14dd0f1d003e750ca313734048a3c9f6c1ccc3625786252ccc55d577c058f910

Sharing

Copy URL

Twitter E-mail

General

Target

hydrogen executor by hydrogenexecutor.com.apk
Size

124.5MB
Sample

230707-hgx9pagg4t
MD5

3e7f87ff8fba7c78349284a6f4b9838b
SHA1

7d3f3b9cf7834b490f4ebfd7b714de5ba7ac67cb
SHA256

14dd0f1d003e750ca313734048a3c9f6c1ccc3625786252ccc55d577c058f910
SHA512

80353030f1cb0d8752134870e9a70932058c967a1865f9261fb83e22f4a4756b9770dc4b0327da5181ff4ad4da042da3249460d808411b73e1d56616c09a05f0
SSDEEP

3145728:Nyk+EG1uBL7h2wHneKYIoiNi37jLO0t7jEOc4/uQ7Yt:NKE/R7dHeONc7jLO09cqYt

Score

8^/10

Malware Config

Targets

- Target
  
  hydrogen executor by hydrogenexecutor.com.apk
- Size
  
  124.5MB
- MD5
  
  3e7f87ff8fba7c78349284a6f4b9838b
- SHA1
  
  7d3f3b9cf7834b490f4ebfd7b714de5ba7ac67cb
- SHA256
  
  14dd0f1d003e750ca313734048a3c9f6c1ccc3625786252ccc55d577c058f910
- SHA512
  
  80353030f1cb0d8752134870e9a70932058c967a1865f9261fb83e22f4a4756b9770dc4b0327da5181ff4ad4da042da3249460d808411b73e1d56616c09a05f0
- SSDEEP
  
  3145728:Nyk+EG1uBL7h2wHneKYIoiNi37jLO0t7jEOc4/uQ7Yt:NKE/R7dHeONc7jLO09cqYt
Score

8^/10

banker evasion ransomware
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
  banker
- Acquires the wake lock.
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Reads information about phone network operator.
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1
- Target
  
  SourceSansPro-Black.ttf
- Size
  
  144KB
- MD5
  
  87dc85e3e9a6074a802e9e3d5838d492
- SHA1
  
  dd37654546cc7f8247066b3615c700ae0d6bc6e8
- SHA256
  
  79d2b0ee70a30cae611bb9cbbc9a473491c0f8a416f4a5c085ae3a4daa171381
- SHA512
  
  6a6d44979a82cde5d2fe1ee12cbeb50ae0f7c7a26e4e4bf7f3bc8da61f0b5390e085bead40ccdb2e4bfb7a97c79bc7cda92c2579227d56c4de8e0466fd30d8ce
- SSDEEP
  
  1536:x4w7z7lByvmK9VzcP8209Wqw1oaoSv5mKt9fq/M9jGUDUvrx3A:tX7y/9VYP8N+oAm/ZL6
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral2 behavioral3
- Target
  
  SourceSansPro-Bold.ttf
- Size
  
  145KB
- MD5
  
  5c6c404eca1aa7c5951e05d7f2cf40eb
- SHA1
  
  03f8b924b69a71043379a7db9e940d98a1c2ba86
- SHA256
  
  5635ab88dda8bbd76e60e076cf2403094f3c4397f4358a42e66153514d8ef01b
- SHA512
  
  9675705d2ec4cce66389aaaa00aebf61d5d6d7733d5c21e29a4b8ee688ff84baa8635a5451f56eb586ebd5e4a9f6f092450665e27d59fee18978799c863aee75
- SSDEEP
  
  1536:/HwzHai/XU1soci0S8um6g2bY6ygdJ5mit9fyyqXIRN7PUDUvrxG2f:/g3/Isi0S8um6g2bBym+yw+PLhf
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral4 behavioral5
- Target
  
  SourceSansPro-Light.ttf
- Size
  
  146KB
- MD5
  
  b2e90cc01cdd1e2e6f214d5cb2ae5c26
- SHA1
  
  bae12c1d7c8d38f88ac5566ea3b3a97c9f5ac446
- SHA256
  
  b013d99044fd95864c10bc2926e1afa2850a5a9836f136ee556fafd48c4ea76f
- SHA512
  
  738823876ea34fa930814207d67cb89403ff12707c6cb442e891246ca241a0a0fa0f87563cb3f7e997d4f3a8287654a3383e509d772e10235e18c13c4a2f5d0b
- SSDEEP
  
  1536:MzJqmqo+igA8IeyOzsxbJqXDsy0/AerJzZqkYH505mkt9f/AXudab5UDUvrxHF:cJqmkXzYbasy0/AeJzQHyJcL3
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral6 behavioral7
- Target
  
  SourceSansPro-Regular.ttf
- Size
  
  146KB
- MD5
  
  6d5fb3bbd44e62762d34bf6666ee2242
- SHA1
  
  3dff4e088cb3c8dad0ff0de911fad806deb19422
- SHA256
  
  663ef53f7e08c49a2f8630e3e15544dda9e77af60aad69817f744fafe0520b33
- SHA512
  
  ee97e6cb4b6252aaa341b3c71b564b433b96c7e847ffacf29648f78ac5d9e26299d42a85d79b3849fe63f7b8cb915ca99e3795433440ee902136678fb8fd031e
- SSDEEP
  
  3072:JQ+2UeE8BeUgAxK9asC6yW1SIuUWeRFLX:fz8BeUgAxK97QIUeT
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral8 behavioral9
- Target
  
  SourceSansPro-Semibold.ttf
- Size
  
  146KB
- MD5
  
  52984b3a4e09652a6feee711d5c169fd
- SHA1
  
  f08e28d10c1bfe92543416e30b59620942859696
- SHA256
  
  ad9bf535fc18d27ba929b766058bf5381649bc3d9092232c00e069f420054232
- SHA512
  
  5d65d57f50064887df4ad277552013d6ed70726270ef3af7a76d66b7333b9cae091d32fca57b326c1104b6dc195a91b5f42b6d6e1e3e1284ad297bfef8600095
- SSDEEP
  
  1536:VezBjey9HbtoD6yu4qmD/uiqNOUyBVtrm17Mxxh5mwt9fCmfVk4JUDUvrxbr:MBT7yu4/uiqNEHtrgI/zKNaLF
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral10 behavioral11
- Target
  
  cacert.pem
- Size
  
  211KB
- MD5
  
  e7cf471ba7c88f4e313f492a76e624b3
- SHA1
  
  c9ce28427c32cc9144871b92eea0557f95c7d070
- SHA256
  
  fb1ecd641d0a02c01bc9036d513cb658bbda62a75e246bedbc01764560a639f0
- SHA512
  
  08cd35277bf2260cb3232d7a7ca3cce6b2bd58af9221922d2c6e9838a19c2f96d1ca6d77f3cc2a3ab611692f9fec939e9b21f67442282e867a487b0203ee0279
- SSDEEP
  
  6144:vcRqZx9NSaNI6Fd4tL52dTOgSQh1hV1AqZ:vc8nHW6f4tL5mO41hXAqZ
Score

3^/10
behavioral12 behavioral13
- Target
  
  fingerprint.txt
- Size
  
  33B
- MD5
  
  0000f105fcad7523e852996d4a11bfdc
- SHA1
  
  54f6ebf0837db5d0eecb2b5bb4627fdc5b662b6a
- SHA256
  
  f4b7e1cb20621bcd048216dd06861d31baed821b607cad3dbbe72c017d368d6a
- SHA512
  
  b4b51a18eaa0e5376deb9e18d628085f0a9bd9dbd6db186f902dd207497af38d938b185025e1d7dc2c5053cee67de0e03495486a8071c661d75cc23e9dcfbcd6
Score

1^/10
behavioral14 behavioral15
- Target
  
  main.1.com.roblox.client.obb
- Size
  
  70.1MB
- MD5
  
  af5360f0d1b84c58c0970d9c1ea6d1e4
- SHA1
  
  8c119264fd1ce6e9a8aa2490c5e2aacd6c85759b
- SHA256
  
  280961cd36100f26639de68802f539346862f51a004e4c17ded2b1f4597e23f5
- SHA512
  
  ea87a85bae22da41294394c36e9a9455750ef9b330ea9ddeaaef8565e2e4c6deae74a36b7c7476d22d7dea6c7406e9179c6634089e1ee84c9974d9bb6ef39fb5
- SSDEEP
  
  1572864:nn49Z9pWdkp9XR8LB6qT0ihVgb+iUlLzgWEs2UX2BDKkFH66R8O0:nMZ9pWdIxR2x+b+BdgWEYJUa7O0
Score

5^/10
- Drops file in System32 directory
behavioral16 behavioral17
- Target
  
  ExtraContent/LuaPackages/Packages/_Index/UIBlox/UIBlox/App/ImageSet/ImageAtlas/img_set_1x_1.png
- Size
  
  145KB
- MD5
  
  69912dd613b3cd328ff4a21fe0f627a1
- SHA1
  
  653c612ca63a2b1c97d9961fe6b43be57396a003
- SHA256
  
  c29ebbec79b9834b96f6d246baa15e1f04a269f63134c7e4e13c328a947efc88
- SHA512
  
  705e11cd5f87af406bf72daa01e88add5c6afa3b8ef6c643ca091bd17db395c2e07fd392c04e407e0fff7bdd1e8c45fb7cd3f224d4e04d1e9ce8f61164a83705
- SSDEEP
  
  3072:RmwaCxqAkNVT7xFKxllZYY9xR9iDnEtX3PJrVI+crf9JpQ4UO0z9:RvzqA+VTFcxX6vbS3b1c79J24UZR
Score

3^/10
behavioral18 behavioral19
- Target
  
  ExtraContent/LuaPackages/Packages/_Index/UIBlox/UIBlox/App/ImageSet/ImageAtlas/img_set_1x_2.png
- Size
  
  168KB
- MD5
  
  92bf0c312ea6406ab9e1070721f3b702
- SHA1
  
  8db25434712a1928f6068b4e37e17d21a95efc79
- SHA256
  
  0dcb730b3d2fc2e3e3afd7c2411a1acaf4d349730bca251c29d63fdec5b843d1
- SHA512
  
  e0a3f83e96d521522542ce3f6ded828cd8dbc19c119bedfe5846288b8a8345423e8404df704d893f0d584e93560828a920ab63e92dc9b5e0814ba7bed2cd7715
- SSDEEP
  
  3072:D3i8p/Bx9nDpGMwufFix1446QF2BGzfgXwjdOLPwgd2Yav5fdAMs2besKWtuCVtM:/1Bx9n1aufFixJ6QS0fSTwgqvnAfbsfU
Score

3^/10
behavioral20 behavioral21
- Target
  
  ExtraContent/LuaPackages/Packages/_Index/UIBlox/UIBlox/App/ImageSet/ImageAtlas/img_set_1x_3.png
- Size
  
  138KB
- MD5
  
  5425a975db89ea27e26d3f3aaa47c1a9
- SHA1
  
  b6fa19e6137bb1e475e8b89b43d3eb84ca2d1369
- SHA256
  
  631c034071d73b5b0bc05b35ba824fddeb7235c5bd0ac8b34f6bb32c02b22da3
- SHA512
  
  4b74dd4216b0ee26bfbe9dfe4b5b609e652b6437ad97de3d1bc835e693d5c5f347b42f9b4340cd9a577db5489277829ede7b4d4b5e02fbfaec980ff51ea56e56
- SSDEEP
  
  3072:UcR9lVRWSchx/pT0MKAZ4CLlwLLQKuUCMnu4FP5257gBRFwlTDA:UuZcPmMxZ4Kw31vzuW2gJ
Score

3^/10
behavioral22 behavioral23
- Target
  
  ExtraContent/LuaPackages/Packages/_Index/UIBlox/UIBlox/App/ImageSet/ImageAtlas/img_set_1x_4.png
- Size
  
  197KB
- MD5
  
  a3f5a6129d8a217e2edec50f0dd283e9
- SHA1
  
  9b32cc109a2e39c441baf372113a88d3387ea876
- SHA256
  
  0683514fedea2f5924be9cd4912508fd8da3c08e51e39ab4c338eaaa2737ade0
- SHA512
  
  5153c5b6a0d848a091a96f5f0ec9ccddbe54c2c3e6622b062d6731a408790259c3ffc558b7bbeda70a1278f589d1cf658e4c4255cddc046b6f9b156cc8688675
- SSDEEP
  
  6144:UEjH9Mt8XZPnT9e3Znc8lruXJg4RfmncOAnW:U4KyNTGvlrkUeW
Score

3^/10
behavioral24 behavioral25
- Target
  
  ExtraContent/LuaPackages/Packages/_Index/UIBlox/UIBlox/App/ImageSet/ImageAtlas/img_set_1x_5.png
- Size
  
  244KB
- MD5
  
  69bca210cab50b6898e6117776141d64
- SHA1
  
  a5195b53c27f76cffd8fc6fa5ba46c28a8af042e
- SHA256
  
  37985251d0bae1fc1f7174d56195c0f2f5f0c4e873a63fd8919b83088cbbab0b
- SHA512
  
  b7b4e8ea71de42c8baecefbeb18c4bb81f266fac951e857509b7830edcd466461df2eff252c33e45c39a2686ad54d951636c622761e8236d9b754cd1750a9405
- SSDEEP
  
  6144:1i6L5w8ThFywCPRFZBvXmHnYxsYWn9t3Gl1JGur07nx/pMn:860wClxs7tW/JGWIq
Score

3^/10
behavioral26 behavioral27
- Target
  
  ExtraContent/LuaPackages/Packages/_Index/UIBlox/UIBlox/App/ImageSet/ImageAtlas/img_set_1x_6.png
- Size
  
  83KB
- MD5
  
  4ef6d5dac0fe50950ced52063b9d971b
- SHA1
  
  e346286309d7e4f13782a27c7328920451ffaa84
- SHA256
  
  f2989d4920eb1fd62bd558f0210717b1523fa77f66b77af69389d7e0a97afe82
- SHA512
  
  fbb76edf4ba14c0876a1479610a6d991c7773982c12f89f15228b22fd29de3352ed1814a4846bc0d4a2eab32715f9e726e0ac191dea716067d82b2a4ba8438fc
- SSDEEP
  
  1536:i+d+qWApx9VupewzVZ5tkOwvujDmeKkfawx/1EZbIlBeUyejsbLi8sAM:rWoHGVZtDm1a7lUUlQUyejsbLV9M
Score

3^/10
behavioral28 behavioral29
- Target
  
  ExtraContent/LuaPackages/Packages/_Index/UIBlox/UIBlox/App/ImageSet/ImageAtlas/img_set_1x_7.png
- Size
  
  54KB
- MD5
  
  095b982155246a4e67d39050a444d767
- SHA1
  
  1e8a7b90b1c36509e65e4b287a9f364136db8d11
- SHA256
  
  e929aae96dc154e00cace22db81c9616d25b2535af87af4e8b498f4fed8ee86f
- SHA512
  
  3aa1bbe3d53592372bc52f1513d02f0be4c20164c0d96d18d9da7b7d77a925bb6f85b55085e80e5afb8c699b8c3d16b36bf404f722f29bb9833472bbd0dcc5c4
- SSDEEP
  
  1536:jyJcwgjNhtENV9XhM7DRrWSUxdgc7JV03UUqw:YcwgrtEBi5Wjd503U/w
Score

3^/10
behavioral30 behavioral31
- Target
  
  ExtraContent/LuaPackages/Packages/_Index/UIBlox/UIBlox/App/ImageSet/ImageAtlas/img_set_2x_1.png
- Size
  
  69KB
- MD5
  
  1199f02fd258b6d6bb0c8e3efff54b8f
- SHA1
  
  7bd32f0f1d25ad128f0eb8a5de058b3a617eb2d0
- SHA256
  
  1b3445f74b93cc764a4f1129323bf67e753d12733d7cf079d664a0d886d2344b
- SHA512
  
  5fbdd308d427290d42e2f8ae1990640bb0dece08d2ba42c07de8472c4fc62684b118e2fc490e3dc800cafeb13f480a8d96ec19009b6dc1b5ab6e0c8fed972036
- SSDEEP
  
  1536:AawFADn8yRCAd7BoB4pZ5+uYJPogWuRnIgxD8y0k6BR4Nlhb6S:Bn8yRXdVoyD5cFogWuRntR8y0kwK
Score

3^/10
behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Targets

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

Acquires the wake lock.

Checks Android system properties for emulator presence.

Loads dropped Dex/Jar

Reads information about phone network operator.

Removes a system notification.

Uses Crypto APIs (Might try to encrypt user data).

Checks computer location settings

Checks computer location settings

Checks computer location settings

Checks computer location settings

Checks computer location settings

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32