Overview

overview

10

Static

static

7

GoogleChro....1.apk

android_x86

10

GoogleChro....1.apk

android_x64

10

GoogleChro....1.apk

android_x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    GoogleChrome5.31.1.apk

  • Size

    3.1MB

  • Sample

    220602-m8jmtsahhj

  • MD5

    029ff646eec48591309652a724c836fc

  • SHA1

    7cfbe7b28f797d6bef7c0cb50e7c98ca13f49bdc

  • SHA256

    befa3bb2e619cc2116e883787b3e0e9824c2827ca1c0d1a096c073acf39a6817

  • SHA512

    00e7f6c86a39e5821f3875509aa8afc65dc55e16ee45647800073c844d229e619c397956b93bfb746d329fcd26faacf1ec60360a6afffcd6fc35c31c1e4bb3c1

Score
10/10
hydraandroidbankerinfostealertrojan

Malware Config

Targets

    • Target

      GoogleChrome5.31.1.apk

    • Size

      3.1MB

    • MD5

      029ff646eec48591309652a724c836fc

    • SHA1

      7cfbe7b28f797d6bef7c0cb50e7c98ca13f49bdc

    • SHA256

      befa3bb2e619cc2116e883787b3e0e9824c2827ca1c0d1a096c073acf39a6817

    • SHA512

      00e7f6c86a39e5821f3875509aa8afc65dc55e16ee45647800073c844d229e619c397956b93bfb746d329fcd26faacf1ec60360a6afffcd6fc35c31c1e4bb3c1

    Score
    10/10
    hydrabankerinfostealertrojan

    • Hydra

      Android banker and info stealer.

      bankertrojaninfostealerhydra

    • Hydra Payload

    • Makes use of the framework's Accessibility service.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks