Overview

overview

10

Static

static

7

73aba6b6c6...98.apk

android-9-x86

10

73aba6b6c6...98.apk

android-10-x64

10

73aba6b6c6...98.apk

android-11-x64

10

Analysis

  • max time kernel
    377290s
  • max time network
    136s
  • platform
    android_x86
  • resource
    android-x86-arm-20230831-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20230831-enlocale:en-usos:android-9-x86system
  • submitted
    09-10-2023 22:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    73aba6b6c688afa8b5fbe41d3d30c4d15d49881a06c7a1ee81b2f48306bd2898.apk

  • Size

    3.5MB

  • MD5

    fe629349652c9bbbc1d7e1515eb8e6d9

  • SHA1

    f2f7cb5b259d571976f849195784d9ad47b0bf6c

  • SHA256

    73aba6b6c688afa8b5fbe41d3d30c4d15d49881a06c7a1ee81b2f48306bd2898

  • SHA512

    03a13277df89a16ad2050c314b3af6991c716b6841fc89ac199b67837162850654ffda0c058689dbe3b521b1b7862c5e7baa3507ab8bdff1f3a38b91619aca13

  • SSDEEP

    98304:oOTkG0SUocakE2gQ57SJg0ewcGSMltzcrCM37CAHy+UsFVxLej7:taroctE2gQ57SJgecGLLeCwL0cvLeX

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Extracted

Family

hydra

C2

http://qjrqkrklrwellwej.online

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 4 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • com.analyst.pet
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    PID:4186
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.analyst.pet/app_DynamicOptDex/qaNSXNC.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.analyst.pet/app_DynamicOptDex/oat/x86/qaNSXNC.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.analyst.pet/app_DynamicOptDex/oat/qaNSXNC.json.cur.prof
    Filesize

    695B

    MD5

    b6ace68f06f80a56df7497f74024e09d

    SHA1

    786d516c65f29d4f52227e328fa2620988c47803

    SHA256

    81c0d28d60b44432c3a71db2174f48c5af5be68e33c1061c69cb522a8404c055

    SHA512

    977012717c9c7f5d39f0850e3c511830c10f9638f20f1be392e758be8a39876f7080e20a24a550c69dcbbcaf7f2800f4e7a70f716049f512ddaf5345a2449870

    Download Submit

  • /data/data/com.analyst.pet/app_DynamicOptDex/qaNSXNC.json
    Filesize

    1.3MB

    MD5

    b4be200e59513d0b44b2cbaa68414fcc

    SHA1

    5bc09eabe501658524bc0ea92fe9b47ce4e4a465

    SHA256

    e829b41d2727c2d76d14badf3c0a9f12466b4ad6650d3a290c7528072a511117

    SHA512

    57e348808cded03c971d3ed05260500a13d22883270e0f5b4c63f4c9defea5b4b6a3452747a5187ef648483c9579df1ecc596332268d2c21ae53509fab22f2ba

    Download Submit

  • /data/data/com.analyst.pet/app_DynamicOptDex/qaNSXNC.json
    Filesize

    1.3MB

    MD5

    5ceae90f3b102a97a53e1204898616c1

    SHA1

    8928ed16513a75363ce46acede3c3cf7c72bd8d2

    SHA256

    141aac493488f4415293a306074401dcfdc66cf1510bee3225a1354785515f1d

    SHA512

    15b41a7cc3efdb6b2bc4e71a2c79cb053f6b7532f2a2004ea0e8fe926c214e9c376f660a437ef4cc73cea528187bd51535f84847c17dd48247b6310bb9694c06

    Download Submit

  • /data/user/0/com.analyst.pet/app_DynamicOptDex/qaNSXNC.json
    Filesize

    3.6MB

    MD5

    8d114c098fb185128515880dac62cc88

    SHA1

    07c505f55bd8bfa7ae5692f19db5c130ae516f2e

    SHA256

    c222f7d6f4d85c7f6bae13a7126e0ecb5d30326616a0c04825032c8b1f6972e9

    SHA512

    b79ae90c7d3b792dedc62f37ef1dfca80b1dcbcf52b749192b92e213e660143d916b2e67bef89b2133d2a0d72dfcbdfb6b5119846a35c2595a6c703744fdeade

    Download Submit

  • /data/user/0/com.analyst.pet/app_DynamicOptDex/qaNSXNC.json
    Filesize

    3.6MB

    MD5

    71fba9c9b98c94eda7886f013654f442

    SHA1

    523b0839f23e6d9addd348424b85b70994b369ef

    SHA256

    f7cdfe5e88f8aeafe00c51363bc5f3910d1db15228cd327fe37f4acda11d76ec

    SHA512

    7ffb0f2607e5bb0bae9292f4c7573128bd4073bf45ba07aa50fc9c68ed7510c33825780392014e891d63a11c38086af9d850a7886ad2c878653a04e4f0d1f76a

    Download Submit