Overview

overview

10

Static

static

7

b6b59a54d6...0e.apk

android-9-x86

10

b6b59a54d6...0e.apk

android-10-x64

10

b6b59a54d6...0e.apk

android-11-x64

10

callout_11_shadow.xml

windows7-x64

1

callout_11_shadow.xml

windows10-2004-x64

3

callout_7_overlay.xml

windows7-x64

1

callout_7_overlay.xml

windows10-2004-x64

3

callout_8_overlay.xml

windows7-x64

1

callout_8_overlay.xml

windows10-2004-x64

1

callout_cloud.xml

windows7-x64

1

callout_cloud.xml

windows10-2004-x64

3

callout_de...le.xml

windows7-x64

1

callout_de...le.xml

windows10-2004-x64

3

callout_shape_2.xml

windows7-x64

1

callout_shape_2.xml

windows10-2004-x64

3

callout_shape_4.xml

windows7-x64

1

callout_shape_4.xml

windows10-2004-x64

3

callout_shape_5.xml

windows7-x64

1

callout_shape_5.xml

windows10-2004-x64

3

callout_shape_6.xml

windows7-x64

1

callout_shape_6.xml

windows10-2004-x64

3

help.htm

windows7-x64

1

help.htm

windows10-2004-x64

1

help_cs.htm

windows7-x64

1

help_cs.htm

windows10-2004-x64

1

help_de.htm

windows7-x64

1

help_de.htm

windows10-2004-x64

1

help_es.htm

windows7-x64

1

help_es.htm

windows10-2004-x64

1

help_ru.htm

windows7-x64

1

help_ru.htm

windows10-2004-x64

1

help_uk.htm

windows7-x64

1

Analysis

  • max time kernel
    3518890s
  • max time network
    145s
  • platform
    android_x64
  • resource
    android-x64-arm64-20230621-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230621-enlocale:en-usos:android-11-x64system
  • submitted
    07-08-2023 20:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b6b59a54d67199717390a8f67751019b65be5aa791c2a605a564c897e21fe90e.apk

  • Size

    1.2MB

  • MD5

    cf050524e311430413cf6e4f5bf4fd80

  • SHA1

    bfdd6b22fd8c0a418212e4d1fc4c3009c55d070f

  • SHA256

    b6b59a54d67199717390a8f67751019b65be5aa791c2a605a564c897e21fe90e

  • SHA512

    bbe5b0f0c572205f59071a53532a24b50d236b14aca7c0a8e76b75cfa2f1ded6764e376ed1138651bf6b9cf3d6e89399d6848084cc8135c9db3a37ca8bdd082e

  • SSDEEP

    24576:ykkkrRUhjjjiXC5p4RsRbfPJkxq5vKVMHzlnhJV3YY/DNXl:BRAjOCPRb3JkivKVIlnhJV3Fl

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 1 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • com.excite.vacuum
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    PID:4333

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.excite.vacuum/app_DynamicOptDex/yuUS.json
    Filesize

    239KB

    MD5

    6db6360030535dbe7a25ec31f8d52e63

    SHA1

    7ca25dc4af543a29741dc609bb3486237be705e2

    SHA256

    bafd568eec04acdc89bb01ec6dd1dba0ca484487caa4b4f6c6aa80307d2483d0

    SHA512

    e5762d9f170d14b9391ef9881a13a402eba50de18e296e5010fd1b98634ba6944ea1066b5d4fbc2ef5499a067945cb2188962ebed1b600dea5e1deea909c133f

    Download Submit

  • /data/user/0/com.excite.vacuum/app_DynamicOptDex/yuUS.json
    Filesize

    574KB

    MD5

    291a7fd599d7c94b8fb85a58b2326c79

    SHA1

    76c8563b0aab60d1333a836b4e7168bc243479b2

    SHA256

    18be2e790a556f4bd49aad5abcb389fde7eeb2d6ebbd523f3a42b33c4adfe29f

    SHA512

    c93464a8fd4104205ed94004520954ad706c8125463782d4e34a34d95146b4501b292a62a5df06c8e07d92de70914693c9c6747a3d52368bcacd34c301d215bb

    Download Submit

  • /data/user/0/com.excite.vacuum/shared_prefs/pref_name_setting.xml
    Filesize

    131B

    MD5

    ff265a24ded510a8b46eeed41072a953

    SHA1

    7e3309d420d2d63511634c29942d5f2ac42a74c1

    SHA256

    183692e06996cd4e412a2b808bb088a25503776e37ea0a52e2280c071201a497

    SHA512

    48edfd3052193daac62288c7f7dbfbc1ab65e2136243eb603d0f723295ebbcc257cd382866164e1a2706eed7e970ecbb9d2d4709c9144f3542c34ecd53f42ee8

    Download Submit