hydra | a3b826de0c445f0924c50939494a26b0d99ef3ccac80faacca98673625656278 | Triage

Submit
Reports

Overview

overview

Static

static

6

a3b826de0c...78.apk

a3b826de0c...78.apk

android-10-x64

a3b826de0c...78.apk

android-11-x64

Sharing

General

Target

a3b826de0c445f0924c50939494a26b0d99ef3ccac80faacca98673625656278
Size

3.9MB
Sample

231220-mj8wesdfc6
MD5

29dbb4d3b12ef397538f6bfc04005af4
SHA1

a66e0803bcd3de355c4a0bbfc8cbe37141564b89
SHA256

a3b826de0c445f0924c50939494a26b0d99ef3ccac80faacca98673625656278
SHA512

5abfd4248dc26e17b751158fa8099db65f13eb96a1194d6d2d73a0ff8ee518b346d0ccd31eca8ae59822f950b22ab0861077fcbac067c864ed812fc19ae8d544
SSDEEP

98304:KoFFYtf1csBoNed4ri6MUp28jXTzUQqMMb5hMhk3hl1pcTSyFtBUZ:KtocIi6MQj3UQqMMOk3hl1pcTSyFtqZ

Score

10^/10

hydra android banker infostealer trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

a3b826de0c445f0924c50939494a26b0d99ef3ccac80faacca98673625656278.apk

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

a3b826de0c445f0924c50939494a26b0d99ef3ccac80faacca98673625656278.apk

Resource

android-x64-20231215-en

hydra banker infostealer trojan

android-10-x64

7 signatures

150 seconds

Behavioral task

behavioral3

Sample

a3b826de0c445f0924c50939494a26b0d99ef3ccac80faacca98673625656278.apk

Resource

android-x64-arm64-20231215-en

hydra banker infostealer trojan

android-11-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  a3b826de0c445f0924c50939494a26b0d99ef3ccac80faacca98673625656278
- Size
  
  3.9MB
- MD5
  
  29dbb4d3b12ef397538f6bfc04005af4
- SHA1
  
  a66e0803bcd3de355c4a0bbfc8cbe37141564b89
- SHA256
  
  a3b826de0c445f0924c50939494a26b0d99ef3ccac80faacca98673625656278
- SHA512
  
  5abfd4248dc26e17b751158fa8099db65f13eb96a1194d6d2d73a0ff8ee518b346d0ccd31eca8ae59822f950b22ab0861077fcbac067c864ed812fc19ae8d544
- SSDEEP
  
  98304:KoFFYtf1csBoNed4ri6MUp28jXTzUQqMMb5hMhk3hl1pcTSyFtBUZ:KtocIi6MQj3UQqMMOk3hl1pcTSyFtqZ
Score

10^/10

hydra banker infostealer trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Hydra payload
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Reads information about phone network operator.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

hydrabankerinfostealertrojan

behavioral3

hydrabankerinfostealertrojan

© 2018-2024

Terms | Privacy