Overview

overview

10

Static

static

7

play.apk

android-9-x86

10

play.apk

android-10-x64

10

play.apk

android-11-x64

10

Analysis

  • max time kernel
    844021s
  • max time network
    308s
  • platform
    android_x64
  • resource
    android-x64-20220823-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20220823-enlocale:en-usos:android-10-x64system
  • submitted
    30-03-2023 11:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    play.apk

  • Size

    3.3MB

  • MD5

    495c6f125cdf7000744754939c317dd1

  • SHA1

    67f4772359774348a4571f4f2f5889bdd20eb428

  • SHA256

    17a4c3bf778a3c82506e420151c64978f5bea83bb49947bc2d907bf530ac34e9

  • SHA512

    ecb246d14f46d6e45d89dfe4a9116befbede05d6b623442967e0a6e1f8a51124dbd70c4a0ae07f3f3fdf722a17f39e722690437738e5d635697021c7223c99ef

  • SSDEEP

    98304:/xePnBfIvlnIKjeemBoBqbrPtR6gEElDVn8rMaLWEEADBLxS4H:J0BQyAsKKrPtR6pElpn8waLWEbO4H

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Extracted

Family

hydra

C2

http://fermankaygoscone.com

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • com.dance.vintage
    1⤵
    • Loads dropped Dex/Jar
    PID:4830

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.dance.vintage/app_DynamicOptDex/oat/rKk.json.cur.prof
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • /data/user/0/com.dance.vintage/app_DynamicOptDex/rKk.json
    Filesize

    1.6MB

    MD5

    6939b1e327dfc7fb12a2525048e79629

    SHA1

    9cade1a973fb9d03e9e60725ce729cac6190a5cc

    SHA256

    9268521108da189b2c4056512e79c2c5aca6164f23fac07843aab4480d3893b9

    SHA512

    9e41163f8006a1adea403f06b0cbae0ff67e3d07397487285b57854b7d05f17b12945ec3a9c4af2e6694a7c8a326fe055d54ee13334dbd8b63dc228d04d96398

    Download Submit
  • /data/user/0/com.dance.vintage/app_DynamicOptDex/rKk.json
    Filesize

    4.4MB

    MD5

    93157c4f705712e8b6004b094c808424

    SHA1

    5a31ad317dd28216f71d0caeab8ac1f70c491905

    SHA256

    4794d5481c97abba38e89a265dadbc9625ab004c53ea0c412b51e4b75f0e5dee

    SHA512

    18c8fac3ceaaccaa821c0710a10e84da0b30d011e3ebb2eaa92fca586221a241cb23305d3032b334b104dde4c7fcd7db3c4c7fe2acb85926c158cba95d557907

    Download Submit