Extracted

• • Target

    8e8209eb56f3988d82812ccad4188d4e38333d8d4bee6b778101a994dc3c9790.bin

  • Size

    4.2MB

  • MD5

    8557a80dc95f26b3d163e42dc2e81a2c

  • SHA1

    b6aa0023746d5f55ddd929f8e4382503dd80684e

  • SHA256

    8e8209eb56f3988d82812ccad4188d4e38333d8d4bee6b778101a994dc3c9790

  • SHA512

    9ea3d2d7bfd18853b44918db938b2dc5cdbb2aa39cb5fde3d77b4f54e5ed3fbd6643f9da0029711d5f42ece0ee57bd3242ba6bd0c712e15aeec2853d208f0eaf

  • SSDEEP

    98304:fi6A85DeolhDHHyUZ0dL7wY3RnL6yjiiImSJSJ7lqU5:fvA85BrDHHyU2R7wY3tBA+J7lqU5

  Score

  10^/10

  hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra

  • Hydra payload

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access

  • Reads the contacts stored on the device.

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Performs UI accessibility actions on behalf of the user

    Application may abuse the accessibility service to prevent their removal.

    evasion

  • Queries information about active data network

    discovery

  • Queries the mobile country code (MCC)

    discovery

  • Reads information about phone network operator.

    discovery
  behavioral1behavioral2behavioral3