Overview

overview

10

Static

static

7

18c5bf8ee1...b4.apk

android-9-x86

10

18c5bf8ee1...b4.apk

android-10-x64

10

18c5bf8ee1...b4.apk

android-11-x64

10

Analysis

  • max time kernel
    1102711s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20220823-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
  • submitted
    15-09-2022 15:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    18c5bf8ee185102b2cffb7e19ea9480113e94544f78c4d3eef628f635c2b77b4.apk

  • Size

    1.0MB

  • MD5

    7b5ca7af7560e1e00a53e3b2da398e8d

  • SHA1

    d553b5b5fdb8e5b9c8bf291039820b4ff30ace87

  • SHA256

    18c5bf8ee185102b2cffb7e19ea9480113e94544f78c4d3eef628f635c2b77b4

  • SHA512

    1c416cc854000256adb6d2e34b401ff53d919aa503e40b9153186669521840efb67f9affe698911c6acb487ed918dc01e4aebbf32eb3e81b1bb5dd4e29237295

  • SSDEEP

    24576:a/xMjXBYdbtCk1w72Ctm/8Hf95fVkbLXZVs5A0w45:aZbnK72CcMfb9ULiA0w45

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Extracted

Family

hydra

C2

http://laurenwarren1566.top

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 2 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • com.pretty.flock
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    PID:4048
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.pretty.flock/app_DynamicOptDex/NFxRTXU.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.pretty.flock/app_DynamicOptDex/oat/x86/NFxRTXU.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4143

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.pretty.flock/app_DynamicOptDex/NFxRTXU.json
    Filesize

    231KB

    MD5

    013c636eab0b61fe2cc47ff1ef8c166b

    SHA1

    43c1e802c1498cd7bb498bd158a07d93dc13ae81

    SHA256

    d1413e17fcd2bc60e0273d1f95226e7d0d7c38d89aeffab041d5d7f9ed6f24d0

    SHA512

    e81a2d0e5bc965c1585e8183432cdc3babbb4b369028cecb65f0a0025b5e5a8b5c265ab86f9bdc810121b03206dc26dfd4741111656a9992aa3e500c76dcdb6b

    Download Submit
  • /data/user/0/com.pretty.flock/app_DynamicOptDex/NFxRTXU.json
    Filesize

    540KB

    MD5

    67481bbac1ac43b23efcccc36bc55953

    SHA1

    36d604d8e94d360c33caf0d2e62515303eca75af

    SHA256

    4fe8cfda53af8fa93f7dcab4c82957aa368b2d8b471313f72e1f40581c6223ae

    SHA512

    107a7dc55ee653b8d40aa1f8f6d87ae978e28598b9eca60356cd007aa3c56270edeb49dda3f9c4ad133fa4a361805cbbfc284b37743bf071459e62f90accabb9

    Download Submit
  • /data/user/0/com.pretty.flock/app_DynamicOptDex/NFxRTXU.json
    Filesize

    540KB

    MD5

    f8fbd39fae1f279d2ee95d4b9b429df8

    SHA1

    e8295b4144b3eeb0b217f42754552fa52f73f9d6

    SHA256

    8cd48eebcb786d457864536178e41c4a97079606d1871d3c464eb741315fa01e

    SHA512

    93756886ce2ee37f762a8227bb21fc697441a969e1ea7eed5961d49a9e0bfaa90e9047572bc50ef2dabfd9d883595748c8ea529cdef38965e5d93aa3c085c935

    Download Submit
  • /data/user/0/com.pretty.flock/app_DynamicOptDex/NFxRTXU.json.x86.flock
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • /data/user/0/com.pretty.flock/app_DynamicOptDex/oat/NFxRTXU.json.cur.prof
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • /data/user/0/com.pretty.flock/app_DynamicOptDex/oat/x86/NFxRTXU.odex
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • /data/user/0/com.pretty.flock/app_DynamicOptDex/oat/x86/NFxRTXU.vdex
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • /data/user/0/com.pretty.flock/shared_prefs/pref_name_setting.xml
    Filesize

    131B

    MD5

    280c9a0c28637cc99345d92564440dee

    SHA1

    a0ca74739e33085f11ef8fe4557395324c41f8d2

    SHA256

    ebefdb9cb356667cf4acfc984bbf34c81a2f6abee3ec34297f172cbbfff2f88d

    SHA512

    2c63fa6a51ffb453cf0621262db9d760590351757842bd7a62184b16f909e122a39be1200e441514e029e5f3ad0294e82ba8cb9fe3a0fe46d0c108afbf439b04

    Download Submit