hydra | 2b305310db25d5ac714d4e5df898fa336e0bb3b86039b42ea37762f00956b3ff | Triage

Sharing

General

Target

c37ae32cd4bcce93797535082e2080a2_JaffaCakes118
Size

3.0MB
Sample

241204-vdt43sxjdr
MD5

c37ae32cd4bcce93797535082e2080a2
SHA1

ae84294f83e45c8a9180cb6a0e658181fdee62fc
SHA256

2b305310db25d5ac714d4e5df898fa336e0bb3b86039b42ea37762f00956b3ff
SHA512

6b1005ce7b3749d94126be73e926bfea988a3961a95a493bb879e3efaea93b62936a13589c063601fda32cc1403b0b9639661dfe7183bb395c6d23c431f6506e
SSDEEP

49152:4MZfhiOsnVv0VdpuowM1EqMz3KDH8ZEesJfZhANAZdo5R0fe5Cn5z5Fa/SPxAqw5:4Qf9aVv0Vd8JQMmDcZsfZhu6o5K44rFq

Score

10^/10

hydra android banker collection credential_access discovery evasion infostealer persistence trojan

Malware Config

Targets

- Target
  
  c37ae32cd4bcce93797535082e2080a2_JaffaCakes118
- Size
  
  3.0MB
- MD5
  
  c37ae32cd4bcce93797535082e2080a2
- SHA1
  
  ae84294f83e45c8a9180cb6a0e658181fdee62fc
- SHA256
  
  2b305310db25d5ac714d4e5df898fa336e0bb3b86039b42ea37762f00956b3ff
- SHA512
  
  6b1005ce7b3749d94126be73e926bfea988a3961a95a493bb879e3efaea93b62936a13589c063601fda32cc1403b0b9639661dfe7183bb395c6d23c431f6506e
- SSDEEP
  
  49152:4MZfhiOsnVv0VdpuowM1EqMz3KDH8ZEesJfZhANAZdo5R0fe5Cn5z5Fa/SPxAqw5:4Qf9aVv0Vd8JQMmDcZsfZhu6o5K44rFq
Score

10^/10

hydra banker collection credential_access discovery evasion infostealer persistence trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Hydra family
  hydra
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Queries information about active data network
  discovery
- Queries the mobile country code (MCC)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

behavioral2

hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

behavioral3

hydrabankercollectioncredential_accessdiscoveryevasioninfostealertrojan