Analysis
-
max time kernel
1s -
max time network
65s -
platform
android-11_x64 -
resource
android-x64-arm64-20240910-en -
resource tags
arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system -
submitted
07-11-2024 12:39
Static task
static1
Behavioral task
behavioral1
Sample
e690b102119feb6355d26b98b49a8d95362126dd7b86211a0191c2ae4505e560.bin [MConverter.eu].apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
e690b102119feb6355d26b98b49a8d95362126dd7b86211a0191c2ae4505e560.bin [MConverter.eu].apk
Resource
android-x64-20240624-en
General
-
Target
e690b102119feb6355d26b98b49a8d95362126dd7b86211a0191c2ae4505e560.bin [MConverter.eu].apk
-
Size
1.5MB
-
MD5
a34a7f1135965b0a68f15227bb7b2389
-
SHA1
65016c2e45c50acc91b3bf061e760d352d3a57bd
-
SHA256
e690b102119feb6355d26b98b49a8d95362126dd7b86211a0191c2ae4505e560
-
SHA512
74325973b9d3dbc682b986d0e1db3eef2345c8a4ab910647b77e2ecac9b94cee9b5e5ace5a81f03c20fddee52fcf4dd0214f2db58a8d5b145fdacb2b58cf57c3
-
SSDEEP
24576:Q9V0Nv1z3EM8qGHBqJKcHwxaNnnO65YT9PoGzKgTNl7bt1twkheNC+LEjeVK:GV0WFheHuaNnOT93egTNl7btn5gEjmK
Malware Config
Extracted
hydra
Signatures
-
Hydra
Android banker and info stealer.
-
Hydra family
-
Hydra payload 2 IoCs
resource yara_rule behavioral3/files/fstream-4.dat family_hydra1 behavioral3/files/fstream-4.dat family_hydra2 -
Loads dropped Dex/Jar 1 TTPs 4 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /storage/emulated/0/Android/obb/com.grand.hydrar/dp/classes.dex 4795 com.grand.hydrar /storage/emulated/0/Android/obb/com.grand.hydrar/dp/classes.dex 4795 com.grand.hydrar /storage/emulated/0/Android/obb/com.grand.hydrar/dp/a.a 4795 com.grand.hydrar /storage/emulated/0/Android/obb/com.grand.hydrar/dp/a.a 4795 com.grand.hydrar -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.grand.hydrar
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
274KB
MD51e37ffd1218c4f8a1ff15500f787831d
SHA1080a6851a77b28ed97bdb90109dace30b791e754
SHA25614a275985219d4db67b582851b8798c830299d2a2d8382c673d8fa57def0bf3e
SHA512518e35a464d41fe545a56e826b9446270fef8124bd061b8d38140581c3522606cbd48043347fcc11f8eaa249997fc4bd0282f0e74b604b580dfa3ebc28cbf366
-
Filesize
2.2MB
MD502ef6c7be109d21fe361f4afebd5824c
SHA19511d3dc829cdecc2c6302245fdcd3ba55690fc6
SHA25663b346eff1e062168d8e9674cd33d8c4286456f786163792b7e114e4112ae4ab
SHA512459fa7a02e0543b6c4a9ea2170242594f7ddc9dd05fa601e94fb3995bf0152d77000a57b2b917f03833afa2119ecdb1d13b9588ff3a99ed55ee282742c82b9be
-
Filesize
67KB
MD526a319052fc4cafa8a2a8fc69942a153
SHA13159c01f2bef33e481a89800038fefb0e00bddc4
SHA2565fe4af0039643c70ec19db55972fa36bb6a751dc4ba8e88da555327f4497f65e
SHA51201590da111011918d99f56679b6e52b656fe6519a3e799fc2a988191943a3b3ee4f1575b30bc2d54ec5b7f8b825bb42d230041690d34b0e62d0cc8c56901ae44
-
Filesize
1005KB
MD5cf439a4b22797965fd40f5e53990e3a1
SHA1dbcf62946e69851c1429789a9e0ca72bf63a9047
SHA256ad06ffe5ad52bf51a762b850734229f1ab5b195c4e237b0a43d660a3a1c58928
SHA5121704f2292fd9323dbd9a60d558a3fed900a5b0a9d5563911de42e2e1a408eb41ae8aa8c4da2eab9770db4f007b91a8e54df55f5e93c3ddbbdfa8fe2ce8198f5b
-
Filesize
963KB
MD526d1342cdcf83f550cb1156148c1b2de
SHA1989ecc4a7ed46aa33dbc8b8385d72de4a852965c
SHA256f2b1e6fe55f2ecffc5ad9245866849d534fdb2bcd093384ec5d1aac975a05d0c
SHA51287b0df59ac9467a920fe76a01062e82b62f9a6646f1e1566ff00edd98298ff924cd7ccfad9e5064d9b82ed812e889afbb62743b6f325a8ce5bd0877a6a1d5104