Overview

overview

10

Static

static

7

a579740321...2e.apk

android-9-x86

10

a579740321...2e.apk

android-10-x64

10

a579740321...2e.apk

android-11-x64

10

closebutton.html

windows7-x64

1

closebutton.html

windows10-2004-x64

1

core_wrapper.js

windows7-x64

1

core_wrapper.js

windows10-2004-x64

1

lynx_core.js

windows7-x64

1

lynx_core.js

windows10-2004-x64

1

nd

ubuntu-18.04-amd64

slardar_bridge.js

windows7-x64

1

slardar_bridge.js

windows10-2004-x64

1

slardar_sdk.js

windows7-x64

1

slardar_sdk.js

windows10-2004-x64

1

template.js

windows7-x64

1

template.js

windows10-2004-x64

1

Analysis

  • max time kernel
    3610501s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20230621-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20230621-enlocale:en-usos:android-9-x86system
  • submitted
    08-08-2023 22:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a579740321f64306036e443e4c66ec593c4e447ad7a5c97e26610e4afa0fe62e.apk

  • Size

    3.0MB

  • MD5

    433a4354307147bf6cd3dedaabf04fc6

  • SHA1

    da7209e77124a947756df383f66d3c1fe0e1f56d

  • SHA256

    a579740321f64306036e443e4c66ec593c4e447ad7a5c97e26610e4afa0fe62e

  • SHA512

    26e3cfb378463b8ff852b5c3f1e69eb6c3e3f83b9382440ca02646c2a93be4ecdee90c0e40d9658d1147156ae552ff02fa7a070672014fc4b9023e16120c801d

  • SSDEEP

    98304:Avapba+oXR6opVZjEsQTTHBXvQNIU1IhmS0eOtcZdMtFDMdpxXEjK:Ava1obO9mXeWcZdMIxU+

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Extracted

Family

hydra

C2

http://beedoris.top/

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 2 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • com.card.path
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    PID:4095
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.card.path/app_DynamicOptDex/Uena.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.card.path/app_DynamicOptDex/oat/x86/Uena.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4145

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.card.path/app_DynamicOptDex/Uena.json
    Filesize

    973KB

    MD5

    749623c3396b8a5ee752dc64dbf90d7f

    SHA1

    cff7e27c13d447ec82729963cc6c554e41565481

    SHA256

    6d2f377836f61df4fa7e636a2377cc478a4910fe502266e817631858d3540f48

    SHA512

    5147e4e0ce35330a8342e05f8dc9739fa0de5880b622641c1323130672d7f3b0b0b2c4b3e21edc91ecba56933f6b97bc8463360412d172256b79918f00dabe72

    Download Submit

  • /data/user/0/com.card.path/app_DynamicOptDex/Uena.json
    Filesize

    2.2MB

    MD5

    d24d26e28b34568f56f13135ecf97910

    SHA1

    f04d01c60dd2cc834c568a040ce09494d83f4a81

    SHA256

    273fac0d2cfbd44b15bc50d518d034db0b5ccd0db3724bef690594041baf9c0c

    SHA512

    3751aacfe091eea49ebe60f4fa50fae40e458419f08e35e017d05a30cb126993fba5960b2f8b09e1b4039f147efe8154f3f68d755f094a60961fe7ece139dfaf

    Download Submit

  • /data/user/0/com.card.path/app_DynamicOptDex/Uena.json
    Filesize

    2.2MB

    MD5

    03e60fe75a49d207705dda6c68ce3880

    SHA1

    427cb5c34b6dbcd140e7d0e3990819e20247d347

    SHA256

    8fe4ea7cd83f2e06d86ca7897906523566d1566c7a8447f8df15133109002fe2

    SHA512

    2a6efa31ea624dc6ea7401a71920df77cbe1f685b5d20a2a2570211875a301ba081063fb64bec8c52deaf97b5c498b704312f209352877ee58da4c084a418c6a

    Download Submit