Overview

overview

10

Static

static

6

d97aab6e35...e1.apk

android-9-x86

10

d97aab6e35...e1.apk

android-10-x64

10

d97aab6e35...e1.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    be46c3f451912efc642e46f19b716534773800233ffe4af05cc8ce9b346ea75f.zip

  • Size

    3.1MB

  • Sample

    250327-fkf4gazkz3

  • MD5

    c687ae9ab959d0e65e5c464b925401a3

  • SHA1

    4d1bf88987ae9bca5834b13f4c1149082df7cac1

  • SHA256

    be46c3f451912efc642e46f19b716534773800233ffe4af05cc8ce9b346ea75f

  • SHA512

    2103d0b42516dc820d304ec7d81ddbf6a018433ae615227361d96e0e5849a0b8bffbea9b7c29f74761b044edf87461829d21f4c222578bd85bf627cedd791f85

  • SSDEEP

    49152:nlL73rhzJikD+BmOlcMH/PtBAhKfR1oTXh/2ojjFmdFYXWvkmw7BKwJYRCD46I4:lL73BJiO+BC8HykwRzjh4F07FxJ7k4

Score
10/10
hydraandroidbankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealerpersistencetrojan

Malware Config

Targets

    • Target

      d97aab6e351401596e170f056c3833bfd709cf44a2db97739a9129910fe2ece1.apk

    • Size

      3.1MB

    • MD5

      e64e9fc94ff0b95e5c0cf2b38be94502

    • SHA1

      7c9861d9fb7b00ea43113d7a36902b2c2525a1ee

    • SHA256

      d97aab6e351401596e170f056c3833bfd709cf44a2db97739a9129910fe2ece1

    • SHA512

      59bafd293766ac2aa60d06fe375eb4e4855dbb4d88577b83995fe0970960dadc9bf442bcba96d2bca8f757d6035e9c90ee45f1a66f934d8b13fe710da3ead220

    • SSDEEP

      49152:YR2dtusPvSD0goCVIvBN/wVIxFeLuZtRqG69FF3w67KDzCxTn5fl3MHOL1:YR2dtlPqD0oOHwGFttRqlvd7Xhqg

    Score
    10/10
    hydrabankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealerpersistencetrojan

    • Hydra

      Android banker and info stealer.

      bankertrojaninfostealerhydra

    • Hydra family

      hydra

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectiondefense_evasioncredential_access

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Queries information about active data network

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks