Overview

overview

10

Static

static

7

Extra_Clea...ed.apk

android-9-x86

1

Extra_Clea...ed.apk

android-10-x64

1

Extra_Clea...ed.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Extra_Cleaner_Addon_7_crypt_aligned.apk

  • Size

    2.9MB

  • Sample

    220802-g3tb7abgh2

  • MD5

    53d74d42cbedf2461a92420b86ddff2f

  • SHA1

    2359701e5737276d51607f9bdb8e60ebc2e5a6d5

  • SHA256

    d0bbe42625ba821d79e7819e2785124e6271f662a8750514edf59327592a379c

  • SHA512

    b529e99e58af465bd5d3100831d9f2b4df51634151ad8f4c83096bb8b1e4956fe2b29eae1ffa177f8310b5f80dc4b1abb5f5ab1c7684e6a165ff63c26ece3d92

Score
10/10
hydraandroidbankerinfostealertrojan

Malware Config

Targets

    • Target

      Extra_Cleaner_Addon_7_crypt_aligned.apk

    • Size

      2.9MB

    • MD5

      53d74d42cbedf2461a92420b86ddff2f

    • SHA1

      2359701e5737276d51607f9bdb8e60ebc2e5a6d5

    • SHA256

      d0bbe42625ba821d79e7819e2785124e6271f662a8750514edf59327592a379c

    • SHA512

      b529e99e58af465bd5d3100831d9f2b4df51634151ad8f4c83096bb8b1e4956fe2b29eae1ffa177f8310b5f80dc4b1abb5f5ab1c7684e6a165ff63c26ece3d92

    Score
    10/10
    hydrabankerinfostealertrojan

    • Hydra

      Android banker and info stealer.

      bankertrojaninfostealerhydra

    • Hydra payload

    • Makes use of the framework's Accessibility service.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks