Overview

overview

10

Static

static

7

7e87ac723c...91.apk

android-9-x86

10

7e87ac723c...91.apk

android-10-x64

10

7e87ac723c...91.apk

android-11-x64

10

ad.html

windows7-x64

1

ad.html

windows10-2004-x64

1

disney.js

windows7-x64

1

disney.js

windows10-2004-x64

1

googlephoto.js

windows7-x64

1

googlephoto.js

windows10-2004-x64

1

hbomax.js

windows7-x64

1

hbomax.js

windows10-2004-x64

1

netflix.js

windows7-x64

1

netflix.js

windows10-2004-x64

1

web.js

windows7-x64

1

web.js

windows10-2004-x64

1

Analysis

  • max time kernel
    4153448s
  • max time network
    154s
  • platform
    android_x86
  • resource
    android-x86-arm-20230831-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20230831-enlocale:en-usos:android-9-x86system
  • submitted
    03-10-2023 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7e87ac723c81e285d17a2614478f539a7687800516712d52dc0fd730af1e6891.apk

  • Size

    4.0MB

  • MD5

    32bf2fe1176ef975af6393efd5bcbd14

  • SHA1

    c1f231e63db65b1d55381ec888509da15c242099

  • SHA256

    7e87ac723c81e285d17a2614478f539a7687800516712d52dc0fd730af1e6891

  • SHA512

    702e404c5adc2812d9fd99695a165ec005c1cfe633cf071ce63f609fc4020e48907c0298919a46906dd20cef60564a15981b85dd8d3d6cbca93619918c6c6717

  • SSDEEP

    98304:BmXm8lrS55pQp9wuJEfuctseNawi3dgCqjnRImVOGB9OP9ZuQNsr:BmXAtQntJ0FQf3dgCqjnRNs/8

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 2 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • com.sorry.open
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    PID:4134

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.sorry.open/app_DynamicOptDex/UhGQanI.json
    Filesize

    1.9MB

    MD5

    d85d722325b5ca408585286e39f55012

    SHA1

    1babe67eb1fcee2d7941cc31ca8ecd5d6af9b48a

    SHA256

    ffdc78e0d73605eb64f9260028a791e11ffc22bfd77565976faef6b51a737e90

    SHA512

    72e32c89b9eced7fac641cbf423c866ea3b4a2a4a0b93a38777ed9c5461ec296e705ab0136f7b560af3da6e721d8f60e9f69ab91eaf015b2ad965fd14cddb00f

    Download Submit
  • /data/data/com.sorry.open/app_DynamicOptDex/UhGQanI.json
    Filesize

    1.9MB

    MD5

    0513e9be14ab7f09a6efae4b3a7c45ac

    SHA1

    d3b9fcefbd21a93f4be1d3032ffe60b5983fe0db

    SHA256

    12f9977f787917d25bd988cea11834d3e6fdc4292b1ca6e19a15ffad04158546

    SHA512

    ec7b97a6ddffc4b46a74bc5379a7291037c5e0c630340333b517ea065f65ecc0e603824aef6f047f44da2414d6f4adffe8def7fbb1f6da37a34fa5d28a6d4d13

    Download Submit
  • /data/data/com.sorry.open/app_DynamicOptDex/oat/UhGQanI.json.cur.prof
    Filesize

    1KB

    MD5

    fc62fd00df9e8e56b5fafa7e43b8b15b

    SHA1

    7d6d6927ecd6e39a722314978d46b9c10ffa034a

    SHA256

    66b5fddf521df7991dfa0f7f95fabd03974d4e299801f0c439ef7153719d263b

    SHA512

    801a0dcd06d693edb1149fe28d19e634670658d7f1a175e2ab6e2848754c93af58280ac72f1f6985597f41da5f543894cb8c505323d6328c259e24d268fc6d4a

    Download Submit
  • /data/user/0/com.sorry.open/app_DynamicOptDex/UhGQanI.json
    Filesize

    5.0MB

    MD5

    8111e48e9c1821537c3b1bf880b2f8c9

    SHA1

    3004d42585e9443afc2f06194af4a3e44e9ea1de

    SHA256

    4c05598f835d161ef9bd33d82c4897ab71eeddb2aa8d0bed16301ef23d9a3135

    SHA512

    0b9c735c98dcc1320dd8a9bf85a54a4b67d3eeed2be91f47a2302b44d4d8d5183ecbb13d30104a28cca5bf35530e14ff9a3873e0f7f9312c8a6d3a6f78efc418

    Download Submit