Overview

overview

10

Static

static

7

88a50ba6ab...aa.apk

android-9-x86

10

88a50ba6ab...aa.apk

android-10-x64

10

88a50ba6ab...aa.apk

android-11-x64

10

core_wrapper.js

windows7-x64

1

core_wrapper.js

windows10-2004-x64

1

faq.html

windows7-x64

1

faq.html

windows10-2004-x64

1

help.htm

windows7-x64

1

help.htm

windows10-2004-x64

1

help_cs.htm

windows7-x64

1

help_cs.htm

windows10-2004-x64

1

help_de.htm

windows7-x64

1

help_de.htm

windows10-2004-x64

1

help_es.htm

windows7-x64

1

help_es.htm

windows10-2004-x64

1

help_ru.htm

windows7-x64

1

help_ru.htm

windows10-2004-x64

1

help_uk.htm

windows7-x64

1

help_uk.htm

windows10-2004-x64

1

license.htm

windows7-x64

1

license.htm

windows10-2004-x64

1

mraid.js

windows7-x64

1

mraid.js

windows10-2004-x64

1

omsdk-v1.js

windows7-x64

1

omsdk-v1.js

windows10-2004-x64

1

playstore.htm

windows7-x64

1

playstore.htm

windows10-2004-x64

1

privacy_cn.htm

windows7-x64

1

privacy_cn.htm

windows10-2004-x64

1

totalcmd_d...ng.htm

windows7-x64

1

totalcmd_d...ng.htm

windows10-2004-x64

1

totalcmd_p...cy.htm

windows7-x64

1

Analysis

  • max time kernel
    3980705s
  • max time network
    132s
  • platform
    android_x86
  • resource
    android-x86-arm-20230831-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20230831-enlocale:en-usos:android-9-x86system
  • submitted
    01-10-2023 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    88a50ba6ab5d4368b10010758cc4bedc99d76393239207a2da1626627bfe80aa.apk

  • Size

    3.1MB

  • MD5

    b92e2c0f63b0a15e7ede358ae20a574e

  • SHA1

    79fd1f97eb69e2950295d534b9bff14eb08dcba4

  • SHA256

    88a50ba6ab5d4368b10010758cc4bedc99d76393239207a2da1626627bfe80aa

  • SHA512

    5a59bc45c94141468babc95c817046be45381cc6061787021bc63abb0cc2657e2f2e24047f627a3ad504a625cb7e1ba92420ddd7d8919bb98f84b3572819c71a

  • SSDEEP

    49152:bpUz3bbjQB/hP54SqbuczzN3tGuwhF8tWj8S2EyH8G7+sr3vJ7PonhuqfXab:bpUjjW/X4SqljkhFUHHJKsr3vJ7ghLfI

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Extracted

Family

hydra

C2

http://porloausmountr.net

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 4 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • com.jealous.pattern
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    PID:4148
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.jealous.pattern/app_DynamicOptDex/bWmC.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.jealous.pattern/app_DynamicOptDex/oat/x86/bWmC.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4189

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.jealous.pattern/app_DynamicOptDex/bWmC.json
    Filesize

    1.3MB

    MD5

    6f65b65e67121ffa30f2df0a1ab611c7

    SHA1

    2294f80a0abd2784e1def448df6f8095b2f56563

    SHA256

    b50ad898b07e66c6ea8cb265b27debd0b34f5e7b7c8f8da7d96c9d04abf500ae

    SHA512

    586fbda43ddbb04c1d2ea16338bcc93ffce8106f0a90c4531b5a8b5ab5ec6b680b15e18201ee1a0d7ec3c4c5a06ecc912d04ae98711bf98c4ea9848c34888684

    Download Submit
  • /data/data/com.jealous.pattern/app_DynamicOptDex/bWmC.json
    Filesize

    1.3MB

    MD5

    d9c49539f3545439539256ed69c68113

    SHA1

    bba2be7f4de4a30111296995386e99525c3aaf6c

    SHA256

    2f47190b06a4dd9da217ce9da822a519847c1ada29deaeac2e7d3a00ce49d738

    SHA512

    36c71991cae1f3e67d43e7c1fb09349a7d674840c6ea6f4e7e49551cd81489de1453d4b9df75d6ed982ab72db8422e7dc6bd054bdca031876dd889490103a2c8

    Download Submit
  • /data/data/com.jealous.pattern/app_DynamicOptDex/oat/bWmC.json.cur.prof
    Filesize

    1KB

    MD5

    5eaa0e188e37112f483852eb329417bd

    SHA1

    47d148fe0ddc6ac3438a1f12cf41e15979822dbb

    SHA256

    f2e148016536548e6c58342a3327c10969fb1997a411d5afb423b13ee205734c

    SHA512

    60492f225bae1b7911544a396272d799581872f6d4bd3be9d960233c879aaf9c4268d507fb27002bdcde85033f747aa4c0b39fb068bd9acbadc990914ce32042

    Download Submit
  • /data/user/0/com.jealous.pattern/app_DynamicOptDex/bWmC.json
    Filesize

    3.6MB

    MD5

    315c69d80a2f1965ac6d51403bae9cbb

    SHA1

    3a364cb69e222d814d05cdd8d379649fd6a2cfa2

    SHA256

    a9fd37f340081f9d9dce45fccd30aedee71b1e46d3c7227cdc41a62a33f905ff

    SHA512

    6d7c2cadec2cfd311942e625bf85dc8afae755d4ce432baf3b883f771f855bced2e4f11d64d28448b459497d6681e861b584ec552a532bba0fdd9a9288593d46

    Download Submit
  • /data/user/0/com.jealous.pattern/app_DynamicOptDex/bWmC.json
    Filesize

    3.6MB

    MD5

    90db906dcdd598d34fe9c8d318eb9427

    SHA1

    07677d4434e7a2a4921bc5a0c9a6840c82216aed

    SHA256

    b9c5fb3b9ae2f495a7126d1562978628b16f6aa25c415dc752e2b9d21375970a

    SHA512

    9c831496481cd4c2065d4c8194b31ec5e098db968678838bf50ca4725fe77747c1c05e2209610f6a39c82742380dff32c04ccaba954c69ce4c1562624aea738b

    Download Submit