Overview

overview

10

Static

static

7

Google_Play_Store.apk

android-9-x86

10

Google_Play_Store.apk

android-10-x64

10

Google_Play_Store.apk

android-11-x64

10

Analysis

  • max time kernel
    2828800s
  • max time network
    148s
  • platform
    android_x86
  • resource
    android-x86-arm-20220823-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
  • submitted
    13/01/2023, 01:50 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Google_Play_Store.apk

  • Size

    3.1MB

  • MD5

    06cf10298c93ba089b7d6ff8dc83fdb1

  • SHA1

    75bfb5c86bed1e4fa431620163b1707e0645b083

  • SHA256

    75b693bb2da7c3c94ceb07b88ff9bee0dccaad15425e56344e415addbcf3737c

  • SHA512

    2d4508e8d563351ac1699f776b2e632cbfc5f6e967fa1a1a05b9d4098eb3a3b7e7d83400032bb44f0cc1144da1e0e1c1881e249bea9eda0ffece0d3edc7c1bb9

  • SSDEEP

    98304:UvLCmQAVcZff+/baymELAkyzjh4GwnO3WDWMgk:UumQ2cZfG/baymiAkyzj7wnOG5gk

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Extracted

Family

hydra

C2

http://aykomediki.net

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 2 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • com.wagon.track
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    PID:4092
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.wagon.track/app_DynamicOptDex/OdyqAaN.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.wagon.track/app_DynamicOptDex/oat/x86/OdyqAaN.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4186

Network

  • flag-unknown
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
  • flag-unknown
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
  • flag-unknown
    DNS
    infinitedata-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    infinitedata-pa.googleapis.com
    IN A
    Response
    infinitedata-pa.googleapis.com
    IN A
    142.250.179.138
    infinitedata-pa.googleapis.com
    IN A
    142.250.179.202
    infinitedata-pa.googleapis.com
    IN A
    216.58.214.10
    infinitedata-pa.googleapis.com
    IN A
    142.251.36.10
    infinitedata-pa.googleapis.com
    IN A
    172.217.168.202
    infinitedata-pa.googleapis.com
    IN A
    142.251.36.42
    infinitedata-pa.googleapis.com
    IN A
    142.251.39.106
    infinitedata-pa.googleapis.com
    IN A
    216.58.208.106
    infinitedata-pa.googleapis.com
    IN A
    142.250.179.170
  • flag-unknown
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    216.58.208.110
  • flag-unknown
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.251.39.110
  • flag-unknown
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    216.58.208.110
  • flag-unknown
    DNS
    aykomediki.net
    Remote address:
    1.1.1.1:53
    Request
    aykomediki.net
    IN A
    Response
  • 142.250.179.138:443
    infinitedata-pa.googleapis.com
    tls
    1.6kB
     6.0kB
     14
    11
  • 216.58.208.110:443
    android.apis.google.com
    tls
    3.8kB
     7.4kB
     13
    13
  • 216.58.208.110:443
    android.apis.google.com
    tls
    1.9kB
     6.2kB
     9
    8
  • 142.251.39.110:443
    android.apis.google.com
    tls
    1.9kB
     6.1kB
     9
    8
  • 1.1.1.1:853
    tls
    832 B
     3.5kB
     9
    6
  • 1.1.1.1:853
    tls
    958 B
     4.0kB
     10
    9
  • 224.0.0.251:5353
    6.7kB
     22
  • 1.1.1.1:53
    android.apis.google.com
    dns
    138 B
     2

    DNS Request

    android.apis.google.com

    DNS Request

    android.apis.google.com

  • 1.1.1.1:53
    infinitedata-pa.googleapis.com
    dns
    76 B
     220 B
     1
    1

    DNS Request

    infinitedata-pa.googleapis.com

    DNS Response

    142.250.179.138
    142.250.179.202
    216.58.214.10
    142.251.36.10
    172.217.168.202
    142.251.36.42
    142.251.39.106
    216.58.208.106
    142.250.179.170

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    216.58.208.110

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.251.39.110

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    216.58.208.110

  • 1.1.1.1:53
    aykomediki.net
    dns
    60 B
     133 B
     1
    1

    DNS Request

    aykomediki.net

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.wagon.track/app_DynamicOptDex/OdyqAaN.json
    Filesize

    1.6MB

    MD5

    281bbe18016d45aa9798a7fd3d4700f6

    SHA1

    0b342c1a181b9acaa009b0ef8220396d4cef89f3

    SHA256

    1ad48872e0643b81541465070ee063aa115bf6fed538e252f745ae34f574b41b

    SHA512

    600e0a742b475b1ec93095e126befb920a490f90bce605114aea7c11d91a0c4b6a18dfe4a9fe83a5fb8da800bbfec0ca33732e9ce4a4dc5bb9718e57271049ba

    Download Submit

  • /data/user/0/com.wagon.track/app_DynamicOptDex/OdyqAaN.json
    Filesize

    4.4MB

    MD5

    e9613f4e53cd9ec40ef7558f3c2f8e34

    SHA1

    e950b1f9b4a1c83c1077a86a7323e7387a698b9e

    SHA256

    90e9f8565aa494b879b4d4f456271a6fe4950f8bd30a9aa59ee0f5b319680cd7

    SHA512

    94263d6ff74e86e87d828bfb44fae2e8923e09c3318120a69fbbd0b3ab7f9a09b6573d8f47f545096c1e97bbcccde504a73c9f9b686a8d0a460caa5a09e3e476

    Download Submit

  • /data/user/0/com.wagon.track/app_DynamicOptDex/OdyqAaN.json
    Filesize

    4.4MB

    MD5

    5e778fa1b19c3d2f83f4547f9eb1fe3c

    SHA1

    bbeef5360c21685137d05c1a3eadbdf6626eb75a

    SHA256

    cda6b26aa4a8bf4d97933d4cb7d1caf1b537ac2539ed399925927b467fcb29e5

    SHA512

    d5c703400e1d182f7c5a8f575a27b30ed0afdc8029d148700101dc890ea97b683471280f68e9b46462b48b28653486de8bd615cecf7cd67d81df2c8e605fca9f

    Download Submit

  • /data/user/0/com.wagon.track/shared_prefs/pref_name_setting.xml
    Filesize

    131B

    MD5

    ad20ab0a9fe5154e7b17d67957982859

    SHA1

    3f3ac3c2a9ddfa565bbf70807b937a82606dd939

    SHA256

    d4988d33b882339a84c47e097acff8d974a1994f0fb82fe7997ed2711e8611c5

    SHA512

    1a1fff6d355ee1b4d617b12272186a721793e5525ffb44969099ff2985fa68454c07ddc7e7737b8e520be518b5ac7844f0f39663c53f60730ac298aa7d28c571

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.