Overview

overview

10

Static

static

6

e30a471eb9...f5.apk

android-9-x86

10

e30a471eb9...f5.apk

android-10-x64

10

e30a471eb9...f5.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f990ca9f9783640833ad4948e8849d1d06ed5beebb5448b5db35dea19e6fea91.zip

  • Size

    3.1MB

  • Sample

    250327-yh9l4syrw5

  • MD5

    690af730e4c762c6aebc3396082ceea7

  • SHA1

    020dcd0d3a9d6bab6bd38e6ff411c96190930c92

  • SHA256

    f990ca9f9783640833ad4948e8849d1d06ed5beebb5448b5db35dea19e6fea91

  • SHA512

    23603639970aa562e4ebb05df70a2fc8fe7de4ab69f355591a3d0b62d913aa278bf8b030d2ea8ce0f957053dbdcea601fe35791efb326a4bfb02f73a1ce5f166

  • SSDEEP

    49152:HtvFFfoHEgPBA2XfKeZoMMXkx1EhNt6QRg/EUnnNDkMVXJCGOQa+bmubm4v:HBDUTPC2PfMX/hNt6HcUNYMp6QakmZ4

Score
10/10
hydraandroidbankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealerpersistencetrojan

Malware Config

Targets

    • Target

      e30a471eb9b435c0bd1c0cd077b3ff78f114bd77cfe922f061b09d6a2ab34ff5.apk

    • Size

      3.1MB

    • MD5

      8a8c858f34f3b62bcafb61154743131f

    • SHA1

      16676b0251e8994c407102226163423e57c57e72

    • SHA256

      e30a471eb9b435c0bd1c0cd077b3ff78f114bd77cfe922f061b09d6a2ab34ff5

    • SHA512

      3d8e441c7293f60266aeefadb1041d479bdd892567bbf520564cc1be3c0c1d1f0458b5fdd5884674ce722d90fb352c0693bf5d8526a4411065d16f3dec2a2b57

    • SSDEEP

      98304:EajRZA0Z9v7MfyuPtK1C653DKJn7TVMwsCMe0zK:EajR/QquFKo+DM7TVMYMJzK

    Score
    10/10
    hydrabankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealerpersistencetrojan

    • Hydra

      Android banker and info stealer.

      bankertrojaninfostealerhydra

    • Hydra family

      hydra

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectiondefense_evasioncredential_access

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Queries information about active data network

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks