hydra | 629b2f7b99521ec7bff2a3ef88a7affa9016bac07472f33af6c2d7568291322f | Triage

Sharing

General

Target

003d2fd8ef8fc9d4765e4bbc650ecd20ef339be94606486629c003f683cb5982.zip
Size

4.5MB
Sample

240815-xwferatbkj
MD5

3db50875438e5fa092d392ae0e73e7a1
SHA1

e26698ae51559e2c04f361935b1a62cd141138d1
SHA256

629b2f7b99521ec7bff2a3ef88a7affa9016bac07472f33af6c2d7568291322f
SHA512

111ef10d8554d369814bfc7021835b6c7f1fa834d67bcf9d809ef184b4dcd1ed7e4e1ab0a56268b3bc6bf87379b7d2366bf9fb184cce47a9549fa8e1f2ddd1a0
SSDEEP

98304:0VpoSSInDbSqSLF75CjRkEDrQ9sXCqh9A7jKenZ7AtoBMQKiaQYcCvkaYhQ:UoSnnDmqah5CLDGsha7TZ7X+QKBQov5

Score

10^/10

hydra android banker collection credential_access discovery evasion infostealer persistence trojan

Malware Config

Targets

- Target
  
  003d2fd8ef8fc9d4765e4bbc650ecd20ef339be94606486629c003f683cb5982.apk
- Size
  
  4.6MB
- MD5
  
  176d6ca459a33f3e2ac5bb9e5d30eb6c
- SHA1
  
  035e484288cc983844a08f69231ddbc9d797b17c
- SHA256
  
  003d2fd8ef8fc9d4765e4bbc650ecd20ef339be94606486629c003f683cb5982
- SHA512
  
  1f3f932db0ae3b3344284dc6eb10ee143a83bc28ff2550aef8ef693f507545f0163d0bb992364c708d8f4e3d9696f917305df91776299fa992a6de6338fde764
- SSDEEP
  
  98304:ymnJdoaleb5yyE0ABLryi1CWyHmPqQqfdf5vLMRB2PwO2vfX1kujDl:yixcNyyEprl1eGP2B5E2PwvdvXl
Score

10^/10

hydra banker collection credential_access discovery evasion infostealer persistence trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Hydra payload
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Performs UI accessibility actions on behalf of the user
  Application may abuse the accessibility service to prevent their removal.
  evasion
- Queries information about active data network
  discovery
- Queries the mobile country code (MCC)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Impair Defenses

Prevent Application Removal

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan