hydra | 1101d16bdbd021d03cec94ac05abce0498ea5766923ac060caf6fa5d95ba98ca

Analysis

max time kernel
149s
max time network
150s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
18-04-2024 05:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f754fdb148454e2aaeac021374e7cd03_JaffaCakes118.apk
Size

3.0MB
MD5

f754fdb148454e2aaeac021374e7cd03
SHA1

5eaaca3b46cc0b7027c8cf5cb30be9d270315da3
SHA256

1101d16bdbd021d03cec94ac05abce0498ea5766923ac060caf6fa5d95ba98ca
SHA512

ad8579d62005d129e5428e080f75799ab82ebe0e191648a2607c04d4649e5b48770a29f49611a2745e9b24419e1d3c34de7cb381976bdc9593014256c19a3412
SSDEEP

49152:9/gDaS7maqfziYeH0Yf4l1pEH4Ct45d93ByYO9RGy1kz/KqD533nzQ4HXu:9/gDaS6Jzq04yu3tU939O9RXk/pJW

Score

10^/10

hydra banker collection discovery evasion infostealer trojan

Malware Config

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion

Input Injection

T1516

Screen Capture

T1513

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.mnjgllsx.thwzxxs
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.mnjgllsx.thwzxxs

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.mnjgllsx.thwzxxs/code_cache/secondary-dexes/base.apk.classes1.zip	4441	com.mnjgllsx.thwzxxs

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
29	ip-api.com

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.mnjgllsx.thwzxxs
1⤵
- Makes use of the framework's Accessibility service
- Loads dropped Dex/Jar
PID:4441

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Input Injection

T1516

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.mnjgllsx.thwzxxs/code_cache/secondary-dexes/base.apk.classes1.zip

Filesize
902KB

MD5
a61e3eeb358109c5524437c12145ae24

SHA1
8171bbcc8e2286bee417af43850d0acc7344af91

SHA256
441ceca064bfaf4dbc3640b69c692b4930b9ef7fc6ccc91abbd04a30468c27e7

SHA512
ea2ce8a0c0f188a33cca84ee4f6ef2c9c810bf2b91efdefce9302cf5b04eaab513682bd45412cafc9f82c299cbd28acba5d74cb9c6f2820d8051315d3d2a8cdd

Download Submit
/data/user/0/com.mnjgllsx.thwzxxs/code_cache/secondary-dexes/tmp-base.apk.classes9044785725609575895.zip

Filesize
378KB

MD5
a194c01b0f489e2d5d0852df137ef5a3

SHA1
c831f079afd7b663e9028757b432ce641b1eb5da

SHA256
d20457a00e796956f5fc6ae7629b31f573af8b301f2291d23c5da5377664089d

SHA512
4c9cde46f142d0a12a2f69c645f734d1069f946d4ced563122c5cebaf1ac60121039124fa7b23731a7ae9de6c6c24d6071c424a4215c213cc38dd3f55f9af3e7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads