Analysis
-
max time kernel
1101799s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20220823-en -
resource tags
-
submitted
15-09-2022 14:59
General
-
Target
bd849070c6ac6b649282325eb066144bbac76ec2dd7e514eddc28e11ca3bd2b0.apk
-
Size
2.3MB
-
MD5
11774322a9ccd5cd7f1b509b47b9670d
-
SHA1
3a82dcb6cec0e5a85c79bd2e140385dd6ed2fcb8
-
SHA256
bd849070c6ac6b649282325eb066144bbac76ec2dd7e514eddc28e11ca3bd2b0
-
SHA512
d4f24e7bf4123a242e29cfc0c6592c910660419316f6dafc4a6280c6f40a118098c1831b44c0c5a5ea04762936c9a5d78aebcfefb430e7cad66fe74b0b4872fd
-
SSDEEP
49152:eYPISCEh/fNtFQoU4ub8ozzg88Ub78feZ29IOzTqevQDbde9Vg8u6V4Ch:diEZf/6oU4YDE8QT9IOzIDbde9VgN6p
Malware Config
Extracted
hydra
http://jioluuuieyegs.info
Signatures
-
Hydra
Android banker and info stealer.
-
Hydra payload 2 IoCs
-
Makes use of the framework's Accessibility service. 2 IoCs
-
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Reads information about phone network operator.
Processes
-
com.else.result1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.else.result/app_DynamicOptDex/mygDEh.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.else.result/app_DynamicOptDex/oat/x86/mygDEh.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD56422083a6f3423b2abe3389e18585365
SHA1d752191361d0566f90f6a6d533b639ebc2b9f85e
SHA2563f00bc98015824104a7e8e123ece8a87726fbe1b1c3cf3044ebc376270355b49
SHA512f61ddbfe1a96ff47d6babec92781724a37a7dee3824f106113e71f1fc93132c9a6ca9509db01f0af964ee65f4e345eb719e7575600502c1c351da2996ed02fcc
-
Filesize
3.6MB
MD57d09bed5c9cee779213a436e065f3afb
SHA197f0c9a11f33bcd2b8158d80348f247a2e3f047a
SHA25697d96121c3347988125378291ecdf39a5a30d4f101ae2bfe61a81b3c94d95e1e
SHA51244172390d832cd2eec05679b09186779251bdd9c998fe0a8ba961c492e3fcbd1922382a9a08a387147d96d2d14993f2e366b97d5bb582c81346f97c45be4dfc6
-
Filesize
3.6MB
MD5d1a4d40d83f033bfa504c9167256556d
SHA15deb8d6e800ee2c9e5334cd36e03bf145b181777
SHA25683fea678ac133b73858e5c475825803233dc94064b8bd9e490cca69fef9aadaf
SHA512cd2a90f367daea1e7c75f4f65a036a5dc696b9b1a2212ed221dcccb46b35b920881719dfda5a2ac1db3829cb2501e1dedc5637c15df9b2a53191375414ebc8bd
-
Filesize
131B
MD519eb5a87834c5d2cc72899b554f89169
SHA1d6c84e8deca2e8960442a0a6d55591819fec6b52
SHA2565ea8d6106df088c0ffa3a43bf9a8a1183bf9e77f4409586165e9d87b1025e43e
SHA5120fcb97b04d5d42014493a259233a2d38fc1db56584554ec86847c384a666e4a17fe2a8c835692e1342aeea10877fbcfe103ee8a2cf75d63046bfb564d410b43e