Overview

overview

10

Static

static

7

8b93f879e9...ed.apk

android-9-x86

10

8b93f879e9...ed.apk

android-10-x64

1

8b93f879e9...ed.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8b93f879e9030312f4ab748c496092ed

  • Size

    2.4MB

  • Sample

    220802-tg8wzahghq

  • MD5

    8b93f879e9030312f4ab748c496092ed

  • SHA1

    7dfe55db40b2a39e9cb5ec10dd9515e0cf819f04

  • SHA256

    90af19b082297b94f837f617fa67d2f7e894b6efb2b5917dbf97d194dde0c00b

  • SHA512

    433e9f5559e54b0ebc35a7e826f2e2e9c2364a23d34100a6d4bb8422d331d8fd6bac180c952e956e87be46d2a2d08b8df42040c5a95510163740c32903c4720e

Score
10/10
hydraandroidbankerinfostealertrojan

Malware Config

Extracted

Family

hydra

C2

https://notpro.top

Targets

    • Target

      8b93f879e9030312f4ab748c496092ed

    • Size

      2.4MB

    • MD5

      8b93f879e9030312f4ab748c496092ed

    • SHA1

      7dfe55db40b2a39e9cb5ec10dd9515e0cf819f04

    • SHA256

      90af19b082297b94f837f617fa67d2f7e894b6efb2b5917dbf97d194dde0c00b

    • SHA512

      433e9f5559e54b0ebc35a7e826f2e2e9c2364a23d34100a6d4bb8422d331d8fd6bac180c952e956e87be46d2a2d08b8df42040c5a95510163740c32903c4720e

    Score
    10/10
    hydrabankerinfostealertrojan

    • Hydra

      Android banker and info stealer.

      bankertrojaninfostealerhydra

    • Hydra payload

    • Makes use of the framework's Accessibility service.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks