Extracted

• • Target

    5e6ee98bdad3c9879ef56575c41c4b53e297fcad3a715995f71c9dab950d5ee9.bin

  • Size

    4.1MB

  • MD5

    029afcf139402cb4e439691ed204cb3a

  • SHA1

    a53a8d4b6ee0db0012a3daccfa7f4fb68a69f325

  • SHA256

    5e6ee98bdad3c9879ef56575c41c4b53e297fcad3a715995f71c9dab950d5ee9

  • SHA512

    f6434e125504cbf077d9ee215c064d1eb49d445ee096dcfa2d1d6d0a766881a7a11acd9bcf01e6e7b956fec3e0ebdb21876ec8eff24ba9358e215ca868ea99b9

  • SSDEEP

    98304:WCSqVBWfnWMy3KiALMXGv5d6gGVbpz6vyFb8bLdR90voZulQaz9E:WCSq7WPWMy3TALM2ociN19E

  Score

  10^/10

  hydrabankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealerpersistencetrojan

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra

  • Hydra family

    hydra

  • Hydra payload

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access

  • Reads the contacts stored on the device.

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence

  • Performs UI accessibility actions on behalf of the user

    Application may abuse the accessibility service to prevent their removal.

    evasion

  • Queries information about active data network

    discovery

  • Queries the mobile country code (MCC)

    discovery

  • Reads information about phone network operator.

    discovery
  behavioral1behavioral2behavioral3