Overview

overview

10

Static

static

7

4d15496267...69.apk

android-9-x86

10

4d15496267...69.apk

android-10-x64

10

4d15496267...69.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9117a83c2d736ce8b3e8493116b62e4a05ab9c7a736f83e59f3166f6fccb83f4.zip

  • Size

    1.9MB

  • Sample

    230113-yandxaga8s

  • MD5

    04ceb082253fa3b2a0c94318408990d9

  • SHA1

    a0d7cf385bab3c3ce7339ef2f89064804b588e23

  • SHA256

    e2a997ea223ab55f1589588f9d9a4ec4b1998b7c0de983b69be09fca53b1db6e

  • SHA512

    76e85f2b7540773e887c5434f1d75cf8f4f1879ce06caa55769f8485a53f1daf1dcd52df829c971fd0298119b9f4a4eb652b1724d3badbe5b96579967f518e73

  • SSDEEP

    49152:4OCIAhj+MYlgmYLgrnVyuF5bTl1EIWw4Y9v2kRg:4OG5YlghgjB/4Q4YgkRg

Score
10/10
hydraandroidbankerinfostealertrojan

Malware Config

Extracted

Family

hydra

C2

http://tillywinters22.top

Targets

    • Target

      4d15496267219d11a061ab5c201b4895277afa4d9b75943e61163a184cd50169

    • Size

      2.1MB

    • MD5

      36183b9fbc6480025c1040b7109b2da4

    • SHA1

      3d1d04d28ba4b9f5780f7585f6f7474f419533d5

    • SHA256

      4d15496267219d11a061ab5c201b4895277afa4d9b75943e61163a184cd50169

    • SHA512

      a6c4cf9be4de865b67edac3cee49955d562709ec0e12693eaf6918a647fd166d4ac7113ac1b42e1870e7cb26da9517ef55f2a8f16858661ae799bf906d79104e

    • SSDEEP

      49152:bF+O4Z1FxayrRfkVWaH5pYgcTnZ3tRQq4+gKPb22qzvdb:Z0RRwvYgwVYqkKPbBOdb

    Score
    10/10
    hydrabankerinfostealertrojan

    • Hydra

      Android banker and info stealer.

      bankertrojaninfostealerhydra

    • Hydra payload

    • Makes use of the framework's Accessibility service.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks