Overview

overview

10

Static

static

7

18c5bf8ee1...b4.apk

android-9-x86

10

18c5bf8ee1...b4.apk

android-10-x64

10

18c5bf8ee1...b4.apk

android-11-x64

10

Analysis

  • max time kernel
    1102714s
  • max time network
    158s
  • platform
    android_x64
  • resource
    android-x64-arm64-20220823-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
  • submitted
    15-09-2022 15:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    18c5bf8ee185102b2cffb7e19ea9480113e94544f78c4d3eef628f635c2b77b4.apk

  • Size

    1.0MB

  • MD5

    7b5ca7af7560e1e00a53e3b2da398e8d

  • SHA1

    d553b5b5fdb8e5b9c8bf291039820b4ff30ace87

  • SHA256

    18c5bf8ee185102b2cffb7e19ea9480113e94544f78c4d3eef628f635c2b77b4

  • SHA512

    1c416cc854000256adb6d2e34b401ff53d919aa503e40b9153186669521840efb67f9affe698911c6acb487ed918dc01e4aebbf32eb3e81b1bb5dd4e29237295

  • SSDEEP

    24576:a/xMjXBYdbtCk1w72Ctm/8Hf95fVkbLXZVs5A0w45:aZbnK72CcMfb9ULiA0w45

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Extracted

Family

hydra

C2

http://laurenwarren1566.top

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 1 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • com.pretty.flock
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    PID:4579

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.pretty.flock/app_DynamicOptDex/NFxRTXU.json
    Filesize

    231KB

    MD5

    013c636eab0b61fe2cc47ff1ef8c166b

    SHA1

    43c1e802c1498cd7bb498bd158a07d93dc13ae81

    SHA256

    d1413e17fcd2bc60e0273d1f95226e7d0d7c38d89aeffab041d5d7f9ed6f24d0

    SHA512

    e81a2d0e5bc965c1585e8183432cdc3babbb4b369028cecb65f0a0025b5e5a8b5c265ab86f9bdc810121b03206dc26dfd4741111656a9992aa3e500c76dcdb6b

    Download Submit

  • /data/user/0/com.pretty.flock/app_DynamicOptDex/NFxRTXU.json
    Filesize

    540KB

    MD5

    f8fbd39fae1f279d2ee95d4b9b429df8

    SHA1

    e8295b4144b3eeb0b217f42754552fa52f73f9d6

    SHA256

    8cd48eebcb786d457864536178e41c4a97079606d1871d3c464eb741315fa01e

    SHA512

    93756886ce2ee37f762a8227bb21fc697441a969e1ea7eed5961d49a9e0bfaa90e9047572bc50ef2dabfd9d883595748c8ea529cdef38965e5d93aa3c085c935

    Download Submit

  • /data/user/0/com.pretty.flock/shared_prefs/pref_name_setting.xml
    Filesize

    131B

    MD5

    bf7b40d519d70013c761bc7445badbad

    SHA1

    afe407b55cc1b01eed64b304a9d51a8ba07dafa7

    SHA256

    ee5b030511f3c8a17dbefe38d047bb3cd44943fcc122ea92f3a04f60dad5bb26

    SHA512

    685086f1d3f86bec16f89dba06d2286b4e1652b4cfce124d853d6bdb7759f509851c4238e0325e749310af084f08f1d7f5bb0fc711eaac5d46c296196d2728c1

    Download Submit