Overview

overview

10

Static

static

7

a579740321...2e.apk

android-9-x86

10

a579740321...2e.apk

android-10-x64

10

a579740321...2e.apk

android-11-x64

10

closebutton.html

windows7-x64

1

closebutton.html

windows10-2004-x64

1

core_wrapper.js

windows7-x64

1

core_wrapper.js

windows10-2004-x64

1

lynx_core.js

windows7-x64

1

lynx_core.js

windows10-2004-x64

1

nd

ubuntu-18.04-amd64

slardar_bridge.js

windows7-x64

1

slardar_bridge.js

windows10-2004-x64

1

slardar_sdk.js

windows7-x64

1

slardar_sdk.js

windows10-2004-x64

1

template.js

windows7-x64

1

template.js

windows10-2004-x64

1

Analysis

  • max time kernel
    3610502s
  • max time network
    164s
  • platform
    android_x64
  • resource
    android-x64-arm64-20230621-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230621-enlocale:en-usos:android-11-x64system
  • submitted
    08-08-2023 22:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a579740321f64306036e443e4c66ec593c4e447ad7a5c97e26610e4afa0fe62e.apk

  • Size

    3.0MB

  • MD5

    433a4354307147bf6cd3dedaabf04fc6

  • SHA1

    da7209e77124a947756df383f66d3c1fe0e1f56d

  • SHA256

    a579740321f64306036e443e4c66ec593c4e447ad7a5c97e26610e4afa0fe62e

  • SHA512

    26e3cfb378463b8ff852b5c3f1e69eb6c3e3f83b9382440ca02646c2a93be4ecdee90c0e40d9658d1147156ae552ff02fa7a070672014fc4b9023e16120c801d

  • SSDEEP

    98304:Avapba+oXR6opVZjEsQTTHBXvQNIU1IhmS0eOtcZdMtFDMdpxXEjK:Ava1obO9mXeWcZdMIxU+

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Extracted

Family

hydra

C2

http://beedoris.top/

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 1 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • com.card.path
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    PID:4368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.card.path/app_DynamicOptDex/Uena.json
    Filesize

    973KB

    MD5

    749623c3396b8a5ee752dc64dbf90d7f

    SHA1

    cff7e27c13d447ec82729963cc6c554e41565481

    SHA256

    6d2f377836f61df4fa7e636a2377cc478a4910fe502266e817631858d3540f48

    SHA512

    5147e4e0ce35330a8342e05f8dc9739fa0de5880b622641c1323130672d7f3b0b0b2c4b3e21edc91ecba56933f6b97bc8463360412d172256b79918f00dabe72

    Download Submit

  • /data/user/0/com.card.path/app_DynamicOptDex/Uena.json
    Filesize

    2.2MB

    MD5

    03e60fe75a49d207705dda6c68ce3880

    SHA1

    427cb5c34b6dbcd140e7d0e3990819e20247d347

    SHA256

    8fe4ea7cd83f2e06d86ca7897906523566d1566c7a8447f8df15133109002fe2

    SHA512

    2a6efa31ea624dc6ea7401a71920df77cbe1f685b5d20a2a2570211875a301ba081063fb64bec8c52deaf97b5c498b704312f209352877ee58da4c084a418c6a

    Download Submit