General

  • Target

    8facbeb731fb98cf0983fa113487d226.apk

  • Size

    1.0MB

  • Sample

    230627-q43rpaec46

  • MD5

    8facbeb731fb98cf0983fa113487d226

  • SHA1

    4b0c81406d4c333c393a2b148c30c100da09398f

  • SHA256

    62cf95f6ef0c3d98663b746855ea64e8f436f8e622c57b40abe46b3988d1bc21

  • SHA512

    7584f40b4d61480a5716b2100a0edfffc39c6ffca0734594ae6a2ca5a6fe5deffc2920522684dc07b5da0be7e0cabbeba8dfb29ef9443063b8d1aeb8be586fde

  • SSDEEP

    24576:3PCd+It4D1OjFgdVnba8r403uyQSHnpDGOFEjbe:fq4DAFgdVnbaS4DsHRGOFEjy

Malware Config

Extracted

Family

hydra

C2

http://yfuvubivivuvihih.com

Targets

    • Target

      8facbeb731fb98cf0983fa113487d226.apk

    • Size

      1.0MB

    • MD5

      8facbeb731fb98cf0983fa113487d226

    • SHA1

      4b0c81406d4c333c393a2b148c30c100da09398f

    • SHA256

      62cf95f6ef0c3d98663b746855ea64e8f436f8e622c57b40abe46b3988d1bc21

    • SHA512

      7584f40b4d61480a5716b2100a0edfffc39c6ffca0734594ae6a2ca5a6fe5deffc2920522684dc07b5da0be7e0cabbeba8dfb29ef9443063b8d1aeb8be586fde

    • SSDEEP

      24576:3PCd+It4D1OjFgdVnba8r403uyQSHnpDGOFEjbe:fq4DAFgdVnbaS4DsHRGOFEjy

    • Hydra

      Android banker and info stealer.

    • Makes use of the framework's Accessibility service.

    • Removes its main activity from the application launcher

    • Requests enabling of the accessibility settings.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Matrix

Tasks