hydra | ab2e9fd467a198b293b276abc08d1a1c6a5e9679d5a89d1b45e31eb64b59238a | Triage

Submit
Reports

Overview

overview

Static

static

6

ab2e9fd467...8a.apk

ab2e9fd467...8a.apk

android-10-x64

ab2e9fd467...8a.apk

android-11-x64

Sharing

General

Target

ab2e9fd467a198b293b276abc08d1a1c6a5e9679d5a89d1b45e31eb64b59238a
Size

3.4MB
Sample

231220-nmebnahab2
MD5

71e293f29e636112e0a00ebac8cf3eb8
SHA1

c78b484b536d03a71f37c573f1ce5290507ce330
SHA256

ab2e9fd467a198b293b276abc08d1a1c6a5e9679d5a89d1b45e31eb64b59238a
SHA512

ee4fa7cbd8f27cd77265f3282850fb5bfa93086034fb94569f2274f1acd93333f4e9a6ed4ea4e2302c429b4a2ed6cd83f404793e9d18fa4f3864fef5209620f9
SSDEEP

98304:WkOK6nCcmZ79ZpkLSGKI0QXTPAvZAmGXVkqHpI:WDxvmJ9bkuGX07CB2OpI

Score

10^/10

hydra android banker infostealer trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

ab2e9fd467a198b293b276abc08d1a1c6a5e9679d5a89d1b45e31eb64b59238a.apk

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

ab2e9fd467a198b293b276abc08d1a1c6a5e9679d5a89d1b45e31eb64b59238a.apk

Resource

android-x64-20231215-en

hydra banker infostealer trojan

android-10-x64

7 signatures

150 seconds

Behavioral task

behavioral3

Sample

ab2e9fd467a198b293b276abc08d1a1c6a5e9679d5a89d1b45e31eb64b59238a.apk

Resource

android-x64-arm64-20231215-en

hydra banker infostealer trojan

android-11-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  ab2e9fd467a198b293b276abc08d1a1c6a5e9679d5a89d1b45e31eb64b59238a
- Size
  
  3.4MB
- MD5
  
  71e293f29e636112e0a00ebac8cf3eb8
- SHA1
  
  c78b484b536d03a71f37c573f1ce5290507ce330
- SHA256
  
  ab2e9fd467a198b293b276abc08d1a1c6a5e9679d5a89d1b45e31eb64b59238a
- SHA512
  
  ee4fa7cbd8f27cd77265f3282850fb5bfa93086034fb94569f2274f1acd93333f4e9a6ed4ea4e2302c429b4a2ed6cd83f404793e9d18fa4f3864fef5209620f9
- SSDEEP
  
  98304:WkOK6nCcmZ79ZpkLSGKI0QXTPAvZAmGXVkqHpI:WDxvmJ9bkuGX07CB2OpI
Score

10^/10

hydra banker infostealer trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Hydra payload
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Reads information about phone network operator.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

hydrabankerinfostealertrojan

behavioral3

hydrabankerinfostealertrojan

© 2018-2025

Terms | Privacy