Extracted

• • Target

    105affcbfc1afa6f804d47c5587becc0ca741b70fce448afa0dff3b86b9ab4b2.bin

  • Size

    2.2MB

  • MD5

    df6546b86b318a2850fa850ec71a7fcb

  • SHA1

    8a215df9bd136ed0d8449fc3f11177b1c07cde6d

  • SHA256

    105affcbfc1afa6f804d47c5587becc0ca741b70fce448afa0dff3b86b9ab4b2

  • SHA512

    da4f6158b2fb0f1cfefd22578cbe6143fd7b884d1468433dbb20d4214bd2ea2f94aa7850d8f396d7fabfea534ff336d12972b4db18a9d8cf20471077e3c7c2e4

  • SSDEEP

    49152:llE9y+wqENZFO78w1O6st+8X4/blqeZeVbiOvTKSaHbZ3+Ejt:llEkqENZ4O6sthX4U/VGgraHtuEjt

  Score

  10^/10

  hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra

  • Hydra payload

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access

  • Reads the contacts stored on the device.

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Performs UI accessibility actions on behalf of the user

    Application may abuse the accessibility service to prevent their removal.

    evasion

  • Queries information about active data network

    discovery

  • Queries the mobile country code (MCC)

    discovery

  • Reads information about phone network operator.

    discovery
  behavioral1behavioral2behavioral3