MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 a6d27ba039ac9cb0d5a6a3cffca2002feb9ecb8cfed54ce5c0a768064084d43d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Hydra
Vendor detections: 6
| SHA256 hash: | a6d27ba039ac9cb0d5a6a3cffca2002feb9ecb8cfed54ce5c0a768064084d43d |
|---|---|
| SHA3-384 hash: | 81886f6cf915cad2a2c945269f4b474f7baf71c358a496f405c3c8b12b39b126ac6e31f1dff0907d596efd6bd4f42bab |
| SHA1 hash: | 8b3d7122a94bb1694e1d3e33cbbd056e4350598b |
| MD5 hash: | e5445cda1bf1f82fc1fd4edb1317c41f |
| humanhash: | black-jupiter-pizza-ceiling |
| File name: | bawag.apk |
| Download: | download sample |
| Signature | Hydra |
| File size: | 6'523'758 bytes |
| First seen: | 2022-03-01 14:31:18 UTC |
| Last seen: | Never |
| File type: | apk |
| MIME type: | application/zip |
| ssdeep | 196608:m8+atol4aXiwsyOKu/EywCJ8Uvqjn1AzA3dU6Ecsk:m8+ayeNwsL3Nw7UvqjKQU69sk |
| TLSH | T158663315C9929E0AF6B2BAF02F70D2B5E67DCFDE0A66849B7215762830753C01F02D97 |
| Reporter |  0x746f6d6669 |
| Tags: | apk Hydra signed tor-hydra |
Code Signing Certificate
| Organisation: | Android |
|---|---|
| Issuer: | Android |
| Algorithm: | sha1WithRSAEncryption |
| Valid from: | 2008-02-29T01:33:46Z |
| Valid to: | 2035-07-17T01:33:46Z |
| Serial number: | 936eacbe07f201df |
| Intelligence: | 1706 malware samples on MalwareBazaar are signed with this code signing certificate |
| Thumbprint Algorithm: | SHA256 |
| Thumbprint: | a40da80a59d170caa950cf15c18c454d47a39b26989d8b640ecd745ba71bf5dc |
| Source: | This information was brought to you by ReversingLabs A1000 Malware Analysis Platform |
Intelligence
File Origin
# of uploads :
1
# of downloads :
412
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Verdict:
Likely Malicious
Threat level:
7.5/10
Confidence:
100%
Tags:
anti-vm fingerprint update.exe
Result
Verdict:
MALICIOUS
Link:
Result
Threat name:
Hydra
Detection:
malicious
Classification:
troj.spyw.expl.evad
Score:
100 / 100
Signature
Access the class loader (often done to load a new code)
Antivirus / Scanner detection for submitted sample
Checks if app is currently debugged
Checks if taint analysis is available
Contains a screen recorder (to take screenshot)
Detected Hydra
May use the Tor software to hide its network traffic
Multi AV Scanner detection for submitted file
Removes its application launcher (likely to stay hidden)
Tries to detect Android x86
Tries to detect Cydia Substrate code modification platform
Tries to detect XPosed instrumentation framework
Uses accessibility services (likely to control other applications)
Behaviour
Behavior Graph:
n/a
Threat name:
Android.Trojan.Multiverze
Status:
Malicious
First seen:
2022-03-01 14:32:32 UTC
File Type:
Binary (Archive)
Extracted files:
38
AV detection:
12 of 28 (42.86%)
Threat level:
5/5
Result
Malware family:
hydra
Score:
10/10
Tags:
family:hydra android banker infostealer trojan
Behaviour
Looks up external IP address via web service
Reads information about phone network operator.
Checks Qemu related system properties.
Loads dropped Dex/Jar
Makes use of the framework's Accessibility service.
Hydra
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.09
File information
The table below shows additional information about this malware sample such as delivery method and external references.
No further information available
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.Oeeee... lagi krisis mentok