hydra | 676252be67035bf42b740041865d8a902988eb32111bcf9995e5ae774c420930 | Triage

Sharing

General

Target

676252be67035bf42b740041865d8a902988eb32111bcf9995e5ae774c420930.bin
Size

4.7MB
Sample

240808-1xerdsvapa
MD5

9fc0aa2fac6d9f36c2bc26cfec8278ce
SHA1

f768666ee5f2c8a197bbc95a0b8a674d919c7c08
SHA256

676252be67035bf42b740041865d8a902988eb32111bcf9995e5ae774c420930
SHA512

6ade9d6c32caaa03449e973b9f7e934c07b1ca84e48469cf379abfa81dcf0699b4fcf3e2f85022cd5324d256682edb0d17a768bc8f05562836a8d57588b50c15
SSDEEP

98304:DEJefbQL79Az8VCvGvPEhnzKIrzj5LFnGmu3FOT:D1f4hLVCPzKIrzJu1c

Score

10^/10

hydra android banker collection credential_access defense_evasion discovery evasion infostealer persistence trojan

Malware Config

Extracted

Family

hydra

C2

https://gist.githubusercontent.com/olimpiamilano200/65c0969b6dc440233852de072ac97545/raw/helloworld.json

Targets

- Target
  
  676252be67035bf42b740041865d8a902988eb32111bcf9995e5ae774c420930.bin
- Size
  
  4.7MB
- MD5
  
  9fc0aa2fac6d9f36c2bc26cfec8278ce
- SHA1
  
  f768666ee5f2c8a197bbc95a0b8a674d919c7c08
- SHA256
  
  676252be67035bf42b740041865d8a902988eb32111bcf9995e5ae774c420930
- SHA512
  
  6ade9d6c32caaa03449e973b9f7e934c07b1ca84e48469cf379abfa81dcf0699b4fcf3e2f85022cd5324d256682edb0d17a768bc8f05562836a8d57588b50c15
- SSDEEP
  
  98304:DEJefbQL79Az8VCvGvPEhnzKIrzj5LFnGmu3FOT:D1f4hLVCPzKIrzJu1c
Score

10^/10

hydra banker collection credential_access defense_evasion discovery evasion infostealer persistence trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Hydra family
  hydra
- Hydra payload
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection defense_evasion credential_access
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Queries information about active data network
  discovery
- Queries the mobile country code (MCC)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

hydrabankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealerpersistencetrojan

behavioral2

hydrabankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealerpersistencetrojan

behavioral3

hydrabankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealertrojan