hydra | fd6475ed03f1ce5b743382016b7c8125c876c46fc4d0343516621434e4873b4a | Triage

Sharing

General

Target

fd6475ed03f1ce5b743382016b7c8125c876c46fc4d0343516621434e4873b4a.zip
Size

2.6MB
Sample

250327-zbveaazly6
MD5

f2ccea29c9924c1ca8c6c063efc70653
SHA1

9cf0428ac65eac88560b0a252f71e3cddfa3823b
SHA256

fd6475ed03f1ce5b743382016b7c8125c876c46fc4d0343516621434e4873b4a
SHA512

19d8b3bb2193e1a44fcb46818e2033bc80a4b954f29997212e9169739460c2b3e91672f08489f1b3a97ff3ff4a0fec2fa4ae534f0821d80e14ef60d9ce76889b
SSDEEP

49152:oEP/rnfngKI7M9Tt/uEUURfYamxNYHZxmz5zFiwX2iXL1:w49x0UCaEY5mFUiXL1

Score

10^/10

hydra android banker collection credential_access defense_evasion discovery evasion infostealer persistence trojan

Malware Config

Targets

- Target
  
  9cbdd422daf93e15b2135f0f6feebf7428eaaaba4aeaf18c12e882e67a849c89.apk
- Size
  
  2.6MB
- MD5
  
  723d4d2c92d5d6da8fe7c30e21a3fe01
- SHA1
  
  a898aaf26cbccc88c372c59414be88d5e3e7991a
- SHA256
  
  9cbdd422daf93e15b2135f0f6feebf7428eaaaba4aeaf18c12e882e67a849c89
- SHA512
  
  96b26e1462ba1cc02505c14ee1f54798b1f176c0a95a0564294980315038f5d2eaa02f0c558edd24fefb18dc52f20412044cecab9926b2ccba989bfc3284c895
- SSDEEP
  
  49152:bxNEjeXAouzDMDACtf0gx9wfZBobdydftLkvBy/54VgVFzIz+OQ:bxFpuzDJCtf0gx9wRdx6W+VeB6u
Score

10^/10

hydra banker collection credential_access defense_evasion discovery evasion infostealer persistence trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Hydra family
  hydra
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection defense_evasion credential_access
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Queries information about active data network
  discovery
- Queries the mobile country code (MCC)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Input Injection

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

hydrabankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealerpersistencetrojan

behavioral2

hydrabankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealerpersistencetrojan

behavioral3

hydrabankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealertrojan