Extracted

• • Target

    a88416bebb922ff8563602a18cefe8abf0eb296ac17d1800bf114ce558773e32.bin

  • Size

    4.6MB

  • MD5

    4b923a302c640f9e17a3143794df1738

  • SHA1

    22d4d842172f046a29df4bcb7f6fae4bbb4a3374

  • SHA256

    a88416bebb922ff8563602a18cefe8abf0eb296ac17d1800bf114ce558773e32

  • SHA512

    285f192fd2931998c338f476dde40651115b8dc902f92343e0e9181454f1d5f2c8418c52a3e47ffc6de9eff9b392cdfea78ddb89247c3845efcd4c45f1cf8305

  • SSDEEP

    98304:Y9BfdjF4ui7z0TfJ7mXbKs14RSojm61nB4hVt59Osfy1UPclUp0b8Y+VCO:YzdJ4l7DLKs1dPhVtjpy1UPcr3+x

  Score

  10^/10

  hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra

  • Hydra family

    hydra

  • Hydra payload

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Reads the contacts stored on the device.

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Performs UI accessibility actions on behalf of the user

    Application may abuse the accessibility service to prevent their removal.

    evasion

  • Queries information about active data network

    discovery

  • Queries the mobile country code (MCC)

    discovery

  • Reads information about phone network operator.

    discovery
  behavioral1behavioral2behavioral3