Overview

overview

10

Static

static

7

bd849070c6...b0.apk

android-9-x86

10

bd849070c6...b0.apk

android-10-x64

10

bd849070c6...b0.apk

android-11-x64

10

Analysis

  • max time kernel
    1101799s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20220823-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
  • submitted
    15-09-2022 14:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bd849070c6ac6b649282325eb066144bbac76ec2dd7e514eddc28e11ca3bd2b0.apk

  • Size

    2.3MB

  • MD5

    11774322a9ccd5cd7f1b509b47b9670d

  • SHA1

    3a82dcb6cec0e5a85c79bd2e140385dd6ed2fcb8

  • SHA256

    bd849070c6ac6b649282325eb066144bbac76ec2dd7e514eddc28e11ca3bd2b0

  • SHA512

    d4f24e7bf4123a242e29cfc0c6592c910660419316f6dafc4a6280c6f40a118098c1831b44c0c5a5ea04762936c9a5d78aebcfefb430e7cad66fe74b0b4872fd

  • SSDEEP

    49152:eYPISCEh/fNtFQoU4ub8ozzg88Ub78feZ29IOzTqevQDbde9Vg8u6V4Ch:diEZf/6oU4YDE8QT9IOzIDbde9VgN6p

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Extracted

Family

hydra

C2

http://jioluuuieyegs.info

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 2 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • com.else.result
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    PID:4099
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.else.result/app_DynamicOptDex/mygDEh.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.else.result/app_DynamicOptDex/oat/x86/mygDEh.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4147

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.else.result/app_DynamicOptDex/mygDEh.json
    Filesize

    1.3MB

    MD5

    6422083a6f3423b2abe3389e18585365

    SHA1

    d752191361d0566f90f6a6d533b639ebc2b9f85e

    SHA256

    3f00bc98015824104a7e8e123ece8a87726fbe1b1c3cf3044ebc376270355b49

    SHA512

    f61ddbfe1a96ff47d6babec92781724a37a7dee3824f106113e71f1fc93132c9a6ca9509db01f0af964ee65f4e345eb719e7575600502c1c351da2996ed02fcc

    Download Submit
  • /data/user/0/com.else.result/app_DynamicOptDex/mygDEh.json
    Filesize

    3.6MB

    MD5

    7d09bed5c9cee779213a436e065f3afb

    SHA1

    97f0c9a11f33bcd2b8158d80348f247a2e3f047a

    SHA256

    97d96121c3347988125378291ecdf39a5a30d4f101ae2bfe61a81b3c94d95e1e

    SHA512

    44172390d832cd2eec05679b09186779251bdd9c998fe0a8ba961c492e3fcbd1922382a9a08a387147d96d2d14993f2e366b97d5bb582c81346f97c45be4dfc6

    Download Submit
  • /data/user/0/com.else.result/app_DynamicOptDex/mygDEh.json
    Filesize

    3.6MB

    MD5

    d1a4d40d83f033bfa504c9167256556d

    SHA1

    5deb8d6e800ee2c9e5334cd36e03bf145b181777

    SHA256

    83fea678ac133b73858e5c475825803233dc94064b8bd9e490cca69fef9aadaf

    SHA512

    cd2a90f367daea1e7c75f4f65a036a5dc696b9b1a2212ed221dcccb46b35b920881719dfda5a2ac1db3829cb2501e1dedc5637c15df9b2a53191375414ebc8bd

    Download Submit
  • /data/user/0/com.else.result/app_DynamicOptDex/mygDEh.json.x86.flock
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • /data/user/0/com.else.result/app_DynamicOptDex/oat/mygDEh.json.cur.prof
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • /data/user/0/com.else.result/app_DynamicOptDex/oat/x86/mygDEh.odex
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • /data/user/0/com.else.result/app_DynamicOptDex/oat/x86/mygDEh.vdex
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • /data/user/0/com.else.result/shared_prefs/pref_name_setting.xml
    Filesize

    131B

    MD5

    19eb5a87834c5d2cc72899b554f89169

    SHA1

    d6c84e8deca2e8960442a0a6d55591819fec6b52

    SHA256

    5ea8d6106df088c0ffa3a43bf9a8a1183bf9e77f4409586165e9d87b1025e43e

    SHA512

    0fcb97b04d5d42014493a259233a2d38fc1db56584554ec86847c384a666e4a17fe2a8c835692e1342aeea10877fbcfe103ee8a2cf75d63046bfb564d410b43e

    Download Submit