Overview
overview
10Static
static
7c92acc3e0c...c7.apk
android-9-x86
10c92acc3e0c...c7.apk
android-10-x64
10c92acc3e0c...c7.apk
android-11-x64
10closebutton.html
windows7-x64
1closebutton.html
windows10-2004-x64
1core_wrapper.js
windows7-x64
1core_wrapper.js
windows10-2004-x64
1lynx_core.js
windows7-x64
1lynx_core.js
windows10-2004-x64
1nd
ubuntu-18.04-amd64
slardar_bridge.js
windows7-x64
1slardar_bridge.js
windows10-2004-x64
1slardar_sdk.js
windows7-x64
1slardar_sdk.js
windows10-2004-x64
1template.js
windows7-x64
1template.js
windows10-2004-x64
1Analysis
-
max time kernel
3610640s -
max time network
145s -
platform
android_x64 -
resource
android-x64-arm64-20230621-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230621-enlocale:en-usos:android-11-x64system -
submitted
08-08-2023 22:08
Static task
static1
Behavioral task
behavioral1
Sample
c92acc3e0c940224d8db097cfb254cdefdbaa86546e5b1d9363d1db261ec7dc7.apk
Resource
android-x86-arm-20230621-en
Behavioral task
behavioral2
Sample
c92acc3e0c940224d8db097cfb254cdefdbaa86546e5b1d9363d1db261ec7dc7.apk
Resource
android-x64-20230621-en
Behavioral task
behavioral3
Sample
c92acc3e0c940224d8db097cfb254cdefdbaa86546e5b1d9363d1db261ec7dc7.apk
Resource
android-x64-arm64-20230621-en
Behavioral task
behavioral4
Sample
closebutton.html
Resource
win7-20230712-en
Behavioral task
behavioral5
Sample
closebutton.html
Resource
win10v2004-20230703-en
Behavioral task
behavioral6
Sample
core_wrapper.js
Resource
win7-20230712-en
Behavioral task
behavioral7
Sample
core_wrapper.js
Resource
win10v2004-20230703-en
Behavioral task
behavioral8
Sample
lynx_core.js
Resource
win7-20230712-en
Behavioral task
behavioral9
Sample
lynx_core.js
Resource
win10v2004-20230703-en
Behavioral task
behavioral10
Sample
nd
Resource
ubuntu1804-amd64-20230712-en
Behavioral task
behavioral11
Sample
slardar_bridge.js
Resource
win7-20230712-en
Behavioral task
behavioral12
Sample
slardar_bridge.js
Resource
win10v2004-20230703-en
Behavioral task
behavioral13
Sample
slardar_sdk.js
Resource
win7-20230712-en
Behavioral task
behavioral14
Sample
slardar_sdk.js
Resource
win10v2004-20230703-en
Behavioral task
behavioral15
Sample
template.js
Resource
win7-20230712-en
Behavioral task
behavioral16
Sample
template.js
Resource
win10v2004-20230703-en
General
-
Target
c92acc3e0c940224d8db097cfb254cdefdbaa86546e5b1d9363d1db261ec7dc7.apk
-
Size
3.0MB
-
MD5
7de77e1bf34be32531c788f4aba5fc42
-
SHA1
8c50daafdcd728b4bd891f9329f781fd8372152b
-
SHA256
c92acc3e0c940224d8db097cfb254cdefdbaa86546e5b1d9363d1db261ec7dc7
-
SHA512
b0bee20265cf2dc4909dbc997117e98d1a3a2cf3dc5030fd7dcd0ae73b193929d0a515353c2cbc135a16ffb81919d398452cd81f99f7e318a727b5fb0dbcde3f
-
SSDEEP
98304:cW5ggujDLDgbwylZbdpjEUQzhAcsPH8jWwSgP0rQHRXfYNo0NwpuqP97U9px/EjF:B5gg2YsWTujuH8iyIQdunx8p
Malware Config
Extracted
hydra
http://beedoris.top/
Signatures
-
Hydra
Android banker and info stealer.
-
Hydra payload 1 IoCs
resource yara_rule behavioral3/memory/4292-0.dex family_hydra -
Makes use of the framework's Accessibility service. 2 IoCs
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.salmon.vague Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.salmon.vague -
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.salmon.vague/app_DynamicOptDex/LxelGR.json 4292 com.salmon.vague -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 68 ip-api.com -
Reads information about phone network operator.
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
973KB
MD556fdb48ffb6391cf10ea458e20cbd9e6
SHA1422f8405a4f68fdc103ea62c1ef9c6f6d7940414
SHA256ef57606743b39c8da5c74a657cba4288cd6371ec499473eb7768cf12ea4f52b6
SHA512e45090370ca078f0669bf0c9969936c5b27fdef2d6d96d651953343e3cefde1604349093fe58abf4a09a2b97cde131c00300d9da11d3ee83711e64576e1cfb6d
-
Filesize
2.2MB
MD503e60fe75a49d207705dda6c68ce3880
SHA1427cb5c34b6dbcd140e7d0e3990819e20247d347
SHA2568fe4ea7cd83f2e06d86ca7897906523566d1566c7a8447f8df15133109002fe2
SHA5122a6efa31ea624dc6ea7401a71920df77cbe1f685b5d20a2a2570211875a301ba081063fb64bec8c52deaf97b5c498b704312f209352877ee58da4c084a418c6a