hydra | 4e20b8bf1a926e7d5b84e75c920457d9dc572ec78b9a23d1b08afcefe9b78e5c

Analysis

max time kernel
174s
max time network
184s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
04-08-2024 22:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4e20b8bf1a926e7d5b84e75c920457d9dc572ec78b9a23d1b08afcefe9b78e5c.apk
Size

4.4MB
MD5

34d77868cbf62fda6b88a5c7b037d3f3
SHA1

00cdfeaa48544e5c6f0ba3d9329bb015e51e5972
SHA256

4e20b8bf1a926e7d5b84e75c920457d9dc572ec78b9a23d1b08afcefe9b78e5c
SHA512

c4e6e76c670d94062cedac1abfa814e2062087cc12626581c66754b642c17f5d296a5e37b546a9549f30a9a96e59daea8e2b7f86786f999b75124791f4bbcd8b
SSDEEP

98304:LCVeYx5HKqvpDRG1DMlRiQQxX/sqS1zHOrBNI:LqXHNvwp5sjzau

Score

10^/10

hydra banker collection credential_access discovery evasion infostealer trojan

Malware Config

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/phwbin.meww.xojktruujg/app_DynamicOptDex/OF.json	4455	phwbin.meww.xojktruujg
/data/user/0/phwbin.meww.xojktruujg/app_DynamicOptDex/OF.json	4455	phwbin.meww.xojktruujg

Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	phwbin.meww.xojktruujg
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	phwbin.meww.xojktruujg

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	phwbin.meww.xojktruujg

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	phwbin.meww.xojktruujg

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

phwbin.meww.xojktruujg
1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Queries information about active data network
- Queries the mobile country code (MCC)
PID:4455

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/phwbin.meww.xojktruujg/app_DynamicOptDex/OF.json

Filesize
2.6MB

MD5
a1fe9c54a7f9befa304187869fac76da

SHA1
53908c10ecc50d1235bf7f1b292323dfc1bd858d

SHA256
96c14703d56809246c5137cc9d361bb6fe7e6844bd97efe0378473c5e1fa6e3a

SHA512
44b870e299d303d86b3fd2196e8c77124a40d3ed0e3aec9e3909874951f98485fdabc2e9866cf4d424350dccaa6809fa6021c3c97a435182d7d55918de159b6b

Download Submit
/data/user/0/phwbin.meww.xojktruujg/app_DynamicOptDex/OF.json

Filesize
2.6MB

MD5
db0f230a0e1a546f83769c613d986299

SHA1
50317405a49a3b257ad1b2cc5f854cafefedb80f

SHA256
8b42329687f8371c8a018fc98f0c3701670c891a7edf044b3478a0c9316818e4

SHA512
56e8f504c3e2da8a136a3db7316368325814e5fdcf09ab47442432583f5df47691bb36cb4a912f6a1bb78e0e2f61f21e805a297e6c9d591f6bb97881b0852713

Download Submit
/data/user/0/phwbin.meww.xojktruujg/app_DynamicOptDex/oat/OF.json.cur.prof

Filesize
1KB

MD5
258af9653cf312bdc620fb5c8fe04fd2

SHA1
1e45e34ad76483f1f0d02f0164a367da45569dcf

SHA256
709eb025c95c8ac7b8071836898ae2378ba7d375d85a6ba75dba87e8290a11e2

SHA512
1250a46f3caae56bd3256eca3452adc0e1368fce3ec8d40a23da27ad8c1c62084dd88b6f82b8fd9cdfef24bae6fac185422a3e520cf973cdfcb7045e21a47dd0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads