Overview

overview

10

Static

static

7

play.apk

android-9-x86

10

play.apk

android-10-x64

10

play.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    play.apk

  • Size

    3.3MB

  • Sample

    230330-nm8khadh6w

  • MD5

    495c6f125cdf7000744754939c317dd1

  • SHA1

    67f4772359774348a4571f4f2f5889bdd20eb428

  • SHA256

    17a4c3bf778a3c82506e420151c64978f5bea83bb49947bc2d907bf530ac34e9

  • SHA512

    ecb246d14f46d6e45d89dfe4a9116befbede05d6b623442967e0a6e1f8a51124dbd70c4a0ae07f3f3fdf722a17f39e722690437738e5d635697021c7223c99ef

  • SSDEEP

    98304:/xePnBfIvlnIKjeemBoBqbrPtR6gEElDVn8rMaLWEEADBLxS4H:J0BQyAsKKrPtR6pElpn8waLWEbO4H

Score
10/10
hydraandroidbankerinfostealertrojan

Malware Config

Extracted

Family

hydra

C2

http://fermankaygoscone.com

Targets

    • Target

      play.apk

    • Size

      3.3MB

    • MD5

      495c6f125cdf7000744754939c317dd1

    • SHA1

      67f4772359774348a4571f4f2f5889bdd20eb428

    • SHA256

      17a4c3bf778a3c82506e420151c64978f5bea83bb49947bc2d907bf530ac34e9

    • SHA512

      ecb246d14f46d6e45d89dfe4a9116befbede05d6b623442967e0a6e1f8a51124dbd70c4a0ae07f3f3fdf722a17f39e722690437738e5d635697021c7223c99ef

    • SSDEEP

      98304:/xePnBfIvlnIKjeemBoBqbrPtR6gEElDVn8rMaLWEEADBLxS4H:J0BQyAsKKrPtR6pElpn8waLWEbO4H

    Score
    10/10
    hydrabankerinfostealertrojan

    • Hydra

      Android banker and info stealer.

      bankertrojaninfostealerhydra

    • Hydra payload

    • Makes use of the framework's Accessibility service.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks