Extracted

• • Target

    800d3a76496613ceb8ed1b7f9e5bfb2356ae8de8987b9a21a2fcaf8268df78a7.bin

  • Size

    4.5MB

  • MD5

    304c78178c7b4e20afbb02f0230b12d9

  • SHA1

    2e4e5b85efd0a19a0a3d6ba8497ebf8264664de5

  • SHA256

    800d3a76496613ceb8ed1b7f9e5bfb2356ae8de8987b9a21a2fcaf8268df78a7

  • SHA512

    3e8ccab7e6eaa53cc1950c4ea4e29a3f2d786aba9725584ed61ac6efaa80dfd20ce83ecbe6db0dd5b1e4a2505c2db3e21963ee77556c967754366cc88205dc6f

  • SSDEEP

    98304:KUYIrNTZfK44F2ZhUf6lO7j0BTa3bjUwxcda0h+l5lxJfjsWa:KUXT5sF2ZhzlMjj3fTxKrh+5XsWa

  Score

  10^/10

  hydrabankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealerpersistencetrojan

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra

  • Hydra family

    hydra

  • Hydra payload

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access

  • Reads the contacts stored on the device.

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence

  • Performs UI accessibility actions on behalf of the user

    Application may abuse the accessibility service to prevent their removal.

    evasion

  • Queries information about active data network

    discovery

  • Queries the mobile country code (MCC)

    discovery

  • Reads information about phone network operator.

    discovery
  behavioral1behavioral2behavioral3