hydra | 0b006e3c7fef4a508c71918096832fd8c5e2eb3d98cbc14b32d7527f2a831c07 | Triage

Sharing

General

Target

0b006e3c7fef4a508c71918096832fd8c5e2eb3d98cbc14b32d7527f2a831c07
Size

8.3MB
Sample

240831-nl2qka1cpl
MD5

007cd582080a5dcad1b2a03437f10786
SHA1

6d27f8d5340a9fb7c363339307fa299168de59b0
SHA256

0b006e3c7fef4a508c71918096832fd8c5e2eb3d98cbc14b32d7527f2a831c07
SHA512

10ae5c63c126014e2ddb7f06148ce51c289c1007a5ca136b3265911b5c0374d677992115951683eafcf08c34902dd88d33321c471a6c0906270172961da1b833
SSDEEP

196608:0E2/CZ7OGOnV5Iswxu923fDKpNA3qKMPkecH4k7PYOWy:0JWybEy9xpNAbMP3cH4kPYO7

Score

10^/10

hydra android banker collection credential_access discovery evasion infostealer persistence trojan

Malware Config

Targets

- Target
  
  4e88ad99d9d23fec0a1e3dcb508639c637f44099dbf099fef563b0bdce3db12d
- Size
  
  8.4MB
- MD5
  
  d6fabd6517729b26751e23dfa4c9ec60
- SHA1
  
  5b9025a269bb5131757ca5b6bb80410c0edc68d9
- SHA256
  
  4e88ad99d9d23fec0a1e3dcb508639c637f44099dbf099fef563b0bdce3db12d
- SHA512
  
  8182823c2a27c630f7fe64862abf8a436468250e8fb1d70a75199f11ecd47f60ef3330aba02e74d69b4db1c8606fcb58b9dde9949feb137dd89dfecdd41d080c
- SSDEEP
  
  196608:mxoNyHUeAjc1CbFM/usyNYHmEDWx0RiQdyjynFAL91:m/0jjcAbFM/N2YHmwWabyj401
Score

10^/10

hydra banker collection credential_access discovery evasion infostealer persistence trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Queries information about active data network
  discovery
- Queries the mobile country code (MCC)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Input Injection

Virtualization/Sandbox Evasion

System Checks

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

behavioral2

hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

behavioral3

hydrabankercollectioncredential_accessdiscoveryevasioninfostealertrojan