Overview

overview

10

Static

static

7

latte.apk

android-9-x86

10

latte.apk

android-10-x64

10

latte.apk

android-11-x64

10

Analysis

  • max time kernel
    1657496s
  • max time network
    145s
  • platform
    android_x86
  • resource
    android-x86-arm-20220621-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20220621-enlocale:en-usos:android-9-x86system
  • submitted
    03-08-2022 08:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    latte.apk

  • Size

    3.2MB

  • MD5

    2766fe2cc89890935127ae864f88a309

  • SHA1

    f7dc91ed1d4c85e72896b22acb9f192a36ca9ae3

  • SHA256

    93c5e98c06963c8a320f5876148ad45fb6cce1a40a7aaee195cfa5027e19426b

  • SHA512

    a9b59137d044d134417f63d38c361b9f5961f10915794a70c65e95a06bd6bdb5299325915b32be398808aabfd7aad5faea5a6b6617261b20a54f0fabb54f3ecb

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 2 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • com.alley.work
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    PID:4104
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.alley.work/app_DynamicOptDex/ensC.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.alley.work/app_DynamicOptDex/oat/x86/ensC.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4461

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.alley.work/app_DynamicOptDex/ensC.json
    Filesize

    1.9MB

    MD5

    5ecf01d33978fedd7b42ab821cf9ff6d

    SHA1

    b30d1e03d5b95d6b306edffd43193278040c15af

    SHA256

    0734ebf7a70547aadf5095877840feac1af670b74ed134acfdaadc566e9618f4

    SHA512

    41c74ebe30df0e32d9eda0a3b8a9ba735144a346a78b483ef0964a6fe25b6babb0589aced3a75af0ef1555cb9248afa310774b776db91e9daf7e4e90052719cc

    Download Submit
  • /data/user/0/com.alley.work/app_DynamicOptDex/ensC.json
    Filesize

    5.0MB

    MD5

    3e61ae0bf61c3b3cb60ffaa3f8f94d91

    SHA1

    4ed87930beb32ea8e47e435b61332ff4866a65c4

    SHA256

    131219a0537c9bec6a762956e4ec6ff06144b368d6a3d699aa41c4261ade0e59

    SHA512

    0e56902679347a7870dffbdd4d7e89249b6d79ab0c3cb15bc67d42c52f5c89e9d41cc5c1c137eccf798723c0b2de8e7db32b691f06461fdca58b51b7775d15f0

    Download Submit
  • /data/user/0/com.alley.work/app_DynamicOptDex/ensC.json
    Filesize

    5.0MB

    MD5

    89ea70b3fa129d5d03833444578a4c3f

    SHA1

    3499fb858c1f4de0cc8a5cb36d843d9f2f6d1328

    SHA256

    f49ea523bc202e6fd2a58a8034579684108cac3702bc1d989fbd068dab54955d

    SHA512

    fa4b40d7dd535e44267ca576260be9950e0371196d2b443d1bf36a50265a925c7c9b8b62db7337e9c5264abaacecf36db9390a3976ab9092b1c1368310f57368

    Download Submit
  • /data/user/0/com.alley.work/app_DynamicOptDex/ensC.json.x86.flock
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • /data/user/0/com.alley.work/app_DynamicOptDex/oat/ensC.json.cur.prof
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • /data/user/0/com.alley.work/app_DynamicOptDex/oat/x86/ensC.odex
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • /data/user/0/com.alley.work/app_DynamicOptDex/oat/x86/ensC.vdex
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit