hydra | b0ac55805196efd6af8d21642c3dd81ea0900847c2544404292b4bfd1ce84fa3 | Triage

Sharing

General

Target

fd66ce40e73dbfe2a1f6a718c5ca30da_JaffaCakes118
Size

4.7MB
Sample

240928-3z9ewsvcjf
MD5

fd66ce40e73dbfe2a1f6a718c5ca30da
SHA1

696431ac145a50da1b1060639d7908c682f134c8
SHA256

b0ac55805196efd6af8d21642c3dd81ea0900847c2544404292b4bfd1ce84fa3
SHA512

371c38332a1ba8e1ea8224c1d2f47f14df4e8c9f78c981aacb7fa36496e7dbe0ea06e369f9236fa61b1588f0ef5b9784be1583872df4ef6b7c9504d338c00fe3
SSDEEP

98304:hN23CGCNT1OO6CuFJaylF8ZCCfxOk13C3cFR+ARW5yYbsae+P7Wv/2TrJ1ebpFA:hI3C/NTt6HVlCZCQxERARW5galPi2TFP

Score

10^/10

hydra android banker collection credential_access discovery evasion infostealer persistence trojan

Malware Config

Targets

- Target
  
  fd66ce40e73dbfe2a1f6a718c5ca30da_JaffaCakes118
- Size
  
  4.7MB
- MD5
  
  fd66ce40e73dbfe2a1f6a718c5ca30da
- SHA1
  
  696431ac145a50da1b1060639d7908c682f134c8
- SHA256
  
  b0ac55805196efd6af8d21642c3dd81ea0900847c2544404292b4bfd1ce84fa3
- SHA512
  
  371c38332a1ba8e1ea8224c1d2f47f14df4e8c9f78c981aacb7fa36496e7dbe0ea06e369f9236fa61b1588f0ef5b9784be1583872df4ef6b7c9504d338c00fe3
- SSDEEP
  
  98304:hN23CGCNT1OO6CuFJaylF8ZCCfxOk13C3cFR+ARW5yYbsae+P7Wv/2TrJ1ebpFA:hI3C/NTt6HVlCZCQxERARW5galPi2TFP
Score

10^/10

hydra banker collection credential_access discovery evasion infostealer persistence trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Hydra payload
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Queries information about active data network
  discovery
- Queries the mobile country code (MCC)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

behavioral2

hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

behavioral3

hydrabankercollectioncredential_accessdiscoveryevasioninfostealertrojan