Extracted

• • Target

    5487ee6a115d22ebb62ca821c1db8cc12d9275060cd730a7fdaea0655196a981.bin

  • Size

    2.6MB

  • MD5

    b153a2b2637a2344be8aed6e15cc5860

  • SHA1

    4557c7ef5561fc397b0cc7144d640e60d00b49c4

  • SHA256

    5487ee6a115d22ebb62ca821c1db8cc12d9275060cd730a7fdaea0655196a981

  • SHA512

    cd415034ec193a0b0ccd633c15fa05740e655efeaa2cc48b4bcd2a55d42a211ae6f051d226311a299b3c236191da9e03357cc28948a5d6334882905c3b40abc4

  • SSDEEP

    49152:L5llCCdTUD1SzzfewA+aaf0y5F1voCE8EIK8kq1c0NTg8RbsbHfREj1m3:1JkkzfewrR0y5F1gCdBK89c0Nk85sTRX

  Score

  10^/10

  hydrabankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealerpersistencetrojan

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra

  • Hydra family

    hydra

  • Hydra payload

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access

  • Reads the contacts stored on the device.

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence

  • Performs UI accessibility actions on behalf of the user

    Application may abuse the accessibility service to prevent their removal.

    evasion

  • Queries information about active data network

    discovery

  • Queries the mobile country code (MCC)

    discovery

  • Reads information about phone network operator.

    discovery
  behavioral1behavioral2behavioral3