hydra | 7823e4a4bf3223cac35ba1f2a83ab618432033d37c6bcc9deaad82231f1dcc18 | Triage

Sharing

General

Target

7823e4a4bf3223cac35ba1f2a83ab618432033d37c6bcc9deaad82231f1dcc18.bin
Size

2.7MB
Sample

240903-1w7qsayarm
MD5

1db576879cedc1ea1423919901b20f03
SHA1

d63474a2d8f4e179c2b96410d41ac8075ce99e9b
SHA256

7823e4a4bf3223cac35ba1f2a83ab618432033d37c6bcc9deaad82231f1dcc18
SHA512

b0b1b7e3cffc54ec12de812797a1e6af4c41e41588e98c35336d92a7fb3f339745af6c1cda062966a2fa51695195beaffcbdc14bbb0db4d665dc9932a69bc235
SSDEEP

49152:Lee8wd3LnlICoXiLMjCRFctD4AaVYvR9wvJTE1CoYpAQ/BiZN72aGM9OP6:LRH35QjCMtMAaCJyvJo72oZNo+Oi

Score

10^/10

hydra android banker collection credential_access discovery evasion infostealer persistence trojan

Malware Config

Targets

- Target
  
  7823e4a4bf3223cac35ba1f2a83ab618432033d37c6bcc9deaad82231f1dcc18.bin
- Size
  
  2.7MB
- MD5
  
  1db576879cedc1ea1423919901b20f03
- SHA1
  
  d63474a2d8f4e179c2b96410d41ac8075ce99e9b
- SHA256
  
  7823e4a4bf3223cac35ba1f2a83ab618432033d37c6bcc9deaad82231f1dcc18
- SHA512
  
  b0b1b7e3cffc54ec12de812797a1e6af4c41e41588e98c35336d92a7fb3f339745af6c1cda062966a2fa51695195beaffcbdc14bbb0db4d665dc9932a69bc235
- SSDEEP
  
  49152:Lee8wd3LnlICoXiLMjCRFctD4AaVYvR9wvJTE1CoYpAQ/BiZN72aGM9OP6:LRH35QjCMtMAaCJyvJo72oZNo+Oi
Score

10^/10

hydra banker collection credential_access discovery evasion infostealer persistence trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Hydra payload
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Queries information about active data network
  discovery
- Queries the mobile country code (MCC)
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

behavioral2

hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

behavioral3