General

  • Target

    3971b2bbb2ce0491104c0cd834f929bdc0aa4a612a8cd4edaf17b9b9cbf1b915.zip

  • Size

    1.8MB

  • Sample

    230110-3ew9tsdg4x

  • MD5

    a9a021c4b5fd0c789617c348aa7fd757

  • SHA1

    7bc99c385887517f5b4325feb6ee82338565ea21

  • SHA256

    247b5d759f726ebaccddd64921d764603132e20d1c6986ca5bd1d43b7fc9b426

  • SHA512

    3cf171265de18f3487a5d32465a2722503a05c69bb2166fd444b8f2052027a3faa658da2b22f81314bc85d4210c7b8bb0a0a1b913e2af209089f447208e79fb5

  • SSDEEP

    49152:tfbIApwmpnZA5sDXAUNDGfyQQGCdb5E73nn0gE:tfUApZZA5uXjGlQGCd9enNE

Malware Config

Extracted

Family

hydra

C2

http://laurawright.top

Targets

    • Target

      3971b2bbb2ce0491104c0cd834f929bdc0aa4a612a8cd4edaf17b9b9cbf1b915

    • Size

      2.1MB

    • MD5

      6224051522f494907ccf147546344789

    • SHA1

      d348a6160285ab2b17bfa4ab12fb671bd5a62719

    • SHA256

      3971b2bbb2ce0491104c0cd834f929bdc0aa4a612a8cd4edaf17b9b9cbf1b915

    • SHA512

      04be2363b8e0264d57c6b637e05b14338f62066fa3260a926091f0749780b5c754249ad350c4d97a0a133b682591412f043fe69f8c015fedefc08284e14e4071

    • SSDEEP

      49152:AU108yB0ekNWLBSONPBOIesOHaTLVTdhZ:Ai08yBuNWBgr5Har

    • Hydra

      Android banker and info stealer.

    • Hydra payload

    • Makes use of the framework's Accessibility service.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks