hydra | 2d0b157e27359bc36c31e3c3ef891964bc98b2cb66c4f95c2ffc4af7d3477e30

Analysis

max time kernel
147s
max time network
159s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
06/01/2025, 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_3cff863140899a34e805a0b77636e66f.apk
Size

3.3MB
MD5

3cff863140899a34e805a0b77636e66f
SHA1

ffde6e6db81a2d0af4a10a2d5d7adaaa067b2f0b
SHA256

2d0b157e27359bc36c31e3c3ef891964bc98b2cb66c4f95c2ffc4af7d3477e30
SHA512

a2e624c1f4f8f3b02be21afc008788c8c8eaa7356d510c1087921a3e239ddc42ad74dd2e9a1e6e472ef940d9d0c246d3e918a1256801be537d75599bff301e30
SSDEEP

98304:fmMgNNnRoZUqIUwy/FpF/R8I8evrXvUvkjmrsb3W3x:fmMgN5Ro+qIny/j8IrirW3K

Score

10^/10

hydra banker collection credential_access discovery evasion infostealer trojan

Malware Config

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra
Hydra family
hydra

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.zgadzxkc.xluvpje/nefdajhywg/8kygofrpfhsrgfp/base.apk.xogrhjf1.rgk	4794	com.zgadzxkc.xluvpje

Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.zgadzxkc.xluvpje
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.zgadzxkc.xluvpje

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
24	ip-api.com

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.zgadzxkc.xluvpje

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.zgadzxkc.xluvpje

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.zgadzxkc.xluvpje
1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Queries information about active data network
- Queries the mobile country code (MCC)
PID:4794

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.zgadzxkc.xluvpje/nefdajhywg/8kygofrpfhsrgfp/base.apk.xogrhjf1.rgk

Filesize
885KB

MD5
eb05482adde57bc554dc8b70bd4684e2

SHA1
a84ec548277ba09413718d7219ebaa73deb67898

SHA256
0b29d372ef138fe91a93f67b79de4e544100d6c3e97b990a32adaa9a41d3c96a

SHA512
087f14a0c98b46b05d593ea23baa0f0469174c0f8a643dcfeafd8c6011b7830f76c0cd3d5dbcb7b290f0b879dd2bcd5982faaf79f6bf42de9915a049923ef3e2

Download Submit
/data/user/0/com.zgadzxkc.xluvpje/nefdajhywg/8kygofrpfhsrgfp/tmp-base.apk.xogrhjf5067796556048090594.rgk

Filesize
370KB

MD5
080c2b2bddb63c728449e73cda53b148

SHA1
e26542320fac1b33cf415e9fab228be0141f71d4

SHA256
13529f8d3cafbd7cbdeadc4b985612981a768a28d7ec7626f29c597a50c697b6

SHA512
bb21272ee02bae287471c482d034eedfc526d438e9ca381397029ffbd3e064bb5d35a998387ab1527ddc1b940a2636f51b1c77b48d93b329580aae26948533ce

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads