hydra | 61e49ea8ac3572e344c27742a2d53266df15266d0163470bbb56e5cd7ad78a4b

Analysis

max time kernel
2623852s
max time network
132s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23-12-2023 18:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

61e49ea8ac3572e344c27742a2d53266df15266d0163470bbb56e5cd7ad78a4b.apk
Size

7.7MB
MD5

86a3403d7a9b5a70b5ab1074e6faea47
SHA1

eed67e0b464ff00aa14e9122d618bf063f2156e5
SHA256

61e49ea8ac3572e344c27742a2d53266df15266d0163470bbb56e5cd7ad78a4b
SHA512

91b516f4cf76cd77c2e333506ce320ab1f6645c67d31b18a6e67c208831bb5870de05aacfd0834457c9418b5067bbc17f53a8e9afe5d274d05e31c389bd75f27
SSDEEP

196608:LKWKndNMyQI4/FVjt/NMC1NC3lDWx0RiQdyjynFAL9z:OWKdNMyQfNVjMzWabyj40z

Score

10^/10

hydra banker infostealer trojan

Malware Config

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

Processes:

wdc.rejg9r45.lzeg9rj/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/wdc.rejg9r45.lzeg9rj/app_apkprotector_dex/aLQPicJi.fz --output-vdex-fd=41 --oat-fd=43 --oat-location=/data/user/0/wdc.rejg9r45.lzeg9rj/app_apkprotector_dex/oat/x86/aLQPicJi.odex --compiler-filter=quicken --class-loader-context=&

ioc	pid	process
/data/user/0/wdc.rejg9r45.lzeg9rj/app_apkprotector_dex/aLQPicJi.fz	4250	wdc.rejg9r45.lzeg9rj
/data/user/0/wdc.rejg9r45.lzeg9rj/app_apkprotector_dex/aLQPicJi.fz	4280	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/wdc.rejg9r45.lzeg9rj/app_apkprotector_dex/aLQPicJi.fz --output-vdex-fd=41 --oat-fd=43 --oat-location=/data/user/0/wdc.rejg9r45.lzeg9rj/app_apkprotector_dex/oat/x86/aLQPicJi.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/wdc.rejg9r45.lzeg9rj/app_apkprotector_dex/aLQPicJi.fz	4250	wdc.rejg9r45.lzeg9rj

wdc.rejg9r45.lzeg9rj
1⤵
- Loads dropped Dex/Jar
PID:4250
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/wdc.rejg9r45.lzeg9rj/app_apkprotector_dex/aLQPicJi.fz --output-vdex-fd=41 --oat-fd=43 --oat-location=/data/user/0/wdc.rejg9r45.lzeg9rj/app_apkprotector_dex/oat/x86/aLQPicJi.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/wdc.rejg9r45.lzeg9rj/app_apkprotector_dex/aLQPicJi.fz

Filesize
609KB

MD5
4f5d40eb8307064c313dd697f1603f31

SHA1
46707100cb476a994f29094873fcace665b7b75d

SHA256
2fe26563101f695148dcc7cf1093c4c0b25947b9f63dfee925ef7d61fa5b25f8

SHA512
d559af85120610f472cea8cc66ed68a28feb3ff48e54a08c5eabe60069d0bf48f9102b8fa95c102f79f8042d5d0fdd8d98c18c339856db3b88fcf8919f3e4eb0

Download Submit
/data/data/wdc.rejg9r45.lzeg9rj/app_torfiles/geoip

Filesize
48KB

MD5
b7989f061b0349455d306c1236369ec3

SHA1
2fec27b8bc0ad905dc108b0c6a52ff8a7011ba98

SHA256
2f75798b1cf58127b6292c5ef4801b99c8f4afe8499d341fc4378fe590aa9adc

SHA512
9774d26ea2d21d0e9d6122accf6efe4e0fb8165b68fb484a340ec27d8287899bdf0ff92e9704a588914ad08445f544a93603d8dcafe18de0a716d7d417fe61a1

Download Submit
/data/data/wdc.rejg9r45.lzeg9rj/app_torfiles/torrc

Filesize
336B

MD5
32d528f3a74b2ae9240d83470f675d19

SHA1
0c8a08da3dca19d3a8700856f6782f400d685938

SHA256
26f162857107e648e9e2c6ca68239f09152ce0b2c82523cb81d72e4001331e0a

SHA512
026cab77f5c6b217f68abc58ec87fc96ee597090ccb6f17d07aed44a2c1b6b9fef1e300a095517e160ebc1d4a397e3b0caa13a8598c972c8486a2f3af0895ea4

Download Submit
/data/user/0/wdc.rejg9r45.lzeg9rj/app_apkprotector_dex/aLQPicJi.fz

Filesize
3.7MB

MD5
56448dccfc5e741906a3f341a8074529

SHA1
25b37c288294286857068096f08fcaabe5f0d15c

SHA256
5cbe8700ccfc399187ca8fa571a25247e60d9e0dba8ad885c414f1a572720482

SHA512
1e83161e5472b11df0ba39ac094be877157e06fb6d52044cfafb7d902a67c9de0ef9dcc49423ab2f1dac7011fd99e6d65e6f505a3c8a82b864820de0ca264592

Download Submit
/data/user/0/wdc.rejg9r45.lzeg9rj/app_apkprotector_dex/aLQPicJi.fz

Filesize
3.7MB

MD5
823fe6efd8bfc17675f886ec6ae2b8f4

SHA1
4d095bc5f2d9c9fa9aec6ac3ecb92cb1907eb9bc

SHA256
28c0d0f3c242b01ac37f47d79e7577cfb4ab9f0a824b4df59e3db78e836f9125

SHA512
4f0965f90642fd8e59fd35da8978b042a2170686e0d7e8d0d4b4a0f64e98bef94cb37da69cf7e79b9b536458a4da7ca273f28ebbd0022df9ed68e7ac11b32be2

Download Submit