Overview

overview

10

Static

static

8

49506_Vide...ı.apk

android_x86

10

49506_Vide...ı.apk

android_x64

10

49506_Vide...ı.apk

android_x64

10

Resubmissions

23-08-2021 13:20

210823-sasf23rl4j 10

23-08-2021 13:15

210823-4cqyd4seh2 10

Analysis

  • max time kernel
    1932368s
  • max time network
    163s
  • platform
    android_x64
  • resource
    android-x64-arm64
  • submitted
    23-08-2021 13:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    49506_Video_Oynatıcı.apk

  • Size

    3.2MB

  • MD5

    45830da853df876cc3e46716c7da738b

  • SHA1

    cfac92065b0d115504e008683ec792e8ddc54925

  • SHA256

    ae6f5521304808c1871efeb9168ad649aa4996c9c55909c6c3580f43203a40b1

  • SHA512

    818de822cfb48c302f40990407914d5408d261dbad23541b2c8a458917995cfd26768b142943bd552302157ad71d45c92707fa1107bbacc4db87c4dd50e24917

Score
10/10
hydrabankerinfostealerobfuscationtrojan

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads name of network operator 1 IoCs

    Uses Android APIs to discover system information.

  • Uses reflection 1 IoCs
    obfuscation

Processes

  • com.vlvkbtii.uprlqjs
    1⤵
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    • Reads name of network operator
    • Uses reflection
    PID:4428

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads