Extracted

• • Target

    74aab8e0ae7d32e93b13a006fdd9cf745215ed6dbf72c7599653bfed69369efb.bin

  • Size

    1.4MB

  • MD5

    173149ab145e6fc348764312695eae99

  • SHA1

    204ddb9a89368539db3d65dbff13cd4c92e34fe0

  • SHA256

    74aab8e0ae7d32e93b13a006fdd9cf745215ed6dbf72c7599653bfed69369efb

  • SHA512

    493dc60347de545df79de27596a3e3e7667f793fa2dea68d2969c0e082cc279e97baf8a2578713c35f5c545ebb01c71e45a4541e885e65a31fdea3d7349a0c43

  • SSDEEP

    24576:OgVnyEJ6PR94Z4/JecuIi8nhBCCI3vYOh2lv4TdFGHAN:OgVnHARGZTcRi8n/6wO7TbH

  Score

  10^/10

  hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Reads the contacts stored on the device.

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Performs UI accessibility actions on behalf of the user

    Application may abuse the accessibility service to prevent their removal.

    evasion

  • Queries information about active data network

    discovery

  • Queries the mobile country code (MCC)

    discovery

  • Reads information about phone network operator.

    discovery
  behavioral1behavioral2behavioral3