Overview

overview

10

Static

static

7

481598d7c1...f4.apk

android-9-x86

10

481598d7c1...f4.apk

android-10-x64

10

481598d7c1...f4.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    481598d7c10e3dfd538e8c21141ab337c2074047227a58f8f639eb374e971cf4.zip

  • Size

    1.9MB

  • Sample

    230120-ry5vjabb66

  • MD5

    64b8560d1f0a986b0a824b487e88bd93

  • SHA1

    d7cad07e69d7163fca6a51082a948cdeec90be23

  • SHA256

    5df20525d7148aa46400d10794cb512cfd116bda28bb9b0ba96d07a4b4bb179d

  • SHA512

    c65fb6c14be2b7a0fafe9606c9af07cf83961c2435ed9df42bfb4b91dd36a722ca29e0a602cc63e7c3719507fb316d0bcce3f5ec0d7d6fa16597749ce545ae07

  • SSDEEP

    49152:JjLZDYFvmF6nPveNIpp7cU5mi+WGkJusfm0hHwxNBe:JjlYFeoHp5cU5miGkfm0OI

Score
10/10
hydraandroidbankerinfostealertrojan

Malware Config

Extracted

Family

hydra

C2

http://lanagarza441.lol

Targets

    • Target

      481598d7c10e3dfd538e8c21141ab337c2074047227a58f8f639eb374e971cf4

    • Size

      2.0MB

    • MD5

      9c493810258eeca47b5001fd0c968111

    • SHA1

      9461d1a5f6ae935a1ba6bc2d05e76e55ac79f639

    • SHA256

      481598d7c10e3dfd538e8c21141ab337c2074047227a58f8f639eb374e971cf4

    • SHA512

      7cd767cacd064def4443f21b346b4a78b8573dc760714210eda5f4284a4a236b795e73cc0e2c50f7837693741416007bcf913034dc28dd21a5084099ca68a172

    • SSDEEP

      49152:j/j9ArJ/vPFDdpfE/81ZRPRNdoIIVVYG2FrGJ:j/jOxvFz1rRNdobVVYREJ

    Score
    10/10
    hydrabankerinfostealertrojan

    • Hydra

      Android banker and info stealer.

      bankertrojaninfostealerhydra

    • Hydra payload

    • Makes use of the framework's Accessibility service.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks