Extracted

• • Target

    e5cdcf5aa31780284148b2816d4bf34e3dab333acf7fe147a5c76c470412c8cc.bin

  • Size

    4.9MB

  • MD5

    e072fe8f39af592bac537f9dc5a4d671

  • SHA1

    76766b4fe69d3d8233c07a6ed8859de8350eb455

  • SHA256

    e5cdcf5aa31780284148b2816d4bf34e3dab333acf7fe147a5c76c470412c8cc

  • SHA512

    207ec5b5c9a1dc6b8fb2c63b447726ef8bd5dab9bf1c29fa7cbc6cafdcacc6f6aca683ed77a7e48862834b78f1b5496b2a77872f9b64aff5c6920d11a4a46f5d

  • SSDEEP

    98304:A3IpuGGyJ7cGSbWuM/BeF/YD6VTWyJ/kZow34zetV0rcqR+ucHNvATY:Q2uKJ77O/88F0eWyJ4IScch1KY

  Score

  10^/10

  hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra

  • Hydra payload

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access

  • Reads the contacts stored on the device.

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Performs UI accessibility actions on behalf of the user

    Application may abuse the accessibility service to prevent their removal.

    evasion

  • Queries information about active data network

    discovery

  • Queries the mobile country code (MCC)

    discovery

  • Reads information about phone network operator.

    discovery
  behavioral1behavioral2behavioral3