Overview

overview

10

Static

static

7

2_Chrome_obf.apk

android-9-x86

1

2_Chrome_obf.apk

android-10-x64

1

2_Chrome_obf.apk

android-11-x64

10

Analysis

  • max time kernel
    1564178s
  • max time network
    160s
  • platform
    android_x64
  • resource
    android-x64-arm64-20220621-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220621-enlocale:en-usos:android-11-x64system
  • submitted
    02-08-2022 06:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2_Chrome_obf.apk

  • Size

    2.7MB

  • MD5

    95a7f34f3e34c98298c864a530d64346

  • SHA1

    4a5e09d2c3bc795e801b6cbe090cc384573f2a42

  • SHA256

    2ae09bef7398cbf1999263a09949ec9e6baca4d25852a2cf758e546b2f4658ce

  • SHA512

    87c7d2340f25b78f5ca7798b3ee548b5168579ba7b2d7a5bf7c01720d5fe92e3dd5f3f0347ec32b87532c417e4f3effc9d6b15fc04db494ddb08b5510e68f332

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 1 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs

Processes

  • com.enter.craft
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    PID:5078

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.enter.craft/app_DynamicOptDex/KnywGI.json
    Filesize

    1.9MB

    MD5

    d278cca23059772e7b108fd3a4d70b7c

    SHA1

    65d078fa5282d0501144238069eb39833bde3f71

    SHA256

    6467ec3d2f3ae7d5c0c19c68501577c69c8b3cccafc11942ffec42a0d42b8455

    SHA512

    deee6867ca03e23770c28a3aa7a2c5ea6c7efe78f7be7146acb24148cf2b4e460fe8f29a246c176403e5ccade7546b57cc49ed02e53afc7da70ca8f24ec8341d

    Download Submit
  • /data/user/0/com.enter.craft/app_DynamicOptDex/KnywGI.json
    Filesize

    5.0MB

    MD5

    895c7a0b1184da3d55f9ac95d8757bbc

    SHA1

    7f7fe3ce3bf8a3be429f8b7412444865946a2147

    SHA256

    7e315f0ad29a1da62d4860a14dd2a1fa10564b60b3b9f1699e9105e19293a346

    SHA512

    fb7d39a867e7b0dc0f9f3a9fe508f1f3f4f6bb7bc9f7abe0ade6a9e3d0a1b15e97ffba55799ff0efc0fb31b273d8bee4e00467f59ec870a5ca671a2c1b711a9f

    Download Submit
  • /data/user/0/com.enter.craft/app_DynamicOptDex/oat/KnywGI.json.cur.prof
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit