hydra | 4902d53679849c227912f4b8ff5f9ca81fc1eac5640768bf486b007109c207f2

Analysis

max time kernel
149s
max time network
156s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
18/03/2025, 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4902d53679849c227912f4b8ff5f9ca81fc1eac5640768bf486b007109c207f2.apk
Size

3.7MB
MD5

31b668aae3cefc0dade16a28d28573c7
SHA1

5b5a2b742e437afefdda5533f1ffc4a3a7f06321
SHA256

4902d53679849c227912f4b8ff5f9ca81fc1eac5640768bf486b007109c207f2
SHA512

f371abe68c7ce0569f1249934b99dc7c98a0cba6b5c6269ef0f97e6986394e815f761bddda100e65c2fef0db81b993701fadd60af18b10e8c0f98fdecc9bcc32
SSDEEP

98304:1BTUpsYPoUz3ao1vz2Q6bA0eSEhh18Qx8092Q9ep5sq4h:1pUWczIvhxQc6h

Score

10^/10

hydra banker collection credential_access defense_evasion discovery evasion infostealer persistence trojan

Malware Config

Extracted

Family

hydra

http://vadkedloepasdlekdqwwe123edlwegbanbemnezdoemsded.com

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra
Hydra family
hydra

Hydra payload 2 IoCs

resource	yara_rule
behavioral3/memory/4834-0.dex	family_hydra1
behavioral3/memory/4834-0.dex	family_hydra2

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.drink.pole/app_ice/EiTg.json	4834	com.drink.pole

Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection defense_evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.drink.pole
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.drink.pole

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/contacts	com.drink.pole

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
27	ip-api.com

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.drink.pole

Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs

Application may abuse the accessibility service to prevent their removal.

evasion

Prevent Application Removal

T1629.001

ioc	Process
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.drink.pole

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.drink.pole

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.drink.pole

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.drink.pole
1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Reads the contacts stored on the device.
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Queries information about active data network
- Queries the mobile country code (MCC)
PID:4834

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Impair Defenses

T1629

Prevent Application Removal

T1629.001

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Protected User Data

T1636

Contact List

T1636.003

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.drink.pole/app_ice/EiTg.json

Filesize
969KB

MD5
7d6e151aea5e64de1b3d21b62dc68f8c

SHA1
b21f100e16eabf6d096b6f461927ab85b088a78c

SHA256
6def1fee8b7a28bf189d335a954dc92e9d57bdf1ee70192cfdeb331c4c990253

SHA512
a9ca195086cff9cd66f1c8f76a3d0de12cb029e3e63acff06687188b98164f77c56ed4e26abf79852974209a7289480ea94c70ff3b0a764c7b3fb6c2ff032bcf

Download Submit
/data/user/0/com.drink.pole/app_ice/EiTg.json

Filesize
969KB

MD5
4a369556256a317d5c4fc87ec019ca4f

SHA1
d2303c6df95721d33bd0c57b2f59f0465d59e536

SHA256
14b191cd06a67cbb8f4f1aa99e73debd434b50c348004ad5ad6fa673f319bd8d

SHA512
529db678c66b06f6073a16fe79fe2b7daa6509767591224ead2664396b560eea0a2f6fb062631e27dc95c987042528f34739a6e19133b5f7f83cb75ba6917676

Download Submit
/data/user/0/com.drink.pole/app_ice/EiTg.json

Filesize
2.2MB

MD5
03e6f036cf9c79c0390146b07de02a8a

SHA1
518103de9468ea660b63d1e773bc397add211de1

SHA256
4f8ae26496d1fbb51dada64620bcdd3e67c5812365e4148c98d00aa60ea046bc

SHA512
a289d4a1fbe6147cc3f6d408fc622b14322caea3023c4070a736d8e4b9fa61b4652df7ee0e7a4ba4acb467eea1a45c5b2f24c5bfd13c8b976be3f7f7a3eec72d

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads