Analysis
-
max time kernel
4246762s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20230621-en -
resource tags
-
submitted
27-06-2023 13:49
General
-
Target
8facbeb731fb98cf0983fa113487d226.apk
-
Size
1.0MB
-
MD5
8facbeb731fb98cf0983fa113487d226
-
SHA1
4b0c81406d4c333c393a2b148c30c100da09398f
-
SHA256
62cf95f6ef0c3d98663b746855ea64e8f436f8e622c57b40abe46b3988d1bc21
-
SHA512
7584f40b4d61480a5716b2100a0edfffc39c6ffca0734594ae6a2ca5a6fe5deffc2920522684dc07b5da0be7e0cabbeba8dfb29ef9443063b8d1aeb8be586fde
-
SSDEEP
24576:3PCd+It4D1OjFgdVnba8r403uyQSHnpDGOFEjbe:fq4DAFgdVnbaS4DsHRGOFEjy
Score
10/10
Malware Config
Extracted
Family
hydra
C2
http://yfuvubivivuvihih.com
Signatures
-
Hydra
Android banker and info stealer.
-
Makes use of the framework's Accessibility service. 3 IoCs
-
Removes its main activity from the application launcher 1 IoCs
-
Requests enabling of the accessibility settings. 1 IoCs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
Processes
-
com.grand.snail1⤵
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
- Requests enabling of the accessibility settings.
- Requests disabling of battery optimizations (often used to enable hiding in the background).