Analysis
-
max time kernel
3483406s -
max time network
160s -
platform
android_x64 -
resource
android-x64-arm64-20220823-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system -
submitted
20-01-2023 14:37
Static task
static1
Behavioral task
behavioral1
Sample
481598d7c10e3dfd538e8c21141ab337c2074047227a58f8f639eb374e971cf4.apk
Resource
android-x86-arm-20220823-en
Behavioral task
behavioral2
Sample
481598d7c10e3dfd538e8c21141ab337c2074047227a58f8f639eb374e971cf4.apk
Resource
android-x64-20220823-en
Behavioral task
behavioral3
Sample
481598d7c10e3dfd538e8c21141ab337c2074047227a58f8f639eb374e971cf4.apk
Resource
android-x64-arm64-20220823-en
General
-
Target
481598d7c10e3dfd538e8c21141ab337c2074047227a58f8f639eb374e971cf4.apk
-
Size
2.0MB
-
MD5
9c493810258eeca47b5001fd0c968111
-
SHA1
9461d1a5f6ae935a1ba6bc2d05e76e55ac79f639
-
SHA256
481598d7c10e3dfd538e8c21141ab337c2074047227a58f8f639eb374e971cf4
-
SHA512
7cd767cacd064def4443f21b346b4a78b8573dc760714210eda5f4284a4a236b795e73cc0e2c50f7837693741416007bcf913034dc28dd21a5084099ca68a172
-
SSDEEP
49152:j/j9ArJ/vPFDdpfE/81ZRPRNdoIIVVYG2FrGJ:j/jOxvFz1rRNdobVVYREJ
Malware Config
Signatures
-
Hydra
Android banker and info stealer.
-
Hydra payload 1 IoCs
Processes:
resource yara_rule /data/user/0/com.piano.length/app_DynamicOptDex/uEEipJ.json family_hydra -
Makes use of the framework's Accessibility service. 2 IoCs
Processes:
com.piano.lengthdescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.piano.length Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.piano.length -
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.piano.lengthioc pid process /data/user/0/com.piano.length/app_DynamicOptDex/uEEipJ.json 4418 com.piano.length -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 42 ip-api.com -
Reads information about phone network operator.
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.piano.length/app_DynamicOptDex/oat/uEEipJ.json.cur.profMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
/data/user/0/com.piano.length/app_DynamicOptDex/uEEipJ.jsonFilesize
239KB
MD506c02ab9f5fbb12ec78c0f00b9cd144f
SHA192965fccde619291b2cd21a93d4a22d79b4b9094
SHA25696f1e4cd48ef797a8fc5e740dae6f3a527d0543788d18b967fd8996748241cda
SHA51280c2388fe41ad6791ab7282c396a0fa8414f96a84de0290751b57b87963f4b42f33c6f0e439369cebdc54f4f9fcb8c20ac1cc6b5b2a11b0931d67a2317080cd0
-
/data/user/0/com.piano.length/app_DynamicOptDex/uEEipJ.jsonFilesize
574KB
MD54f7ca869e2a2aa71565ddd0213377ef4
SHA17d36e39122864983eefeae7acda4c5895571aefb
SHA256885da90d332750c7f2fef12a1fc61d9aae32a323b0bd13b2309bbc6ee3f221e5
SHA51270097ab3164541abeb0aa661c7d92a1d4fd1f1b5deb7b605a5e510d7bfd84622f143305846fc6b31be0e5d7015bb56eca7fbf6063e84d840b7cd3bd07a4f500f
-
/data/user/0/com.piano.length/shared_prefs/pref_name_setting.xmlFilesize
131B
MD599906591310ddc26748b3a604ccde036
SHA14826b28d3683a99e10132999778b1f650223a593
SHA256fb6c16987439db4666c0a1493c659ede60609e0413e1f079730368bddc812b97
SHA5125e9061a7485e8d7e196635818a0ce16ec1780f8940255a681492abaf60b7b35b88923a34a95b8c6ee652c3e3f72f8efdf7b7192b69813371980444eded09f82c