d8f.apk

Resource

android-x64-arm64-20231215-en

hydra banker infostealer trojan

android-11-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  989b61c69e7bbb1c50a8661975ccb723aa60856b2666c549e0a9f22191d09d8f
- Size
  
  6.7MB
- MD5
  
  0ba895632674c1245059731ccb03e043
- SHA1
  
  e4d7f3fcf8836d5c9ea78185b609cc4cb2b97ebc
- SHA256
  
  989b61c69e7bbb1c50a8661975ccb723aa60856b2666c549e0a9f22191d09d8f
- SHA512
  
  3bb5eb1ab608027cb54c8507fc1c8c87d92e898bf80fe7f70b94ddb962e65d4f7831b53188c3cc4340619580b95920926e94e09f8633df0eae7027d6543c60ef
- SSDEEP
  
  196608:s79hBGkJfS+qlDrsyCnhx86A74kCqrMh2yN3:KhBGifHq1syChxHA7yl223
Score

10^/10

hydra banker infostealer trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Hydra payload
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Reads information about phone network operator.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

hydrabankerinfostealertrojan

behavioral3

hydrabankerinfostealertrojan

© 2018-2024

Terms | Privacy