Extracted

• • Target

    8147c1b4ca19e7bd0dd9f7866fbda3495f378bd94b903a5db9a8f52bc1aea76d.bin

  • Size

    4.5MB

  • MD5

    df1060078eb031d5e66f7f3a4bdc9cb9

  • SHA1

    f748299bf1067c6784dda59842720c2e217bc249

  • SHA256

    8147c1b4ca19e7bd0dd9f7866fbda3495f378bd94b903a5db9a8f52bc1aea76d

  • SHA512

    c7c687304fb294f17db0c3a3670d3a0935ed04cb5cd1e485a20d78afc81574055531106caf3d483ba3208de7b959ffd7e833242fc1c035fbe21d6bafed42206c

  • SSDEEP

    98304:+8zDmmytRTWqA/e42JFbbGfNqsE5bCKLyNndn2BLr8wdX:+8zDmpDTWh23JZbGfO+oyld2RrRX

  Score

  10^/10

  hydrabankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealerpersistencetrojan

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra

  • Hydra family

    hydra

  • Hydra payload

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access

  • Reads the contacts stored on the device.

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence

  • Performs UI accessibility actions on behalf of the user

    Application may abuse the accessibility service to prevent their removal.

    evasion

  • Queries information about active data network

    discovery

  • Queries the mobile country code (MCC)

    discovery

  • Reads information about phone network operator.

    discovery
  behavioral1behavioral2behavioral3