Extracted

• • Target

    3bd89198a415abc6de842e82a422a3819dc26ed84e570c98910dc6705efba682.bin

  • Size

    2.9MB

  • MD5

    fb1d3d89bfa11dfd4017f28fca3a26e3

  • SHA1

    a17278137e64b9b376a52d8ef9f42c2990364a7c

  • SHA256

    3bd89198a415abc6de842e82a422a3819dc26ed84e570c98910dc6705efba682

  • SHA512

    b0b5a02f5381ab4ea2d0f2fe8997b05c41fc97a11fa585f41f78ab01cc790140365998bb3571c2ab3d62c187abb910b8a8f46dbba3a75f52bb94baee5359704b

  • SSDEEP

    49152:Ey7JQ6guM1JGiurriuDxkHd1jdMfgwcILqp5+fL7NCOmOLVfSmQ40LDeqVOpN2:37JQ6gf1JGiuBDxkvizdIMBCYLxQ40/f

  Score

  10^/10

  hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra

  • Hydra family

    hydra

  • Hydra payload

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access

  • Reads the contacts stored on the device.

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Performs UI accessibility actions on behalf of the user

    Application may abuse the accessibility service to prevent their removal.

    evasion

  • Queries information about active data network

    discovery

  • Queries the mobile country code (MCC)

    discovery

  • Reads information about phone network operator.

    discovery

  • Requests enabling of the accessibility settings.

  behavioral1behavioral2behavioral3