Analysis
-
max time kernel
3518892s -
max time network
145s -
platform
android_x86 -
resource
android-x86-arm-20230621-en -
resource tags
-
submitted
07-08-2023 20:32
General
-
Target
a5ca7aaf8b5324b1414760517bef1517527f952cd1c2fac907c2f83d2e3e4bec.apk
-
Size
2.4MB
-
MD5
1b5f1dfe3bb361d3b49bbe6c257d15b7
-
SHA1
bb2fc3f5a9d83f57170e58e47d77406088ddca45
-
SHA256
a5ca7aaf8b5324b1414760517bef1517527f952cd1c2fac907c2f83d2e3e4bec
-
SHA512
59192b55fb440ccc2d53245b0eaebb5340712d26166ff258a584971ded7c5618d0653f6ac5b78467a8ef5f988397828b4cdcfc8c022e9d16939857c04b4e022b
-
SSDEEP
49152:A5fbH5QSQpB4QczFiziv6WmEcJ0S8o7jEho/TK5OW4N:A5fr63RczwzTnjDgWW5aN
Malware Config
Extracted
hydra
http://flocomonuncomunters.net
Signatures
-
Hydra
Android banker and info stealer.
-
Hydra payload 2 IoCs
-
Makes use of the framework's Accessibility service. 2 IoCs
-
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Reads information about phone network operator.
Processes
-
com.quiz.public1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.quiz.public/app_DynamicOptDex/SFTi.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.quiz.public/app_DynamicOptDex/oat/x86/SFTi.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD5eb6455b79b9d97da49636f52f4115409
SHA1d192c93bf516cd75a1d4926e13c0fb1b64f87ac3
SHA256336d1293dd2e21ea145f437ca387a5c8d2ead20bb6c789335eec2bd161d4de62
SHA512e470c2409b2357e870dfa243075188b3886e7b38096c123146932c1c45b9cd6a1f6390060a9515b928bf74748d3525b4e414e62a210bbea2273195970b31ae3a
-
Filesize
3.6MB
MD5deeb6eceab6ffbb8a6dcfdf431e88a3c
SHA1582b72d9889ca34682b9143b49f3726a44a50e2d
SHA2561b69b56d5059551506af96ce341e10ad0336d169fbe34db1689c3525181bbee7
SHA512727f70077cf9c7b2030b5eb551e00012fc68dd5cb43bacc08a5530c9e0ca896a55870fa657406b08eb6e8a3e4035343217179f88708d5243370546724a24e36c
-
Filesize
3.6MB
MD51495b9ac312e2adad198b70e4b993969
SHA1968fb1cf9bbdd52658f4a136f90ee6fe6c92d448
SHA256fa172aba9fac5e75af6b90703fcbbf08074ff96aa9b1613d534a73bf1de36ad9
SHA512645e9d664f36c486a80e3176e0ab1b8eaf77c74a10ac7c0e568bf79cb91d2c6a48f7a8edf2443e3dcec58873b8cabe6a83ad14ca84df8b350286a9e183f66ce4
-
Filesize
131B
MD52e3a8a7db089f3b8c6ea043179c722dd
SHA1ab26ba04271372cd7443e6ab1f6fe54bdf9d587e
SHA256eee2785751c7e74f3a8f6054453b6907b650192954b4839b9a2e728520fec775
SHA512b110135f2b6c756f468f32053473293b4a15ded57696a368e828d3d82a82aef97a30a3e211f0845eacf2d7131a3a37b15a69ee1a28173f247e3cbe7ebada90b8