Overview

overview

10

Static

static

6

c404340baa...10.apk

android-9-x86

10

c404340baa...10.apk

android-10-x64

10

c404340baa...10.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    621314435b3f144276fe6e42417b33ec8509dc26febea37940576beac33910d7.zip

  • Size

    2.9MB

  • Sample

    250326-fyw2va1nt8

  • MD5

    d1a2a40dbbb7190f7e791b27e63fde57

  • SHA1

    1528a355b7ebce3d7a15c1c3203159ffcde1cedf

  • SHA256

    621314435b3f144276fe6e42417b33ec8509dc26febea37940576beac33910d7

  • SHA512

    157073f93413027f8792e80b26001f420092b58665d750c0b766846f51f75ff34585f4d984b25d61b64c9fd91cc6b9e3071784d609181df62a0903166f86801b

  • SSDEEP

    49152:kEkyhpGHvyGh2VTgJnPTMehqnYkt4cmj5WGeh3IJXhOfKUFZeLj++J05xl:kEkyhpGHvycbTMeIntt4cpBYJL++J0x

Score
10/10
hydraandroidbankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealerpersistencetrojan

Malware Config

Targets

    • Target

      c404340baa0e1322364c75898e7ffefcabb660bab01979c22ebd98a502bb2310.apk

    • Size

      3.0MB

    • MD5

      cea98484826ce63b72d6efce2f692273

    • SHA1

      0630dfd3cd0bce10bbe3fd232592bba63a97c59b

    • SHA256

      c404340baa0e1322364c75898e7ffefcabb660bab01979c22ebd98a502bb2310

    • SHA512

      91b96d0c0c2f7ab6e298a7b48104f444e5617362a2155153545dc39e4ecda56f13d0f1709d8a6c541ee529cee6e6b82c362d25663603161521185cdee1071010

    • SSDEEP

      49152:6nn2yqlmunxjxIkdREbREIr7kN7TRcBWJ0D4MTzWdW/SQJbDB4y6+Xn565O4b4Y5:6n3LkNZdFJhRcQJWqW/pJbvXkbN

    Score
    10/10
    hydrabankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealerpersistencetrojan

    • Hydra

      Android banker and info stealer.

      bankertrojaninfostealerhydra

    • Hydra family

      hydra

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectiondefense_evasioncredential_access

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Queries information about active data network

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks