Resubmissions

03-05-2023 10:32

230503-mk88ksgb6t 10

20-02-2023 10:28

230220-mhntvsaa7t 10

20-02-2023 08:04

230220-jyb88ahf3x 10

General

  • Target

    PosteID.apk

  • Size

    1.7MB

  • Sample

    230220-jyb88ahf3x

  • MD5

    a7a4dcc0ea24c8f161a5cb785974f4cb

  • SHA1

    4dd56ed32b32356c62927b0ad1058c60bc63177b

  • SHA256

    03933fedda0104be2fdfc26a8f205657989b7e12a5446b2e754562a4abccd956

  • SHA512

    6ec73e6a1a2b3ea013add66b48c79e60e29f4c1bbc32adfc92c311c57c0f0124bb45a8329fd69e473fc0fa47555df99b34a95cbac6bf506038aaaeb66b348ff9

  • SSDEEP

    49152:EdWaZSz14fSMZ5z6+N+nAcmjdvWqj/R4Gv:C5Zyl0t6+knXm4q94Gv

Malware Config

Extracted

Family

hydra

C2

http://www.firrpxxxcjnnskk.xyz

Targets

    • Target

      PosteID.apk

    • Size

      1.7MB

    • MD5

      a7a4dcc0ea24c8f161a5cb785974f4cb

    • SHA1

      4dd56ed32b32356c62927b0ad1058c60bc63177b

    • SHA256

      03933fedda0104be2fdfc26a8f205657989b7e12a5446b2e754562a4abccd956

    • SHA512

      6ec73e6a1a2b3ea013add66b48c79e60e29f4c1bbc32adfc92c311c57c0f0124bb45a8329fd69e473fc0fa47555df99b34a95cbac6bf506038aaaeb66b348ff9

    • SSDEEP

      49152:EdWaZSz14fSMZ5z6+N+nAcmjdvWqj/R4Gv:C5Zyl0t6+knXm4q94Gv

    • Hydra

      Android banker and info stealer.

    • Makes use of the framework's Accessibility service.

    • Removes its main activity from the application launcher

    • Requests enabling of the accessibility settings.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Matrix

Tasks