General
-
Target
E74C08FD6AD250FA63E028CE7801ECA99A460562107CC40727B0FBCA80182196.apk
-
Size
3.4MB
-
Sample
230321-sbcqxadf4w
-
MD5
b61470b9b40cc8a08b3244ae70a187f2
-
SHA1
fb5458ab4445ca6fbc77a2197585e4f8a5af0e32
-
SHA256
e74c08fd6ad250fa63e028ce7801eca99a460562107cc40727b0fbca80182196
-
SHA512
678b66b4f17f8371a876579ad7e5741c2f0b673f668463a9b714d773231493fb39aaf7dd48eacf848e6483813fc557787dfa350e801605f05662e03a8da6d9f7
-
SSDEEP
98304:2ejRZZYQi4+v4UakNXRoZq8mrw/JhjH4Ta:XnizLakoX3JyG
Malware Config
Extracted
hydra
http://saygosesgoforesosne.net
Targets
-
-
Target
E74C08FD6AD250FA63E028CE7801ECA99A460562107CC40727B0FBCA80182196.apk
-
Size
3.4MB
-
MD5
b61470b9b40cc8a08b3244ae70a187f2
-
SHA1
fb5458ab4445ca6fbc77a2197585e4f8a5af0e32
-
SHA256
e74c08fd6ad250fa63e028ce7801eca99a460562107cc40727b0fbca80182196
-
SHA512
678b66b4f17f8371a876579ad7e5741c2f0b673f668463a9b714d773231493fb39aaf7dd48eacf848e6483813fc557787dfa350e801605f05662e03a8da6d9f7
-
SSDEEP
98304:2ejRZZYQi4+v4UakNXRoZq8mrw/JhjH4Ta:XnizLakoX3JyG
Score10/10-
Hydra
Android banker and info stealer.
-
Hydra payload
-
Makes use of the framework's Accessibility service.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Requests enabling of the accessibility settings.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Reads information about phone network operator.
-