General

  • Target

    E74C08FD6AD250FA63E028CE7801ECA99A460562107CC40727B0FBCA80182196.apk

  • Size

    3MB

  • Sample

    230321-sbcqxadf4w

  • MD5

    b61470b9b40cc8a08b3244ae70a187f2

  • SHA1

    fb5458ab4445ca6fbc77a2197585e4f8a5af0e32

  • SHA256

    e74c08fd6ad250fa63e028ce7801eca99a460562107cc40727b0fbca80182196

  • SHA512

    678b66b4f17f8371a876579ad7e5741c2f0b673f668463a9b714d773231493fb39aaf7dd48eacf848e6483813fc557787dfa350e801605f05662e03a8da6d9f7

  • SSDEEP

    98304:2ejRZZYQi4+v4UakNXRoZq8mrw/JhjH4Ta:XnizLakoX3JyG

Malware Config

Extracted

Family

hydra

C2

http://saygosesgoforesosne.net

Targets

    • Target

      E74C08FD6AD250FA63E028CE7801ECA99A460562107CC40727B0FBCA80182196.apk

    • Size

      3MB

    • MD5

      b61470b9b40cc8a08b3244ae70a187f2

    • SHA1

      fb5458ab4445ca6fbc77a2197585e4f8a5af0e32

    • SHA256

      e74c08fd6ad250fa63e028ce7801eca99a460562107cc40727b0fbca80182196

    • SHA512

      678b66b4f17f8371a876579ad7e5741c2f0b673f668463a9b714d773231493fb39aaf7dd48eacf848e6483813fc557787dfa350e801605f05662e03a8da6d9f7

    • SSDEEP

      98304:2ejRZZYQi4+v4UakNXRoZq8mrw/JhjH4Ta:XnizLakoX3JyG

    • Hydra

      Android banker and info stealer.

    • Hydra payload

    • Makes use of the framework's Accessibility service.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks