hydra | d0bbe42625ba821d79e7819e2785124e6271f662a8750514edf59327592a379c

Analysis

max time kernel
1564216s
max time network
169s
platform
android_x64
resource
android-x64-arm64-20220621-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220621-enlocale:en-usos:android-11-x64system
submitted
02-08-2022 06:20

Target

Extra_Cleaner_Addon_7_crypt_aligned.apk
Size

2.9MB
MD5

53d74d42cbedf2461a92420b86ddff2f
SHA1

2359701e5737276d51607f9bdb8e60ebc2e5a6d5
SHA256

d0bbe42625ba821d79e7819e2785124e6271f662a8750514edf59327592a379c
SHA512

b529e99e58af465bd5d3100831d9f2b4df51634151ad8f4c83096bb8b1e4956fe2b29eae1ffa177f8310b5f80dc4b1abb5f5ab1c7684e6a165ff63c26ece3d92

Score

10^/10

Hydra payload 1 IoCs

Processes:

resource	yara_rule
/data/user/0/com.tape.frozen/app_DynamicOptDex/SPoj.json	family_hydra

Makes use of the framework's Accessibility service. 2 IoCs

Processes:

com.tape.frozen

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.tape.frozen
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.tape.frozen

Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

com.tape.frozen

ioc pid process

/data/user/0/com.tape.frozen/app_DynamicOptDex/SPoj.json 5097 com.tape.frozen
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

ioc	pid	process
/data/user/0/com.tape.frozen/app_DynamicOptDex/SPoj.json	5097	com.tape.frozen

com.tape.frozen
1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
PID:5097

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

/data/user/0/com.tape.frozen/app_DynamicOptDex/SPoj.json
Filesize
1.9MB

MD5
dabd33af9f3e95c107b658e4417e49e2

SHA1
ff186c114a8aa23d1e527c972b21e5a8551001c2

SHA256
753322677f6c6af13c8d298390d71e032b2589abca41079a04dbf4e0393515af

SHA512
e685ed9f5fdf6ecf5b85208d86068ba24c21ec185a65fa48b6205388eaa37904c1eb76e22714ef96dfba3cbc1115117cc6f257dd018df51fd05629388fece741

Download Submit
/data/user/0/com.tape.frozen/app_DynamicOptDex/SPoj.json
Filesize
5.0MB

MD5
69e86a4a638e31186ac718ef8f4c107b

SHA1
be4d2ae3ceb6f4153280283d2af5e71159644853

SHA256
e9dba01c94ba9dc039f1a43ddfbf89e3e93eac90c44302fcd6239326fa1aa69f

SHA512
566591eef5f76a71fc7bd49f5980a7db5673018d4a199c1b58648ada77f7a8a8bea9b6e2f599932f304e5c17747d0de747e2824dc8c7f0b66fed8caf16bdae24

Download Submit
/data/user/0/com.tape.frozen/app_DynamicOptDex/oat/SPoj.json.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit