Analysis
-
max time kernel
1564216s -
max time network
169s -
platform
android_x64 -
resource
android-x64-arm64-20220621-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220621-enlocale:en-usos:android-11-x64system -
submitted
02-08-2022 06:20
Static task
static1
Behavioral task
behavioral1
Sample
Extra_Cleaner_Addon_7_crypt_aligned.apk
Resource
android-x86-arm-20220621-en
Behavioral task
behavioral2
Sample
Extra_Cleaner_Addon_7_crypt_aligned.apk
Resource
android-x64-20220621-en
Behavioral task
behavioral3
Sample
Extra_Cleaner_Addon_7_crypt_aligned.apk
Resource
android-x64-arm64-20220621-en
General
-
Target
Extra_Cleaner_Addon_7_crypt_aligned.apk
-
Size
2.9MB
-
MD5
53d74d42cbedf2461a92420b86ddff2f
-
SHA1
2359701e5737276d51607f9bdb8e60ebc2e5a6d5
-
SHA256
d0bbe42625ba821d79e7819e2785124e6271f662a8750514edf59327592a379c
-
SHA512
b529e99e58af465bd5d3100831d9f2b4df51634151ad8f4c83096bb8b1e4956fe2b29eae1ffa177f8310b5f80dc4b1abb5f5ab1c7684e6a165ff63c26ece3d92
Malware Config
Signatures
-
Hydra
Android banker and info stealer.
-
Hydra payload 1 IoCs
Processes:
resource yara_rule /data/user/0/com.tape.frozen/app_DynamicOptDex/SPoj.json family_hydra -
Makes use of the framework's Accessibility service. 2 IoCs
Processes:
com.tape.frozendescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.tape.frozen Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.tape.frozen -
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.tape.frozenioc pid process /data/user/0/com.tape.frozen/app_DynamicOptDex/SPoj.json 5097 com.tape.frozen -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.tape.frozen/app_DynamicOptDex/SPoj.jsonFilesize
1.9MB
MD5dabd33af9f3e95c107b658e4417e49e2
SHA1ff186c114a8aa23d1e527c972b21e5a8551001c2
SHA256753322677f6c6af13c8d298390d71e032b2589abca41079a04dbf4e0393515af
SHA512e685ed9f5fdf6ecf5b85208d86068ba24c21ec185a65fa48b6205388eaa37904c1eb76e22714ef96dfba3cbc1115117cc6f257dd018df51fd05629388fece741
-
/data/user/0/com.tape.frozen/app_DynamicOptDex/SPoj.jsonFilesize
5.0MB
MD569e86a4a638e31186ac718ef8f4c107b
SHA1be4d2ae3ceb6f4153280283d2af5e71159644853
SHA256e9dba01c94ba9dc039f1a43ddfbf89e3e93eac90c44302fcd6239326fa1aa69f
SHA512566591eef5f76a71fc7bd49f5980a7db5673018d4a199c1b58648ada77f7a8a8bea9b6e2f599932f304e5c17747d0de747e2824dc8c7f0b66fed8caf16bdae24
-
/data/user/0/com.tape.frozen/app_DynamicOptDex/oat/SPoj.json.cur.profMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e