hydra | 3cf87bc07210caf9f67c53d37b80f043999b06ca370ef170d8456a9941c3f241 | Triage

Sharing

General

Target

3cf87bc07210caf9f67c53d37b80f043999b06ca370ef170d8456a9941c3f241.zip
Size

3.1MB
Sample

250325-yck2ka1wh1
MD5

ae6057b1b60a9cd75cd609114894ea8d
SHA1

645aa6e475197de9e0933e80738666255601d511
SHA256

3cf87bc07210caf9f67c53d37b80f043999b06ca370ef170d8456a9941c3f241
SHA512

5205a0a5905a71d4c8ceca3041a939e16e7c31cf9cf34cb570963db8ef73b72b1062e973184eddb6152322ccd0e2f4e865478ca6279dd4feda88b70be509c012
SSDEEP

98304:WWK2XOMkbTlUw0fWMBmuqhdQc8nXU72oBMPSXlZ/:WWKMU2WQmtynXUZBxXl9

Score

10^/10

hydra android banker collection credential_access defense_evasion discovery evasion infostealer persistence trojan

Malware Config

Targets

- Target
  
  9afaa372d732d9a920e8dc68ccc243a248f839f52dac33da41f69f2ba0941906.apk
- Size
  
  3.1MB
- MD5
  
  5f2a21c5569b01486fb791784aff7005
- SHA1
  
  5c674b4543573ddc6008e9d013fbf5001fd3b923
- SHA256
  
  9afaa372d732d9a920e8dc68ccc243a248f839f52dac33da41f69f2ba0941906
- SHA512
  
  155a1b34bc78cd55fe4bb10dc8b5bafa65e23e6be4ee01a6139fc5bfb4b4ae9008fe2960b2ad4c5c9faa4ae4a8805c1e07edd790d745d5ede5ca766729ee653a
- SSDEEP
  
  98304:ozQtjfDm3PO06zgBr3XlEY2P/nfyF3wBlAVI:oMhm/6z6T1EYWfyy
Score

10^/10

hydra banker collection credential_access defense_evasion discovery evasion infostealer persistence trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Hydra family
  hydra
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection defense_evasion credential_access
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Queries information about active data network
  discovery
- Queries the mobile country code (MCC)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

hydrabankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealerpersistencetrojan

behavioral2

hydrabankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealerpersistencetrojan

behavioral3

hydrabankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealertrojan