Overview

overview

10

Static

static

7

c92acc3e0c...c7.apk

android-9-x86

10

c92acc3e0c...c7.apk

android-10-x64

10

c92acc3e0c...c7.apk

android-11-x64

10

closebutton.html

windows7-x64

1

closebutton.html

windows10-2004-x64

1

core_wrapper.js

windows7-x64

1

core_wrapper.js

windows10-2004-x64

1

lynx_core.js

windows7-x64

1

lynx_core.js

windows10-2004-x64

1

nd

ubuntu-18.04-amd64

slardar_bridge.js

windows7-x64

1

slardar_bridge.js

windows10-2004-x64

1

slardar_sdk.js

windows7-x64

1

slardar_sdk.js

windows10-2004-x64

1

template.js

windows7-x64

1

template.js

windows10-2004-x64

1

Analysis

  • max time kernel
    3610651s
  • max time network
    144s
  • platform
    android_x86
  • resource
    android-x86-arm-20230621-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20230621-enlocale:en-usos:android-9-x86system
  • submitted
    08-08-2023 22:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c92acc3e0c940224d8db097cfb254cdefdbaa86546e5b1d9363d1db261ec7dc7.apk

  • Size

    3.0MB

  • MD5

    7de77e1bf34be32531c788f4aba5fc42

  • SHA1

    8c50daafdcd728b4bd891f9329f781fd8372152b

  • SHA256

    c92acc3e0c940224d8db097cfb254cdefdbaa86546e5b1d9363d1db261ec7dc7

  • SHA512

    b0bee20265cf2dc4909dbc997117e98d1a3a2cf3dc5030fd7dcd0ae73b193929d0a515353c2cbc135a16ffb81919d398452cd81f99f7e318a727b5fb0dbcde3f

  • SSDEEP

    98304:cW5ggujDLDgbwylZbdpjEUQzhAcsPH8jWwSgP0rQHRXfYNo0NwpuqP97U9px/EjF:B5gg2YsWTujuH8iyIQdunx8p

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Extracted

Family

hydra

C2

http://beedoris.top/

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 2 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • com.salmon.vague
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    PID:4092
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.salmon.vague/app_DynamicOptDex/LxelGR.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.salmon.vague/app_DynamicOptDex/oat/x86/LxelGR.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4209

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.salmon.vague/app_DynamicOptDex/LxelGR.json
    Filesize

    973KB

    MD5

    56fdb48ffb6391cf10ea458e20cbd9e6

    SHA1

    422f8405a4f68fdc103ea62c1ef9c6f6d7940414

    SHA256

    ef57606743b39c8da5c74a657cba4288cd6371ec499473eb7768cf12ea4f52b6

    SHA512

    e45090370ca078f0669bf0c9969936c5b27fdef2d6d96d651953343e3cefde1604349093fe58abf4a09a2b97cde131c00300d9da11d3ee83711e64576e1cfb6d

    Download Submit

  • /data/user/0/com.salmon.vague/app_DynamicOptDex/LxelGR.json
    Filesize

    2.2MB

    MD5

    d24d26e28b34568f56f13135ecf97910

    SHA1

    f04d01c60dd2cc834c568a040ce09494d83f4a81

    SHA256

    273fac0d2cfbd44b15bc50d518d034db0b5ccd0db3724bef690594041baf9c0c

    SHA512

    3751aacfe091eea49ebe60f4fa50fae40e458419f08e35e017d05a30cb126993fba5960b2f8b09e1b4039f147efe8154f3f68d755f094a60961fe7ece139dfaf

    Download Submit

  • /data/user/0/com.salmon.vague/app_DynamicOptDex/LxelGR.json
    Filesize

    2.2MB

    MD5

    03e60fe75a49d207705dda6c68ce3880

    SHA1

    427cb5c34b6dbcd140e7d0e3990819e20247d347

    SHA256

    8fe4ea7cd83f2e06d86ca7897906523566d1566c7a8447f8df15133109002fe2

    SHA512

    2a6efa31ea624dc6ea7401a71920df77cbe1f685b5d20a2a2570211875a301ba081063fb64bec8c52deaf97b5c498b704312f209352877ee58da4c084a418c6a

    Download Submit