Extracted

• • Target

    ccfc01451f59118de06d8c111414bd33ce999a4598b7b79e312eb3aed149be9d.bin

  • Size

    4.2MB

  • MD5

    0f09c871dfa2d2bcde1a1954d2e4fa97

  • SHA1

    a514df1d400a0671f2d389809f77f7f0339b4090

  • SHA256

    ccfc01451f59118de06d8c111414bd33ce999a4598b7b79e312eb3aed149be9d

  • SHA512

    30912f44a4654174ed3a9601ed81c10976e27a59239290bfc02f0689eb741a4900302879bd6f395bbde815f5d65b048bf88774ae5ccda952bba2e14948bcb863

  • SSDEEP

    98304:TZnOfqyBXjGz/7Wkp3JMOte4wM0LhIIYaca2GZIwTIENX4G:1nOBq/7fJzBwhYdaaxG

  Score

  10^/10

  hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra

  • Hydra payload

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access

  • Reads the contacts stored on the device.

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Performs UI accessibility actions on behalf of the user

    Application may abuse the accessibility service to prevent their removal.

    evasion

  • Queries information about active data network

    discovery

  • Queries the mobile country code (MCC)

    discovery

  • Reads information about phone network operator.

    discovery
  behavioral1behavioral2behavioral3