General

  • Target

    4d15496267219d11a061ab5c201b4895277afa4d9b75943e61163a184cd50169.zip

  • Size

    1.9MB

  • Sample

    230112-q2153sbh5v

  • MD5

    c53825d840075c4621cbed8f6a9b446d

  • SHA1

    cd18b2f91994d461d7683e444aab85ae988842c8

  • SHA256

    9117a83c2d736ce8b3e8493116b62e4a05ab9c7a736f83e59f3166f6fccb83f4

  • SHA512

    1085708ac898b08ab575d14599643bef15a48a0bffb8b6faff1476ffe4cff4133ea5e07e9072af261b7cee2dd6a6e2c2e0f112bed5be5b483113ec9fb4ce27a9

  • SSDEEP

    49152:TEgr4x/gJU1cMM09YcsIV7FjilXlm+Zg3VIcZZw:ThAgJU1c74TV7Fjilw32CZw

Malware Config

Extracted

Family

hydra

C2

http://rubenjohnston.pics

Targets

    • Target

      4d15496267219d11a061ab5c201b4895277afa4d9b75943e61163a184cd50169

    • Size

      2.1MB

    • MD5

      36183b9fbc6480025c1040b7109b2da4

    • SHA1

      3d1d04d28ba4b9f5780f7585f6f7474f419533d5

    • SHA256

      4d15496267219d11a061ab5c201b4895277afa4d9b75943e61163a184cd50169

    • SHA512

      a6c4cf9be4de865b67edac3cee49955d562709ec0e12693eaf6918a647fd166d4ac7113ac1b42e1870e7cb26da9517ef55f2a8f16858661ae799bf906d79104e

    • SSDEEP

      49152:bF+O4Z1FxayrRfkVWaH5pYgcTnZ3tRQq4+gKPb22qzvdb:Z0RRwvYgwVYqkKPbBOdb

    • Hydra

      Android banker and info stealer.

    • Hydra payload

    • Makes use of the framework's Accessibility service.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks