Overview

overview

10

Static

static

7

bawag.apk

android_x86

10

bawag.apk

android_x64

10

bawag.apk

android_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bawag.apk

  • Size

    5.2MB

  • Sample

    220203-nkgc8sgde6

  • MD5

    fbe054f9dc536a2f45a1f6f749921c8e

  • SHA1

    9077bcc825d16c7a37815630598e5bb3d7f4a4b7

  • SHA256

    61bd7ab9565b0f68aaadb94eb328832ca36102f35f490d5d45fe99716a88e790

  • SHA512

    af1bb1363a5c2beaf6c8bb8248a155487757424848f800845643e7b71a88a0e607660ea4438a032ba3fc7e0ceb8427c5d3b3cf89cf756b1e33ff54002f07ea91

Score
10/10
hydraandroidbankerinfostealertrojan

Malware Config

Targets

    • Target

      bawag.apk

    • Size

      5.2MB

    • MD5

      fbe054f9dc536a2f45a1f6f749921c8e

    • SHA1

      9077bcc825d16c7a37815630598e5bb3d7f4a4b7

    • SHA256

      61bd7ab9565b0f68aaadb94eb328832ca36102f35f490d5d45fe99716a88e790

    • SHA512

      af1bb1363a5c2beaf6c8bb8248a155487757424848f800845643e7b71a88a0e607660ea4438a032ba3fc7e0ceb8427c5d3b3cf89cf756b1e33ff54002f07ea91

    Score
    10/10
    hydrabankerinfostealertrojan

    • Hydra

      Android banker and info stealer.

      bankertrojaninfostealerhydra

    • Makes use of the framework's Accessibility service.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks