Overview

overview

10

Static

static

7

c92acc3e0c...c7.apk

android-9-x86

10

c92acc3e0c...c7.apk

android-10-x64

10

c92acc3e0c...c7.apk

android-11-x64

10

closebutton.html

windows7-x64

1

closebutton.html

windows10-2004-x64

1

core_wrapper.js

windows7-x64

1

core_wrapper.js

windows10-2004-x64

1

lynx_core.js

windows7-x64

1

lynx_core.js

windows10-2004-x64

1

nd

ubuntu-18.04-amd64

slardar_bridge.js

windows7-x64

1

slardar_bridge.js

windows10-2004-x64

1

slardar_sdk.js

windows7-x64

1

slardar_sdk.js

windows10-2004-x64

1

template.js

windows7-x64

1

template.js

windows10-2004-x64

1

Analysis

  • max time kernel
    3610555s
  • max time network
    70s
  • platform
    android_x64
  • resource
    android-x64-20230621-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20230621-enlocale:en-usos:android-10-x64system
  • submitted
    08-08-2023 22:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c92acc3e0c940224d8db097cfb254cdefdbaa86546e5b1d9363d1db261ec7dc7.apk

  • Size

    3.0MB

  • MD5

    7de77e1bf34be32531c788f4aba5fc42

  • SHA1

    8c50daafdcd728b4bd891f9329f781fd8372152b

  • SHA256

    c92acc3e0c940224d8db097cfb254cdefdbaa86546e5b1d9363d1db261ec7dc7

  • SHA512

    b0bee20265cf2dc4909dbc997117e98d1a3a2cf3dc5030fd7dcd0ae73b193929d0a515353c2cbc135a16ffb81919d398452cd81f99f7e318a727b5fb0dbcde3f

  • SSDEEP

    98304:cW5ggujDLDgbwylZbdpjEUQzhAcsPH8jWwSgP0rQHRXfYNo0NwpuqP97U9px/EjF:B5gg2YsWTujuH8iyIQdunx8p

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Extracted

Family

hydra

C2

http://beedoris.top/

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • com.salmon.vague
    1⤵
    • Loads dropped Dex/Jar
    PID:4751

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.salmon.vague/app_DynamicOptDex/LxelGR.json
    Filesize

    973KB

    MD5

    56fdb48ffb6391cf10ea458e20cbd9e6

    SHA1

    422f8405a4f68fdc103ea62c1ef9c6f6d7940414

    SHA256

    ef57606743b39c8da5c74a657cba4288cd6371ec499473eb7768cf12ea4f52b6

    SHA512

    e45090370ca078f0669bf0c9969936c5b27fdef2d6d96d651953343e3cefde1604349093fe58abf4a09a2b97cde131c00300d9da11d3ee83711e64576e1cfb6d

    Download Submit
  • /data/user/0/com.salmon.vague/app_DynamicOptDex/LxelGR.json
    Filesize

    2.2MB

    MD5

    03e60fe75a49d207705dda6c68ce3880

    SHA1

    427cb5c34b6dbcd140e7d0e3990819e20247d347

    SHA256

    8fe4ea7cd83f2e06d86ca7897906523566d1566c7a8447f8df15133109002fe2

    SHA512

    2a6efa31ea624dc6ea7401a71920df77cbe1f685b5d20a2a2570211875a301ba081063fb64bec8c52deaf97b5c498b704312f209352877ee58da4c084a418c6a

    Download Submit
  • /data/user/0/com.salmon.vague/app_DynamicOptDex/oat/LxelGR.json.cur.prof
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit