hydra | c0e391e254b74359896d287069883652a4b8bfd9ce2fd20a3cd7b441e1cbd600

Analysis

max time kernel
1934761s
max time network
156s
platform
android_x64
resource
android-x64-arm64-20230621-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230621-enlocale:en-usos:android-11-x64system
submitted
20-07-2023 12:39

Target

CommerzbankSecurity.apk
Size

1.0MB
MD5

cd36a045167b2cebc77f7b28b00309f1
SHA1

b7388ff67adeedc64cea4a6592e69aef474e21b8
SHA256

c0e391e254b74359896d287069883652a4b8bfd9ce2fd20a3cd7b441e1cbd600
SHA512

6a63699dd59ec9f87c8ebc56d022c884d5f738b06d6c9c83a32e1b7c43734030ab6e9acf1e7685015511da327462f6d96394ff4007dbff147dfaf1228c6781c1
SSDEEP

24576:v6MQbH1tTcl/3lLqU3jhV5ZpjLdsmxaire/3OB77FARDEjGiv:CM+H7Tcl/3YUzhVpjBdxJrsOMVEj5v

Score

10^/10

Family

hydra

http://213.226.123.27

Makes use of the framework's Accessibility service. 2 IoCs

Processes:

com.grand.snail

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.grand.snail
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.grand.snail

Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

49 ip-api.com
Reads information about phone network operator.

flow	ioc
49	ip-api.com

com.grand.snail
1⤵
- Makes use of the framework's Accessibility service.
PID:4486

/data/user/0/com.grand.snail/app_apk/payload.apk
Filesize
974KB

MD5
3baeaa766ea7f31a9147208efd957c75

SHA1
c701de3d0e55425394ccbf8e0967639e86f3c54e

SHA256
75e162dc291e15d13b0f3202a66e0c88ff2db09ec02922ee64818dbddcb78d6d

SHA512
9f3ccb1fc9a177524ba2d39f809be4851af385073463893bd4a8664308253fc0da2b9ab330c85675dbe9ce0c44b631a0d1ec7800491687c7b2540504b351295f

Download Submit