Overview

overview

10

Static

static

7

99e0053475...a8.apk

android-9-x86

10

99e0053475...a8.apk

android-10-x64

10

99e0053475...a8.apk

android-11-x64

10

Analysis

  • max time kernel
    3796448s
  • max time network
    175s
  • platform
    android_x64
  • resource
    android-x64-arm64-20220823-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system
  • submitted
    24-01-2023 05:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    99e0053475ecd6a22b0e22b2441f0bf0a407b36be54e7d8220bb284c0bd494a8.apk

  • Size

    3.4MB

  • MD5

    2d21b43e6027134281324f460fc7fc66

  • SHA1

    3d6bf52403c493e92140a52149898bc64f76e359

  • SHA256

    99e0053475ecd6a22b0e22b2441f0bf0a407b36be54e7d8220bb284c0bd494a8

  • SHA512

    029eb7cff7ccf74b93f4667c786ba50320deee4f5c49bbe3ec1ca0bc8a8d0c34038a52931ffce6fa309f6e71fb1771a69f27ba373fc35308abbbaf2254607f97

  • SSDEEP

    49152:5uLlr42cZpvL7zVfiHqF3UzV1cx4ZfWmpPSPWR1m/s6/wLZfuY79S77qF6qW5bMN:5+UvL7zVfticx4ZfHmiEEZfpSKFGVrc

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 1 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • com.glove.nurse
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    PID:4743

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.glove.nurse/app_DynamicOptDex/WSyuNy.json
    Filesize

    1.9MB

    MD5

    2f61c20d6202f0c3f9e07301c0c49c81

    SHA1

    a64d114637d1cdd09941d2ea3d9d7d4c06c5fd55

    SHA256

    2af4ac652af0e7e35f6ed09ba5b6137299b7769a93f426e133773f80f335a576

    SHA512

    4cc63a70e45a3e468480ecde2244265ee8162c9a972dc145b23c4d3d3ecd4aa621afa9e851f7f01692d59ea5bed69115346c52fef1a3cd0bdefdf98f02c73001

    Download Submit

  • /data/user/0/com.glove.nurse/app_DynamicOptDex/WSyuNy.json
    Filesize

    5.0MB

    MD5

    aac2dcd77392344f8dd31f4f01a57ce9

    SHA1

    5c7f8906901da794dc630d37cd9f501d44be6adb

    SHA256

    50ccc8e8c22a41b020f0f991395551f3f0fb683eae4aa88fa9333b4b3fa60a86

    SHA512

    1a9733330cb198be78d147d590a59735d1bcb3f9f56f2134e977b123d15ff81a254a684521cca3f2ec1fa498d64e8a79e5c1f55dd2f4ae62d8074edd8d8472e9

    Download Submit

  • /data/user/0/com.glove.nurse/shared_prefs/pref_name_setting.xml
    Filesize

    131B

    MD5

    542898b9bfd3da36de774b97a7567c3e

    SHA1

    c097ec5dec063a3d4fcc78286a234375e15390c5

    SHA256

    d2ec2d7e4b1d81fa90d0c8d3926724ef6fb982ffbb1c907326ddd3a8c540c8a2

    SHA512

    8caa13aea0b4c67a910ed81d5d6db8ba093ef6c06f84e6d5d8c31c7f002dff1b45de93d3755949664c82ba06d721bfc428a4c11152628f16e14eca479de840b3

    Download Submit

  • /data/user/0/com.glove.nurse/shared_prefs/pref_name_setting.xml
    Filesize

    192B

    MD5

    2e3498365532fa518e0a0f4550f13e28

    SHA1

    e49b87c1fb070052ce7eb6cd10702e13fc5938c2

    SHA256

    7ab4b514d010ad1379b481cf46692d9110d6881995cc5d991934794da771abe5

    SHA512

    d7dbe5c39e67cd8fc5cff60f22542d489870155fc3c83c47d1f1f2c7c4bf8616c57351f7bc55b2a8e0fd11a1735c795b53bb241ecb544fe6e6653d06a17fa87e

    Download Submit