hydra | faaf963fd84d0e7c86f8750115f5291f0692d0aca0f97e151cf4cc870a65d88e | Triage

Sharing

General

Target

edc5eeb1f0ff10f5e2506d9d032a8d67_JaffaCakes118
Size

8.4MB
Sample

240411-s5e35aef26
MD5

edc5eeb1f0ff10f5e2506d9d032a8d67
SHA1

d0bdb0b5d99286cef289d87e6fdf281493f34898
SHA256

faaf963fd84d0e7c86f8750115f5291f0692d0aca0f97e151cf4cc870a65d88e
SHA512

afd953d97d3ec0b1baaa34dd003a29340e3828d4a6d7ea1261079e7f049af5f5bc75a5ce0c4f441be5bf801cdf03f0fbfcb5913822c92ae14de413c2c88b9c39
SSDEEP

196608:w64mXiT5+b3XRnkyNsikDWx0RiQdyjynFAL9h:w6rXiT5+b3hk2siQWabyj40h

Score

10^/10

hydra android banker collection discovery evasion infostealer trojan

Malware Config

Targets

- Target
  
  edc5eeb1f0ff10f5e2506d9d032a8d67_JaffaCakes118
- Size
  
  8.4MB
- MD5
  
  edc5eeb1f0ff10f5e2506d9d032a8d67
- SHA1
  
  d0bdb0b5d99286cef289d87e6fdf281493f34898
- SHA256
  
  faaf963fd84d0e7c86f8750115f5291f0692d0aca0f97e151cf4cc870a65d88e
- SHA512
  
  afd953d97d3ec0b1baaa34dd003a29340e3828d4a6d7ea1261079e7f049af5f5bc75a5ce0c4f441be5bf801cdf03f0fbfcb5913822c92ae14de413c2c88b9c39
- SSDEEP
  
  196608:w64mXiT5+b3XRnkyNsikDWx0RiQdyjynFAL9h:w6rXiT5+b3hk2siQWabyj40h
Score

10^/10

hydra banker collection discovery evasion infostealer trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Input Injection

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

hydrabankercollectiondiscoveryevasioninfostealertrojan

behavioral2

hydrabankercollectiondiscoveryevasioninfostealertrojan

behavioral3

hydrabankercollectiondiscoveryevasioninfostealertrojan