Overview

overview

10

Static

static

7

8319695f2a...64.apk

android-9-x86

10

8319695f2a...64.apk

android-10-x64

10

8319695f2a...64.apk

android-11-x64

10

closebutton.html

windows7-x64

1

closebutton.html

windows10-2004-x64

1

core_wrapper.js

windows7-x64

1

core_wrapper.js

windows10-2004-x64

1

lynx_core.js

windows7-x64

1

lynx_core.js

windows10-2004-x64

1

nd

ubuntu-18.04-amd64

slardar_bridge.js

windows7-x64

1

slardar_bridge.js

windows10-2004-x64

1

slardar_sdk.js

windows7-x64

1

slardar_sdk.js

windows10-2004-x64

1

template.js

windows7-x64

1

template.js

windows10-2004-x64

1

Analysis

  • max time kernel
    1845241s
  • max time network
    156s
  • platform
    android_x64
  • resource
    android-x64-arm64-20230621-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230621-enlocale:en-usos:android-11-x64system
  • submitted
    19-07-2023 11:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8319695f2a7a4c2f6050d922dd1760a5e8731064.apk

  • Size

    3.2MB

  • MD5

    e8e83c7e5094b7510e0a738a7fbafd6c

  • SHA1

    8319695f2a7a4c2f6050d922dd1760a5e8731064

  • SHA256

    cd3ff09b5070985a0797738743b1c62233918666b888dc4867cec9aa82cc5505

  • SHA512

    8d4630f89b6e5ed1211d4caff57ef01570860c0b42db1365487e6ec8c86236d756624f9d4a5e924b5558b3134e64a89385705a31ce4dea8f53cc69bd0c616e9b

  • SSDEEP

    98304:ZOh9u96MP1iXw8oHjEdQP6H5XJlNeG+tyD9toGhTWbBGZbRUIb3tgEjk:ZOhQ1qqmlD20Z1hDtdg

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Extracted

Family

hydra

C2

http://91.215.85.203

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 1 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • com.camp.make
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    PID:4385

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.camp.make/app_DynamicOptDex/UtumQ.json
    Filesize

    973KB

    MD5

    0e998c089232c1696b2cb09ffa288c73

    SHA1

    15933c3c68f27851b7653d98448c2690d547d89f

    SHA256

    9d6d36afd649eae6ef499f235335cdd1d765ed7adf2a3fd32e1ecce2a3ff6e2a

    SHA512

    aae8c5ec6f6c8c894a870886471731dd6a841a4bfeeb6b2e67fa801150c73b52ce278f5c87fd80363a141173122ce320ad6ef19a05aed10e06b445b0fc732071

    Download Submit
  • /data/user/0/com.camp.make/app_DynamicOptDex/UtumQ.json
    Filesize

    2.2MB

    MD5

    f9678f76ba4f3ec181a6108a81a0adb6

    SHA1

    af840ad30c50671085a7c692d449ccf41eeaaa49

    SHA256

    91492ad501be4adc17742f00b91e71e28c26d734a0d6fe029febdca3d8af2780

    SHA512

    6d32d18a008fca4ca73e793cacfb9e16bc8cd80dc83d3f43f736f9e49fe6e8512d7513b58a06f7947cea3af88b8cfa9d60734038aca7c90157bd420138e13dd4

    Download Submit
  • /data/user/0/com.camp.make/app_DynamicOptDex/oat/UtumQ.json.cur.prof
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit
  • /data/user/0/com.camp.make/app_apk/payload.apk
    Filesize

    974KB

    MD5

    3baeaa766ea7f31a9147208efd957c75

    SHA1

    c701de3d0e55425394ccbf8e0967639e86f3c54e

    SHA256

    75e162dc291e15d13b0f3202a66e0c88ff2db09ec02922ee64818dbddcb78d6d

    SHA512

    9f3ccb1fc9a177524ba2d39f809be4851af385073463893bd4a8664308253fc0da2b9ab330c85675dbe9ce0c44b631a0d1ec7800491687c7b2540504b351295f

    Download Submit