Extracted

• • Target

    ddf446f2164bcf6bd46af668dd245fafb3c32d7b5620bfa7577978a8ace2acc3.bin

  • Size

    1.2MB

  • MD5

    8660acf5909d0af99d843b2e268d16ae

  • SHA1

    6f7649255b1cb7950e19e8ce78dcdf33b62020d7

  • SHA256

    ddf446f2164bcf6bd46af668dd245fafb3c32d7b5620bfa7577978a8ace2acc3

  • SHA512

    e6531e8290676614f0f46730f7bab1c3414efafef656d37d4142549b316e0df5718a8eb4211feb29f3d7b853b7968983618640fd3569dabb4c2266e85da2ff39

  • SSDEEP

    24576:8FjqE4sijToAeMf2w9jrf28k434tyqtG5pbheOoeEj6+DhssEja:s4scTX9jrf2wqoj4N6s1Eja

  Score

  10^/10

  hydrabankerevasioninfostealertrojancollectioncredential_accessdiscoverypersistence

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra

  • Hydra payload

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access

  • Reads the contacts stored on the device.

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Performs UI accessibility actions on behalf of the user

    Application may abuse the accessibility service to prevent their removal.

    evasion

  • Queries information about active data network

    discovery

  • Queries the mobile country code (MCC)

    discovery

  • Reads information about phone network operator.

    discovery
  behavioral1behavioral2behavioral3