hydra | 3ff4d19b139e43b7512dfa197d65669cbc238f4ec3b84f2996d058529b4c1fd4 | Triage

Sharing

General

Target

3ff4d19b139e43b7512dfa197d65669cbc238f4ec3b84f2996d058529b4c1fd4.zip
Size

3.1MB
Sample

250325-yw2hnavqx4
MD5

86fd402ac576a6ad84fb2d01965c3044
SHA1

10a330083d539e94343f06b9ffbd2e3487584aff
SHA256

3ff4d19b139e43b7512dfa197d65669cbc238f4ec3b84f2996d058529b4c1fd4
SHA512

2f3a8efc8c8d3840ddf6d1189223835d91942c084512fd81cf0a2e0173206b4100e789697dac0b8e84a02791e84260ab4390b46b36aa3b6fc6e607b14505cacb
SSDEEP

49152:8UHfRP2BXcTB+qkjQOIHPBBsSi6r2TRaPbQfDfOot:8Cf85cT8GZBsBsPbqjOot

Score

10^/10

hydra android banker collection credential_access defense_evasion discovery evasion infostealer persistence trojan

Malware Config

Targets

- Target
  
  a8c9c4f38f72cf8cd3cd819936f1c1ea9670541ded180327f7b096a3370f2186.apk
- Size
  
  3.1MB
- MD5
  
  f2979157677fc7d394eebf9274546651
- SHA1
  
  d8bab05fb8bb87a72a6fd699b1283d4939242ee8
- SHA256
  
  a8c9c4f38f72cf8cd3cd819936f1c1ea9670541ded180327f7b096a3370f2186
- SHA512
  
  4527f0905e04780ac8b1a5feb34c2e76010f89566f5507a4bbf7cf45e0f6c735caddbd8ce4d66573c2e06162c4adf42123c009bbc52fe1693983e0dca3946623
- SSDEEP
  
  98304:vGYQyg+2RD7fCqx+wDbgHpADqYfanqgDlZIK:vGYTgRK4gJKqYSnvhOK
Score

10^/10

hydra banker collection credential_access defense_evasion discovery evasion infostealer persistence trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Hydra family
  hydra
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection defense_evasion credential_access
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Queries information about active data network
  discovery
- Queries the mobile country code (MCC)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

behavioral2

hydrabankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealerpersistencetrojan

behavioral3

hydrabankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealertrojan