hydra | d1bffe037087229a3ee86d4ab6a5f9e8f9de9c97b062055dcc09e95a0a63d7a7 | Triage

Sharing

General

Target

d1bffe037087229a3ee86d4ab6a5f9e8f9de9c97b062055dcc09e95a0a63d7a7.bin
Size

4.3MB
Sample

240730-1xrqys1flk
MD5

4139c26388e4dc5ca08b36d103b225ea
SHA1

f656e5c271fe5fed3b23d28a52a9790b2fcbd3ba
SHA256

d1bffe037087229a3ee86d4ab6a5f9e8f9de9c97b062055dcc09e95a0a63d7a7
SHA512

e35d2389383d027f9b3b71e5f11b3b3b245c6ce39d7b2aade9d424f3903324fd51c9bc692a5309ae2528b70c562bc366c49717b21bff2bf45fc73916f91acb09
SSDEEP

98304:P10YaLxIEJ+gfScHk/xVnqBtO8ydyuFQ5AVJAz2B:PCYa1IOqcEDnktOJM5+JN

Score

10^/10

hydra android banker collection credential_access discovery evasion infostealer persistence trojan

Malware Config

Targets

- Target
  
  d1bffe037087229a3ee86d4ab6a5f9e8f9de9c97b062055dcc09e95a0a63d7a7.bin
- Size
  
  4.3MB
- MD5
  
  4139c26388e4dc5ca08b36d103b225ea
- SHA1
  
  f656e5c271fe5fed3b23d28a52a9790b2fcbd3ba
- SHA256
  
  d1bffe037087229a3ee86d4ab6a5f9e8f9de9c97b062055dcc09e95a0a63d7a7
- SHA512
  
  e35d2389383d027f9b3b71e5f11b3b3b245c6ce39d7b2aade9d424f3903324fd51c9bc692a5309ae2528b70c562bc366c49717b21bff2bf45fc73916f91acb09
- SSDEEP
  
  98304:P10YaLxIEJ+gfScHk/xVnqBtO8ydyuFQ5AVJAz2B:PCYa1IOqcEDnktOJM5+JN
Score

10^/10

hydra banker collection credential_access discovery evasion infostealer persistence trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Hydra payload
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Queries information about active data network
  discovery
- Queries the mobile country code (MCC)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

behavioral2

hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

behavioral3

hydrabankercollectioncredential_accessdiscoveryevasioninfostealertrojan