Overview

overview

10

Static

static

7

57837f13ac...6c.apk

android-9-x86

10

57837f13ac...6c.apk

android-10-x64

1

57837f13ac...6c.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    57837f13ac963a450bd76253e3d9196c

  • Size

    2.6MB

  • Sample

    220808-22xy7sbdg6

  • MD5

    57837f13ac963a450bd76253e3d9196c

  • SHA1

    300b9f20c226f682b4c558e2ac5079241de4af16

  • SHA256

    585c602a6cc1ef9d397a15cd74b16e7cf9b24852a675afb1ea5c652ac30b2a74

  • SHA512

    3a2978fcfe5167141171afe097ea775073bf0af1d43fa25db3a954d57d566fe563f243b78d5ab6264b0ee31ee6b74413d844f21ff275d70f0e82a9da57b87f93

Score
10/10
hydraandroidbankerinfostealertrojan

Malware Config

Extracted

Family

hydra

C2

https://notpro.top

Targets

    • Target

      57837f13ac963a450bd76253e3d9196c

    • Size

      2.6MB

    • MD5

      57837f13ac963a450bd76253e3d9196c

    • SHA1

      300b9f20c226f682b4c558e2ac5079241de4af16

    • SHA256

      585c602a6cc1ef9d397a15cd74b16e7cf9b24852a675afb1ea5c652ac30b2a74

    • SHA512

      3a2978fcfe5167141171afe097ea775073bf0af1d43fa25db3a954d57d566fe563f243b78d5ab6264b0ee31ee6b74413d844f21ff275d70f0e82a9da57b87f93

    Score
    10/10
    hydrabankerinfostealertrojan

    • Hydra

      Android banker and info stealer.

      bankertrojaninfostealerhydra

    • Hydra payload

    • Makes use of the framework's Accessibility service.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks