Extracted

• • Target

    cnzjhttmkttakcgd.apk

  • Size

    4.4MB

  • MD5

    5724cfd1f0c5edd71f3d451e5c02cf3c

  • SHA1

    2dfe37f73fc5174ed6b02c616c22ac1fd981aac8

  • SHA256

    83e5822562da08cbab888ba5af84aa118c298de4fdb39fde2ac3b36492816f52

  • SHA512

    389307ba8e7e0bccffea2d654f623732c9fd4b1da55567d899bb89a52766a13e8c117ec35f8ef3e634987442bc5896624b5b7279559258eef87180ef82134da0

  • SSDEEP

    98304:vM+grW9YmPdveu4nvULGfQ0A/DoGLiXJqIU0vt2:vM+gK9TCzfQ0A/MGiZqt0vt2

  Score

  10^/10

  hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra

  • Hydra payload

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access

  • Reads the contacts stored on the device.

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Performs UI accessibility actions on behalf of the user

    Application may abuse the accessibility service to prevent their removal.

    evasion

  • Queries information about active data network

    discovery

  • Queries the mobile country code (MCC)

    discovery
  behavioral1