Extracted

• • Target

    f5bbba0e4961af38c7a89ff2af505c878f5cc8fa65a2fe93e9b8f8b437a96997.bin

  • Size

    2.9MB

  • MD5

    22e5ff6d7ca46c53247bcb13329f76ae

  • SHA1

    d655b2d0f1ab786d098ccf8f5fc44acab358fbe8

  • SHA256

    f5bbba0e4961af38c7a89ff2af505c878f5cc8fa65a2fe93e9b8f8b437a96997

  • SHA512

    b5a40d7a508a0d376506b7373ee5c35b6d7c4d7df33c05c69d38465c9e949d39021e538d16335dfb7efcd5af6cf01741a88e1cd2eea75d6a683b25a2caba8fb1

  • SSDEEP

    49152:Qg94TTRGh4c0C4XOuxdutMZNgDwYtPBvRrXyoc8Z5qgzem+WtmU7d/KDv+:kcANxdutMBmPB5Co5Z5AmbtFd/6+

  Score

  10^/10

  hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra

  • Hydra family

    hydra

  • Hydra payload

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access

  • Reads the contacts stored on the device.

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Performs UI accessibility actions on behalf of the user

    Application may abuse the accessibility service to prevent their removal.

    evasion

  • Queries information about active data network

    discovery

  • Queries the mobile country code (MCC)

    discovery

  • Reads information about phone network operator.

    discovery
  behavioral1behavioral2behavioral3