Extracted

• • Target

    3cbb781b869982c73980cea6e96aa18f9d1f4aaee96ced38291c2481adb44ccd.bin

  • Size

    5.0MB

  • MD5

    b5f231d6028f434a98ca31b81d4ee6b5

  • SHA1

    b23cf7c3c7a04973a428f8ec6a052fc62143888b

  • SHA256

    3cbb781b869982c73980cea6e96aa18f9d1f4aaee96ced38291c2481adb44ccd

  • SHA512

    668aa7274ba674e612317f69dae427df881d4c9c140996e8d7f89e7c3efb66ccd133748f9b4558c15a1c0ebe093fde91d107e013baa2a405f6d0f4af03339dae

  • SSDEEP

    98304:k/Ix+SSeBexGm/KaOTgWRluKG+pkG0kjW+GTrWeNS:hx+SCxGmiVluKxbW+GGMS

  Score

  10^/10

  hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra

  • Hydra payload

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access

  • Reads the contacts stored on the device.

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Performs UI accessibility actions on behalf of the user

    Application may abuse the accessibility service to prevent their removal.

    evasion

  • Queries information about active data network

    discovery

  • Queries the mobile country code (MCC)

    discovery

  • Reads information about phone network operator.

    discovery
  behavioral1behavioral2behavioral3