General

  • Target

    33c0433f45db19af9273a3be535bfc8901499eaf6771bbf68d146e50315a0910

  • Size

    3.0MB

  • Sample

    230320-mjz9aach89

  • MD5

    7b63a73cedf7b0bc91e1ef383025317f

  • SHA1

    2586791ff2d25166ad739dc31c08c49769bcda0b

  • SHA256

    33c0433f45db19af9273a3be535bfc8901499eaf6771bbf68d146e50315a0910

  • SHA512

    c7dfdb5d4110ac3e435d76d256f0be6dee62a49b075eb1033384a7aee9b3fa845494d3ba37947f26231fe498de410afb0f093da141e16f58a865ad7bfa30fdb9

  • SSDEEP

    98304:sZA3SwZbvscL5gGB8wqGVdwDDguRal/WL3++tIcM3:LgcSGB8LmwXjol/mO+tIcM3

Malware Config

Extracted

Family

hydra

C2

http://taewcfas2s.com.de

Targets

    • Target

      33c0433f45db19af9273a3be535bfc8901499eaf6771bbf68d146e50315a0910

    • Size

      3.0MB

    • MD5

      7b63a73cedf7b0bc91e1ef383025317f

    • SHA1

      2586791ff2d25166ad739dc31c08c49769bcda0b

    • SHA256

      33c0433f45db19af9273a3be535bfc8901499eaf6771bbf68d146e50315a0910

    • SHA512

      c7dfdb5d4110ac3e435d76d256f0be6dee62a49b075eb1033384a7aee9b3fa845494d3ba37947f26231fe498de410afb0f093da141e16f58a865ad7bfa30fdb9

    • SSDEEP

      98304:sZA3SwZbvscL5gGB8wqGVdwDDguRal/WL3++tIcM3:LgcSGB8LmwXjol/mO+tIcM3

    • Hydra

      Android banker and info stealer.

    • Hydra payload

    • Makes use of the framework's Accessibility service.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks