hydra | ffb13c0bdc4db49055674bd494cfef1b68105356bc5be71defe4179494ba5d17 | Triage

Sharing

General

Target

FFB13C0BDC4DB49055674BD494CFEF1B68105356BC5BE71DEFE4179494BA5D17.apk
Size

7.3MB
Sample

250414-t9h61svsdy
MD5

65ef1010ef453c5a4c8ad36de3232169
SHA1

4422d8b9f8079569c5cbeaa5044c523146764520
SHA256

ffb13c0bdc4db49055674bd494cfef1b68105356bc5be71defe4179494ba5d17
SHA512

cae61051b1826f9c3f005e9843286cbf392c9f81c6dd63cff4763c038399bc8619a771a5a8ea28b89ccdb788243396f9287790f42fe01a31e1d809f53512e6e4
SSDEEP

196608:MnEL7KTyMaHBHMW6GfNV2V9VuDWx0RiQdyjynFAL9D3n:MnUGTcH2W6G1V2V/yWabyj40Dn

Score

10^/10

hydra android banker collection credential_access defense_evasion discovery evasion infostealer persistence trojan

Malware Config

Targets

- Target
  
  FFB13C0BDC4DB49055674BD494CFEF1B68105356BC5BE71DEFE4179494BA5D17.apk
- Size
  
  7.3MB
- MD5
  
  65ef1010ef453c5a4c8ad36de3232169
- SHA1
  
  4422d8b9f8079569c5cbeaa5044c523146764520
- SHA256
  
  ffb13c0bdc4db49055674bd494cfef1b68105356bc5be71defe4179494ba5d17
- SHA512
  
  cae61051b1826f9c3f005e9843286cbf392c9f81c6dd63cff4763c038399bc8619a771a5a8ea28b89ccdb788243396f9287790f42fe01a31e1d809f53512e6e4
- SSDEEP
  
  196608:MnEL7KTyMaHBHMW6GfNV2V9VuDWx0RiQdyjynFAL9D3n:MnUGTcH2W6G1V2V/yWabyj40Dn
Score

10^/10

hydra banker collection credential_access defense_evasion discovery evasion infostealer persistence trojan
- Hydra
  Android banker and info stealer.
  banker trojan infostealer hydra
- Hydra family
  hydra
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection defense_evasion credential_access
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Queries information about active data network
  discovery
- Queries the mobile country code (MCC)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v16

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Input Injection

Virtualization/Sandbox Evasion

System Checks

Credential Access

Input Capture

GUI Input Capture

Keylogging

Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Input Capture

GUI Input Capture

Keylogging

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

hydrabankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealerpersistencetrojan

behavioral2

hydrabankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealerpersistencetrojan

behavioral3

hydrabankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealertrojan