General

  • Target

    Vodafone-Netz.apk

  • Size

    4MB

  • Sample

    210723-khhbj5j36j

  • MD5

    43245acd2bfc4fb651961933a72da0ad

  • SHA1

    37b5b34250fe930132de9c4bd9efd1b6e5f3f0fa

  • SHA256

    c393f0f03013dc249481462e58fa90c2cec561dc5cf4f9687930d1da8460bcbc

  • SHA512

    d4ea92b758dcecba74309f31d17d54a1e9c9d4e2e3efafe6b05e3028d85f87fb501c90b1d3d9836c2bfa8362edd913f641efd0176d79fcd61fb15d4247eb6667

Malware Config

Extracted

Family

hydra

C2

https://sendmehere.site

Targets

    • Target

      Vodafone-Netz.apk

    • Size

      4MB

    • MD5

      43245acd2bfc4fb651961933a72da0ad

    • SHA1

      37b5b34250fe930132de9c4bd9efd1b6e5f3f0fa

    • SHA256

      c393f0f03013dc249481462e58fa90c2cec561dc5cf4f9687930d1da8460bcbc

    • SHA512

      d4ea92b758dcecba74309f31d17d54a1e9c9d4e2e3efafe6b05e3028d85f87fb501c90b1d3d9836c2bfa8362edd913f641efd0176d79fcd61fb15d4247eb6667

    • Hydra

      Android banker and info stealer.

    • Hydra Payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation

                          Tasks