Overview

overview

10

Static

static

7

bawag.apk

android_x86

10

bawag.apk

android_x64

10

bawag.apk

android_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bawag.apk

  • Size

    5.2MB

  • Sample

    220301-rnzwjaach6

  • MD5

    423566623868a27aaba992afdde2ffe5

  • SHA1

    99a515661d24ef2fec8406c31bd91d36602ed7cb

  • SHA256

    1c6ff4c48a7506facfcc0f82164eeac056318c263b6ed61ae02019871cbd928c

  • SHA512

    d6a42c4ee01cefd5c6d46fba05942895d3d1e59c9dfe3556ede2bc9506eeff07a449c2289dfd4aee19936e2435acb604422b96f6afc4410230e1edce1fbfb5af

Score
10/10
hydraandroidbankerinfostealertrojan

Malware Config

Targets

    • Target

      bawag.apk

    • Size

      5.2MB

    • MD5

      423566623868a27aaba992afdde2ffe5

    • SHA1

      99a515661d24ef2fec8406c31bd91d36602ed7cb

    • SHA256

      1c6ff4c48a7506facfcc0f82164eeac056318c263b6ed61ae02019871cbd928c

    • SHA512

      d6a42c4ee01cefd5c6d46fba05942895d3d1e59c9dfe3556ede2bc9506eeff07a449c2289dfd4aee19936e2435acb604422b96f6afc4410230e1edce1fbfb5af

    Score
    10/10
    hydrabankerinfostealertrojan

    • Hydra

      Android banker and info stealer.

      bankertrojaninfostealerhydra

    • Makes use of the framework's Accessibility service.

    • Checks Qemu related system properties.

      Checks for Android system properties related to Qemu for Emulator detection.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks