hydra | 4c9b59f488b0b3dcbf725bdf5f956fb18600da0687edf728a647590cf4c6ce67 | Triage

Sharing

General

Target

62fb51c219728f90500e55b65c7a6d01_JaffaCakes118
Size

3.0MB
Sample

241020-sznhbavhnb
MD5

62fb51c219728f90500e55b65c7a6d01
SHA1

e8a874600e78886e5525aafbeb7d6284e980c169
SHA256

4c9b59f488b0b3dcbf725bdf5f956fb18600da0687edf728a647590cf4c6ce67
SHA512

1558dc6267509fc9191576c6262f124e3b3670954f16d56feebd94d503133995a0c34855de3af8d32e6b9b84df60acef8a452baed320b816c45201ecb807d816
SSDEEP

49152:JaGqhp1D63F6EKYEqmyiewjnKDf0JuhUTSo8+/oWb0x4puM/X97f4Jkl5I+kcW5M:JO/1wQqmyWWD0Wo88rs4cwxQJg+vcWW

Score

10^/10

hydra android banker collection credential_access discovery evasion infostealer persistence trojan

Malware Config

Targets

- Target
  
  62fb51c219728f90500e55b65c7a6d01_JaffaCakes118
- Size
  
  3.0MB
- MD5
  
  62fb51c219728f90500e55b65c7a6d01
- SHA1
  
  e8a874600e78886e5525aafbeb7d6284e980c169
- SHA256
  
  4c9b59f488b0b3dcbf725bdf5f956fb18600da0687edf728a647590cf4c6ce67
- SHA512
  
  1558dc6267509fc9191576c6262f124e3b3670954f16d56feebd94d503133995a0c34855de3af8d32e6b9b84df60acef8a452baed320b816c45201ecb807d816
- SSDEEP
  
  49152:JaGqhp1D63F6EKYEqmyiewjnKDf0JuhUTSo8+/oWb0x4puM/X97f4Jkl5I+kcW5M:JO/1wQqmyWWD0Wo88rs4cwxQJg+vcWW
Score

10^/10

hydra banker collection credential_access discovery evasion infostealer persistence trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Queries information about active data network
  discovery
- Queries the mobile country code (MCC)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

behavioral2

hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

behavioral3

hydrabankercollectioncredential_accessdiscoveryevasioninfostealertrojan