Overview

overview

10

Static

static

7

9c96b8f5b7...65.apk

android-9-x86

10

9c96b8f5b7...65.apk

android-10-x64

10

9c96b8f5b7...65.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9c96b8f5b7599b8f447d56c5e51b3e65.apk

  • Size

    2.7MB

  • Sample

    220816-w9dbwaffa2

  • MD5

    9c96b8f5b7599b8f447d56c5e51b3e65

  • SHA1

    9ea098c58e0054c4977e164c62ef9a5218fa2e1c

  • SHA256

    c87b73a7595006407d2eb454912707fa9ca4ca700a1afbea7657f7dc5f7899c6

  • SHA512

    6ffad1c6253f3bbd95a2e51dbac021f5fc4033d505685747d5836d970616fcf96601a3c59597ea4f87100293bbc6c53e3704a7f9b28da33775edf753beb6ce96

  • SSDEEP

    49152:pQ5P81Pcu+ApCs1iZ5qLr+JAySus//kwTbHR5MG7wGnWpZ+oILN7LMH5L/:pQ5IUu++j1o5qvGlPstT7R3wDILNg5L/

Score
10/10
hydraandroidbankerinfostealertrojan

Malware Config

Extracted

Family

hydra

C2

https://notpro.top

Targets

    • Target

      9c96b8f5b7599b8f447d56c5e51b3e65.apk

    • Size

      2.7MB

    • MD5

      9c96b8f5b7599b8f447d56c5e51b3e65

    • SHA1

      9ea098c58e0054c4977e164c62ef9a5218fa2e1c

    • SHA256

      c87b73a7595006407d2eb454912707fa9ca4ca700a1afbea7657f7dc5f7899c6

    • SHA512

      6ffad1c6253f3bbd95a2e51dbac021f5fc4033d505685747d5836d970616fcf96601a3c59597ea4f87100293bbc6c53e3704a7f9b28da33775edf753beb6ce96

    • SSDEEP

      49152:pQ5P81Pcu+ApCs1iZ5qLr+JAySus//kwTbHR5MG7wGnWpZ+oILN7LMH5L/:pQ5IUu++j1o5qvGlPstT7R3wDILNg5L/

    Score
    10/10
    hydrabankerinfostealertrojan

    • Hydra

      Android banker and info stealer.

      bankertrojaninfostealerhydra

    • Hydra payload

    • Makes use of the framework's Accessibility service.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks