General

  • Target

    8319695f2a7a4c2f6050d922dd1760a5e8731064.apk

  • Size

    3.2MB

  • Sample

    230719-nxaffsef7y

  • MD5

    e8e83c7e5094b7510e0a738a7fbafd6c

  • SHA1

    8319695f2a7a4c2f6050d922dd1760a5e8731064

  • SHA256

    cd3ff09b5070985a0797738743b1c62233918666b888dc4867cec9aa82cc5505

  • SHA512

    8d4630f89b6e5ed1211d4caff57ef01570860c0b42db1365487e6ec8c86236d756624f9d4a5e924b5558b3134e64a89385705a31ce4dea8f53cc69bd0c616e9b

  • SSDEEP

    98304:ZOh9u96MP1iXw8oHjEdQP6H5XJlNeG+tyD9toGhTWbBGZbRUIb3tgEjk:ZOhQ1qqmlD20Z1hDtdg

Malware Config

Extracted

Family

hydra

C2

http://91.215.85.203

Targets

    • Target

      8319695f2a7a4c2f6050d922dd1760a5e8731064.apk

    • Size

      3.2MB

    • MD5

      e8e83c7e5094b7510e0a738a7fbafd6c

    • SHA1

      8319695f2a7a4c2f6050d922dd1760a5e8731064

    • SHA256

      cd3ff09b5070985a0797738743b1c62233918666b888dc4867cec9aa82cc5505

    • SHA512

      8d4630f89b6e5ed1211d4caff57ef01570860c0b42db1365487e6ec8c86236d756624f9d4a5e924b5558b3134e64a89385705a31ce4dea8f53cc69bd0c616e9b

    • SSDEEP

      98304:ZOh9u96MP1iXw8oHjEdQP6H5XJlNeG+tyD9toGhTWbBGZbRUIb3tgEjk:ZOhQ1qqmlD20Z1hDtdg

    • Hydra

      Android banker and info stealer.

    • Hydra payload

    • Makes use of the framework's Accessibility service.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

    • Target

      closebutton.html

    • Size

      981B

    • MD5

      c8efa039f4f84b2705a8e3a3b31da61c

    • SHA1

      669749429feda1599c4ee980cfd67fbb1a54c1a4

    • SHA256

      494693c2ac56ecac1a2588c25631e1bf71211fb0f06108649a983c879315b1aa

    • SHA512

      db6c9817469c937a41eedbbbdaeb21a0860fa5228258978fe59d29c75ab1497b8d1a0ceaae2b236206d6935e186deaf0d83a73791658fa68a985dfc5c314aed2

    Score
    1/10
    • Target

      core_wrapper.js

    • Size

      5KB

    • MD5

      2558e92bdb03c3e4685d4320a7cbe715

    • SHA1

      9feff7ec75024ba6d9753ea233ffbe0b7bc04bf7

    • SHA256

      99a17d18531953e748103eb021738a42eb9fe675532a4d42441d3bc34e048bc8

    • SHA512

      83409561241255be24558f6b238f1687ea7f703d6950a8ad54ff4c50aa9c62af490b74e9b60379ff074b92942bf4752a653a19c4da2b554ac59ecfa0f5fad9f3

    • SSDEEP

      96:MIn5NKjaILnYJX+myXjfaw17BLyHjLAHIIJUU/AUYYg8InG+d:N5NKjDrYJX+my7aw17UHjLAHIIJUUAW8

    Score
    1/10
    • Target

      lynx_core.js

    • Size

      179KB

    • MD5

      e7cfc2c0ca21ac6ed87869dbaf29afda

    • SHA1

      b4db4af75b92b08408c8f0b9d9ac5ddd32d80b1d

    • SHA256

      015c037a7efc9b28b6a55c6b1c18c1b71fed16e3ee1e630dd45906864ad709ec

    • SHA512

      a51e1247a451d0f12872455d2425771a7ba335c79630ccb7e423c4cdbfb48be7b6402c7283602c812930d46f562999edef809e5215516c5f4e89bf3037d2455f

    • SSDEEP

      1536:te01PJrNd3xF5KPIL0B/8kX9RHytxM9+Wn3Ocm3RzC4+KmbDEyJ7NRIY36Sq+HzM:3RJrZztUKC4+HIfSqL414T

    Score
    1/10
    • Target

      nd

    • Size

      6KB

    • MD5

      f6c6587ac2127318e57df26f29f9d92e

    • SHA1

      b68b68ee5b2aa52d0e93a795ee83d0084eb3b4f1

    • SHA256

      5a2c00182af9b6062876f1ebf9076a4f53bd78da5d59bcc8a9e51ffc0eb93a59

    • SHA512

      3465e098e7c9f00873375c156d97417c6ae0328fbaab33796e498edf05f6b917cb2de31eea6a9b2b76c0c4798aca0aadb6b211e5c06563d637ce5220b3e30700

    • SSDEEP

      96:BxEnFiv6dMo0mqOoLR9ooXo7GUGcbhWVevATWJ4:YnFi6eo0mqOovooXo7G2bhB8v

    Score
    1/10
    • Target

      slardar_bridge.js

    • Size

      3KB

    • MD5

      cc0a24c68fce308319dbb627a0836a35

    • SHA1

      a19813e37b11803b940d9cc636aa9fa6510e42de

    • SHA256

      751c84bc61085dd3baecfe3a51dd3d2f175ca3c5bd61f0c6bdac0817120a4e79

    • SHA512

      576f30fca86a1bae7f4fd401c893685472395c39beef7cd0a5b1fe2010d594b77541187e6bf94e50cb477e4c8761af1fd557ddb0a61d2890436d1b7b79e10181

    Score
    1/10
    • Target

      slardar_sdk.js

    • Size

      51KB

    • MD5

      adc5dbfdfc9c87ce72f6f73f1809fd7b

    • SHA1

      3b4233e9e367096cca64ba489172329af9887c4c

    • SHA256

      5ca3eec94dec06c18431512cbcdcf3d920ce25cbc2774b498f8a1f41d1216027

    • SHA512

      55e0a7f94f9e7816722b4cfa91f395bf5e418274f0a06b696dbd237f95e45e6da271fd10df21981548dec0fe008c23850eeeeace7752aad2a528dff740c1526b

    • SSDEEP

      768:x8Z9bbDO4P6/JkK3eqB/jYYzVpKmeu8E3B/6d0:xOW/mK3/jY2

    Score
    1/10
    • Target

      template.js

    • Size

      131KB

    • MD5

      dc81f87fea004f156041a43a941d1283

    • SHA1

      f9877561bcf371421a8672453f5f492a4595813d

    • SHA256

      54f4fdc9885db4ad3e66e623b5e79e2f9ca0b842cb8facd3c38e108cee1cc6d6

    • SHA512

      efe4c1bcd913ab08307032f75f7f03db48fa2b4ee0a18c33cd2463cf0a49d81f9d766c0d628fe170e94e43fef3d488a6a3fb1309b78bc40b0c2ee3aac24febcb

    • SSDEEP

      3072:NUhk+e1Iif77WeCtQC13g/gpMmlOFsy4rU1vxC/u:keCtQC6/ywFB4KE/u

    Score
    1/10

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Tasks