Extracted

• • Target

    26b94bdb8981ca507111b228824b331befa872cebc2ca3a8ec6b479ea652fb32.bin

  • Size

    4.2MB

  • MD5

    e12e046ecaca5b3131a6c693e9623d7c

  • SHA1

    2d5b00336fbeaa18676879c259691e0030e0de93

  • SHA256

    26b94bdb8981ca507111b228824b331befa872cebc2ca3a8ec6b479ea652fb32

  • SHA512

    75435e967ec477af209d4c831488445a66a18aa1ee93b27017fccb067e623c8aa07a5aba8099b81b78575c93c5438e90ce6b649f8fb9f528abdb32ee64398679

  • SSDEEP

    49152:5Qwll2l1lDRwOkTZgn+C3HIXLlYO7U1wOjih3bkafWNT45mGjM7peScqmChYXS4y:DylEqH3ovgwOjwbEMw7pMChYXKj3aPs

  Score

  10^/10

  hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra

  • Hydra payload

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access

  • Reads the contacts stored on the device.

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Performs UI accessibility actions on behalf of the user

    Application may abuse the accessibility service to prevent their removal.

    evasion

  • Queries information about active data network

    discovery

  • Queries the mobile country code (MCC)

    discovery

  • Reads information about phone network operator.

    discovery
  behavioral1behavioral2behavioral3