hydra | 0c29fd1ed255bce168695cc888b5b37170f9418b236375bba2a46238d0c06809 | Triage

Sharing

General

Target

0c29fd1ed255bce168695cc888b5b37170f9418b236375bba2a46238d0c06809.zip
Size

2.7MB
Sample

250325-glesgavqz7
MD5

832d03496cfdfaa407361af3319afdcd
SHA1

becf48ed0e2f88d2b14d445ed5ad0e228e4a84b3
SHA256

0c29fd1ed255bce168695cc888b5b37170f9418b236375bba2a46238d0c06809
SHA512

a0eb04d559aa8052426ae7661f0e96d7180de1ba1f8ee41bc6a33ec47d418990f36be571cfcb4d7e5f521f1a58786af879d34f8983932e6b0a9c8f74e8fce45e
SSDEEP

49152:314j34HmxNsZYyGa+HuPZE+Y+I+oDYx854tDgtcuZvPgngV36a8uw7aM:Kjo4sZYxaTE+YooDGqvPgnSw7N

Score

10^/10

hydra android banker collection credential_access defense_evasion discovery evasion infostealer persistence trojan

Malware Config

Targets

- Target
  
  a0de1add961f3a9bf6e2e391489fdbac244932352421055f23f34c93c82b8856.apk
- Size
  
  2.8MB
- MD5
  
  ffce59f44fe794ceb53c215d9c8bd17f
- SHA1
  
  0782156341937276c0883946f91187e2e2c34c86
- SHA256
  
  a0de1add961f3a9bf6e2e391489fdbac244932352421055f23f34c93c82b8856
- SHA512
  
  8558f92dd5a7238c87277db05dd537b8ecb26a314dbc0483478bf1cf0a251a2d4cb044ee4347d766293d273ca89a05f6d7aa9bbfe5567aace682b3a0640b71b3
- SSDEEP
  
  49152:eiX2WbGBGsuh5+nNj2iKqJCLmTonXh6GpsS5Mt1dtX8COcfQ6EzwTL8D9IqtdYew:eiXTGB6wRkqJCLdXh6PSK7rX8qfQ6uqJ
Score

10^/10

hydra banker collection credential_access defense_evasion discovery evasion infostealer persistence trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Hydra family
  hydra
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection defense_evasion credential_access
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Queries information about active data network
  discovery
- Queries the mobile country code (MCC)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

hydrabankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealerpersistencetrojan

behavioral2

hydrabankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealerpersistencetrojan

behavioral3

hydrabankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealertrojan