hydra | 3df6e6f451c46ed9d8d88e223a0baffea4da07abfe0258b107aa22c2f0f4e6ed

Resubmissions

11-10-2022 13:32

221011-qs1sysgbdk 10

Analysis

max time kernel
3342985s
max time network
141s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
11-10-2022 13:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8b321553f1a269ee4b68a02162ba2d14c71a92907b6001ff3db0fe5bae6b3430.apk
Size

2.8MB
MD5

d1a68785559ae6b0049a2bd1798277a1
SHA1

8ea0706e77e57810ff1bc9073f3701772f032557
SHA256

8b321553f1a269ee4b68a02162ba2d14c71a92907b6001ff3db0fe5bae6b3430
SHA512

b4c676c19dedf7b582598bc8bc9d3bf260b3847564d7da755cf9e694abdf2ad3555da526b7ff847dcbddf75b9d1183924a29078d181b313fcec18c8b5349637a
SSDEEP

49152:Ucz4N3omNn0M+CGN3SPXLD8S/obeUQGkfC1T3Eb0KizuNAGq6BXk2M:LrmR0vCSC/robeZGkfk0xA1XX

Score

10^/10

hydra banker infostealer trojan

Malware Config

Extracted

Family

hydra

http://lalabanda.com

Signatures

Hydra
Android banker and info stealer.
banker trojan infostealer hydra

Hydra payload 2 IoCs

Processes:

resource	yara_rule
/data/user/0/com.wife.dizzy/app_DynamicOptDex/KCFj.json	family_hydra
/data/user/0/com.wife.dizzy/app_DynamicOptDex/KCFj.json	family_hydra

Makes use of the framework's Accessibility service. 2 IoCs

Processes:

com.wife.dizzy

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.wife.dizzy
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.wife.dizzy

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.wife.dizzy/app_DynamicOptDex/KCFj.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.wife.dizzy/app_DynamicOptDex/oat/x86/KCFj.odex --compiler-filter=quicken --class-loader-context=&com.wife.dizzy

ioc	pid	process
/data/user/0/com.wife.dizzy/app_DynamicOptDex/KCFj.json	4063	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.wife.dizzy/app_DynamicOptDex/KCFj.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.wife.dizzy/app_DynamicOptDex/oat/x86/KCFj.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.wife.dizzy/app_DynamicOptDex/KCFj.json	4023	com.wife.dizzy

Reads information about phone network operator.

com.wife.dizzy
1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
PID:4023

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.wife.dizzy/app_DynamicOptDex/KCFj.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.wife.dizzy/app_DynamicOptDex/oat/x86/KCFj.odex --compiler-filter=quicken --class-loader-context=&
2⤵
- Loads dropped Dex/Jar
PID:4063

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.wife.dizzy/app_DynamicOptDex/KCFj.json
Filesize
1.3MB

MD5
f84f5fda1df953a8fbe24c17bacdf3ae

SHA1
044b7ca9f5988e175bea21312e81043aa17c9027

SHA256
e31d73a78d821a4ee86e55c77432c3c52ef01a8cb7be18fda83faf50772f7ffa

SHA512
0fb2a6900c79f673df5089ead0bfbbff7582cd17c0094cff3c90cfab2e2f64eb3b1d0ceebb70f6df113b7a68ae13e837477a3e9512efa33530901ccff52bbfd7

Download Submit
/data/user/0/com.wife.dizzy/app_DynamicOptDex/KCFj.json
Filesize
3.6MB

MD5
75c36afec3c816acf958b039db4065f4

SHA1
e16d47dc4c597a5b13fed920f367789262ad0162

SHA256
5e5698bbd30997a749fa6e342d8381e042be60c70686fab7f59b151909c39a99

SHA512
eede6c3acb863e7172569fa0814aa65b3c1aac71a46adc4b14f0106de6f63a283b588704b1199ecd0a49321898f745ec9600070d681cff8c4af43b26f6997c5d

Download Submit
/data/user/0/com.wife.dizzy/app_DynamicOptDex/KCFj.json
Filesize
3.6MB

MD5
7135f1564d788d4f037d1fce183fb480

SHA1
d0b34f23799c14770a8b5fc1f1a1d81697bb6f53

SHA256
df7bbead42e925c5b6b349c89c5fa85b8dbd113317acf05fed32243b4827f6b3

SHA512
d4ad950737096138a221850f58180962b5a29e81b4b6866f041f2ca7d3b0d03a2262ce7e081eb71c72d28c057e760521bb986136729be506b934f44ec04ebea2

Download Submit
/data/user/0/com.wife.dizzy/app_DynamicOptDex/KCFj.json.x86.flock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.wife.dizzy/app_DynamicOptDex/oat/KCFj.json.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.wife.dizzy/app_DynamicOptDex/oat/x86/KCFj.odex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.wife.dizzy/app_DynamicOptDex/oat/x86/KCFj.vdex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.wife.dizzy/shared_prefs/pref_name_setting.xml
Filesize
131B

MD5
c5768b563517bf8354449846fd544454

SHA1
5d092faf979dbf01eb823ae239cffa2372f20d46

SHA256
b1fb5a22b81d04f4a731dbd4d59caf24af443103b681b267217746b6862390b3

SHA512
830f4e48b5b842f166280609b4a0d9faedc1c1f34442b3370c479f1dd4cd7d8274cb84aab6c33d4980577902c3bd806c804fb2a45a74b949cd0a1f80bb7b8aa5

Download Submit