Analysis

  • max time kernel
    1s
  • max time network
    65s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    07-11-2024 12:39

General

  • Target

    e690b102119feb6355d26b98b49a8d95362126dd7b86211a0191c2ae4505e560.bin [MConverter.eu].apk

  • Size

    1.5MB

  • MD5

    a34a7f1135965b0a68f15227bb7b2389

  • SHA1

    65016c2e45c50acc91b3bf061e760d352d3a57bd

  • SHA256

    e690b102119feb6355d26b98b49a8d95362126dd7b86211a0191c2ae4505e560

  • SHA512

    74325973b9d3dbc682b986d0e1db3eef2345c8a4ab910647b77e2ecac9b94cee9b5e5ace5a81f03c20fddee52fcf4dd0214f2db58a8d5b145fdacb2b58cf57c3

  • SSDEEP

    24576:Q9V0Nv1z3EM8qGHBqJKcHwxaNnnO65YT9PoGzKgTNl7bt1twkheNC+LEjeVK:GV0WFheHuaNnOT93egTNl7btn5gEjmK

Malware Config

Extracted

Family

hydra

AES_key

Signatures

  • Hydra

    Android banker and info stealer.

  • Hydra family
  • Hydra payload 2 IoCs
  • Loads dropped Dex/Jar 1 TTPs 4 IoCs

    Runs executable file dropped to the device during analysis.

  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.grand.hydrar
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4795

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.grand.hydrar/files/libdexload_arm64.so

    Filesize

    274KB

    MD5

    1e37ffd1218c4f8a1ff15500f787831d

    SHA1

    080a6851a77b28ed97bdb90109dace30b791e754

    SHA256

    14a275985219d4db67b582851b8798c830299d2a2d8382c673d8fa57def0bf3e

    SHA512

    518e35a464d41fe545a56e826b9446270fef8124bd061b8d38140581c3522606cbd48043347fcc11f8eaa249997fc4bd0282f0e74b604b580dfa3ebc28cbf366

  • /storage/emulated/0/Android/obb/com.grand.hydrar/dp/a.a (deleted)

    Filesize

    2.2MB

    MD5

    02ef6c7be109d21fe361f4afebd5824c

    SHA1

    9511d3dc829cdecc2c6302245fdcd3ba55690fc6

    SHA256

    63b346eff1e062168d8e9674cd33d8c4286456f786163792b7e114e4112ae4ab

    SHA512

    459fa7a02e0543b6c4a9ea2170242594f7ddc9dd05fa601e94fb3995bf0152d77000a57b2b917f03833afa2119ecdb1d13b9588ff3a99ed55ee282742c82b9be

  • /storage/emulated/0/Android/obb/com.grand.hydrar/dp/classes.dex (deleted)

    Filesize

    67KB

    MD5

    26a319052fc4cafa8a2a8fc69942a153

    SHA1

    3159c01f2bef33e481a89800038fefb0e00bddc4

    SHA256

    5fe4af0039643c70ec19db55972fa36bb6a751dc4ba8e88da555327f4497f65e

    SHA512

    01590da111011918d99f56679b6e52b656fe6519a3e799fc2a988191943a3b3ee4f1575b30bc2d54ec5b7f8b825bb42d230041690d34b0e62d0cc8c56901ae44

  • /storage/emulated/0/Android/obb/com.grand.hydrar/dp/classes2.dex (deleted)

    Filesize

    1005KB

    MD5

    cf439a4b22797965fd40f5e53990e3a1

    SHA1

    dbcf62946e69851c1429789a9e0ca72bf63a9047

    SHA256

    ad06ffe5ad52bf51a762b850734229f1ab5b195c4e237b0a43d660a3a1c58928

    SHA512

    1704f2292fd9323dbd9a60d558a3fed900a5b0a9d5563911de42e2e1a408eb41ae8aa8c4da2eab9770db4f007b91a8e54df55f5e93c3ddbbdfa8fe2ce8198f5b

  • /storage/emulated/0/Android/obb/com.grand.hydrar/dp/monay (deleted)

    Filesize

    963KB

    MD5

    26d1342cdcf83f550cb1156148c1b2de

    SHA1

    989ecc4a7ed46aa33dbc8b8385d72de4a852965c

    SHA256

    f2b1e6fe55f2ecffc5ad9245866849d534fdb2bcd093384ec5d1aac975a05d0c

    SHA512

    87b0df59ac9467a920fe76a01062e82b62f9a6646f1e1566ff00edd98298ff924cd7ccfad9e5064d9b82ed812e889afbb62743b6f325a8ce5bd0877a6a1d5104