Overview

overview

10

Static

static

7

bawag.apk

android_x86

10

bawag.apk

android_x64

10

bawag.apk

android_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bawag.apk

  • Size

    6.2MB

  • Sample

    220215-q1t1dafdg9

  • MD5

    4212125ef94304e3dd9659186204fc5c

  • SHA1

    c807313be5dd0fc754ba913d1b7e6a40bd8a663f

  • SHA256

    507f55a17a03490978c09690fc2f11a900b52ff7bc4a73f8af9ea9c586b83d75

  • SHA512

    709c3d2975b5c1b4740bd80e4b9a8a10d97e584b9cfe75185b5d4fb2f78fa2868bafbc328a2234786226233a54826eff25f929d2dc7e27d70300c7ce50d8f21d

Score
10/10
hydraandroidbankerinfostealertrojan

Malware Config

Targets

    • Target

      bawag.apk

    • Size

      6.2MB

    • MD5

      4212125ef94304e3dd9659186204fc5c

    • SHA1

      c807313be5dd0fc754ba913d1b7e6a40bd8a663f

    • SHA256

      507f55a17a03490978c09690fc2f11a900b52ff7bc4a73f8af9ea9c586b83d75

    • SHA512

      709c3d2975b5c1b4740bd80e4b9a8a10d97e584b9cfe75185b5d4fb2f78fa2868bafbc328a2234786226233a54826eff25f929d2dc7e27d70300c7ce50d8f21d

    Score
    10/10
    hydrabankerinfostealertrojan

    • Hydra

      Android banker and info stealer.

      bankertrojaninfostealerhydra

    • Makes use of the framework's Accessibility service.

    • Checks Qemu related system properties.

      Checks for Android system properties related to Qemu for Emulator detection.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks