Extracted

• • Target

    8624b1b1da109c24bb78601096b7cb5960418e506b1eaf30e852eaca4555d648.bin

  • Size

    1.4MB

  • MD5

    629f307aca2b07e737fcf686e812dc18

  • SHA1

    b9d86b36fa6f5c351781fea8752b57193ac61ee5

  • SHA256

    8624b1b1da109c24bb78601096b7cb5960418e506b1eaf30e852eaca4555d648

  • SHA512

    8ecba226eb654bd25a34d46a28242987d9d416b0847bd2bd5634e426c524da266c4885e5843f324fb0b6b195ce20740ee0053d29859b85b09001391783950dfd

  • SSDEEP

    24576:jgVnWeJ6vBZZZJaER47HTRPZ+YTnyN+/iL0z4csK3mPuISugmZHKXsdxu:jgVnRYBbZJdRmdP0g6L0zzmP5SlmZrdo

  Score

  10^/10

  hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Reads the contacts stored on the device.

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Performs UI accessibility actions on behalf of the user

    Application may abuse the accessibility service to prevent their removal.

    evasion

  • Queries information about active data network

    discovery

  • Queries the mobile country code (MCC)

    discovery

  • Reads information about phone network operator.

    discovery
  behavioral1behavioral2behavioral3