Extracted

• • Target

    d34805c3d70af335fe8ad284618c83e316cd33a73cf0debf7578117d72e99492.bin

  • Size

    4.5MB

  • MD5

    44356c2d7ad7b559f4a460a93266fa7d

  • SHA1

    f17718bb1a47b5a84f5044e96f195c3053a60db5

  • SHA256

    d34805c3d70af335fe8ad284618c83e316cd33a73cf0debf7578117d72e99492

  • SHA512

    01176812eb9626079bf3891d796c73b1f5ac49bfbd9336aea444cc9a252df1d8eaf891a605668fc59f7770336ba6cfff30e8fd6b9a07767b88e148c86f6c8dbb

  • SSDEEP

    98304:KMpOC+JZXYJkdMDhNNiO4pG+dlgIAVN7C+Kfn6J96++8UUq7bPSPyTS:+JNQhNNiJpAV8fVX9S

  Score

  10^/10

  hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra

  • Hydra family

    hydra

  • Hydra payload

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Reads the contacts stored on the device.

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Performs UI accessibility actions on behalf of the user

    Application may abuse the accessibility service to prevent their removal.

    evasion

  • Queries information about active data network

    discovery

  • Queries the mobile country code (MCC)

    discovery

  • Reads information about phone network operator.

    discovery
  behavioral1behavioral2behavioral3