Extracted

• • Target

    87226492a1c4f5126d3aa27b7dae24fcd9bc57817a69cb5d817f617bac6ed7e8.bin

  • Size

    1.4MB

  • MD5

    8a9cb772f5b7ddfac139da6372bcdbe9

  • SHA1

    ff9e55b1e648ab9946325de112420ed098ea5b4d

  • SHA256

    87226492a1c4f5126d3aa27b7dae24fcd9bc57817a69cb5d817f617bac6ed7e8

  • SHA512

    4b33920e6f154dde132566f2dc7a246a09b87b8a89147e4aac7ee78dc103ed10f81c7d967b612c77c454a07e719188ed6eee1b76f6f37aabbf3d66a271ad52a4

  • SSDEEP

    24576:0gVnAEJ6PR94Z4/JecuIi8nhBCCI3vYOh2lv4TdFGHAor:0gVnxARGZTcRi8n/6wO7Tb0

  Score

  10^/10

  hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Reads the contacts stored on the device.

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Performs UI accessibility actions on behalf of the user

    Application may abuse the accessibility service to prevent their removal.

    evasion

  • Queries information about active data network

    discovery

  • Queries the mobile country code (MCC)

    discovery

  • Reads information about phone network operator.

    discovery
  behavioral1behavioral2behavioral3