Extracted

• • Target

    f190b0887265d7e7fbef7ce328180aa11925295e0fe335efe526747acb64449e.bin

  • Size

    4.7MB

  • MD5

    97582d8e33578e7dd5f7667bde68f6c3

  • SHA1

    71356471f1fc8cccd4288deb577d63041e1faea1

  • SHA256

    f190b0887265d7e7fbef7ce328180aa11925295e0fe335efe526747acb64449e

  • SHA512

    e624188eeb55dc230a9bc32b60965331a3f60cf8a05eb5cadc25147ca672ea3a863617dc0dcc1fba0cb57c06b1fbadd1ebb6b87ece49cc57ad1982e2bbde9ab1

  • SSDEEP

    98304:/H7JYwx4LmDPN5WWs5s5GShHjq35Uf6X9HsgIFrBCbg+jccUr6Abk03LbUg+:/exw5WWsjH8Mg+k+

  Score

  10^/10

  hydrabankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealerpersistencetrojan

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra

  • Hydra family

    hydra

  • Hydra payload

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access

  • Reads the contacts stored on the device.

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence

  • Performs UI accessibility actions on behalf of the user

    Application may abuse the accessibility service to prevent their removal.

    evasion

  • Queries information about active data network

    discovery

  • Queries the mobile country code (MCC)

    discovery

  • Reads information about phone network operator.

    discovery
  behavioral1behavioral2behavioral3