hydra | a78ee7c33c6f5cefec6d8066c183d2da581b1f9cba78645a23feb16b9e84eafa | Triage

Submit
Reports

Overview

overview

Static

static

6

a78ee7c33c...fa.apk

a78ee7c33c...fa.apk

android-10-x64

a78ee7c33c...fa.apk

android-11-x64

Sharing

General

Target

a78ee7c33c6f5cefec6d8066c183d2da581b1f9cba78645a23feb16b9e84eafa
Size

3.0MB
Sample

231220-m4d7jscbbn
MD5

45b53a540cf8acd6bfeee8cf25132011
SHA1

7e1fc57a9abf6e09476bc912235ad658f9168f63
SHA256

a78ee7c33c6f5cefec6d8066c183d2da581b1f9cba78645a23feb16b9e84eafa
SHA512

3148c54e3a8b22ea5381f5c7bc1593771f720e484eb7660450d5fac19428020ddca0a1107b35a34de8ee1fdf53244b30171d6046238e1727cd4bf953a3736d09
SSDEEP

49152:Hlkl9aZNeNtqmzuBbyq2r4LtDun1sfkOfm+mohRBAK4c2edZHsF9h5cJI2eHGU7i:HIm0NqwbiQnyf7tecjGN+Olj77+rh

Score

10^/10

hydra android banker infostealer trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

a78ee7c33c6f5cefec6d8066c183d2da581b1f9cba78645a23feb16b9e84eafa.apk

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

a78ee7c33c6f5cefec6d8066c183d2da581b1f9cba78645a23feb16b9e84eafa.apk

Resource

android-x64-20231215-en

hydra banker infostealer trojan

android-10-x64

7 signatures

150 seconds

Behavioral task

behavioral3

Sample

a78ee7c33c6f5cefec6d8066c183d2da581b1f9cba78645a23feb16b9e84eafa.apk

Resource

android-x64-arm64-20231215-en

hydra banker infostealer trojan

android-11-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  a78ee7c33c6f5cefec6d8066c183d2da581b1f9cba78645a23feb16b9e84eafa
- Size
  
  3.0MB
- MD5
  
  45b53a540cf8acd6bfeee8cf25132011
- SHA1
  
  7e1fc57a9abf6e09476bc912235ad658f9168f63
- SHA256
  
  a78ee7c33c6f5cefec6d8066c183d2da581b1f9cba78645a23feb16b9e84eafa
- SHA512
  
  3148c54e3a8b22ea5381f5c7bc1593771f720e484eb7660450d5fac19428020ddca0a1107b35a34de8ee1fdf53244b30171d6046238e1727cd4bf953a3736d09
- SSDEEP
  
  49152:Hlkl9aZNeNtqmzuBbyq2r4LtDun1sfkOfm+mohRBAK4c2edZHsF9h5cJI2eHGU7i:HIm0NqwbiQnyf7tecjGN+Olj77+rh
Score

10^/10

hydra banker infostealer trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Hydra payload
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Reads information about phone network operator.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

hydrabankerinfostealertrojan

behavioral3

hydrabankerinfostealertrojan

© 2018-2024

Terms | Privacy