Overview

overview

10

Static

static

7

73aba6b6c6...98.apk

android-9-x86

10

73aba6b6c6...98.apk

android-10-x64

10

73aba6b6c6...98.apk

android-11-x64

10

Analysis

  • max time kernel
    377263s
  • max time network
    135s
  • platform
    android_x64
  • resource
    android-x64-20230831-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20230831-enlocale:en-usos:android-10-x64system
  • submitted
    09-10-2023 22:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    73aba6b6c688afa8b5fbe41d3d30c4d15d49881a06c7a1ee81b2f48306bd2898.apk

  • Size

    3.5MB

  • MD5

    fe629349652c9bbbc1d7e1515eb8e6d9

  • SHA1

    f2f7cb5b259d571976f849195784d9ad47b0bf6c

  • SHA256

    73aba6b6c688afa8b5fbe41d3d30c4d15d49881a06c7a1ee81b2f48306bd2898

  • SHA512

    03a13277df89a16ad2050c314b3af6991c716b6841fc89ac199b67837162850654ffda0c058689dbe3b521b1b7862c5e7baa3507ab8bdff1f3a38b91619aca13

  • SSDEEP

    98304:oOTkG0SUocakE2gQ57SJg0ewcGSMltzcrCM37CAHy+UsFVxLej7:taroctE2gQ57SJgecGLLeCwL0cvLeX

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Extracted

Family

hydra

C2

http://qjrqkrklrwellwej.online

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 2 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • com.analyst.pet
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    PID:5072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.analyst.pet/app_DynamicOptDex/oat/qaNSXNC.json.cur.prof
    Filesize

    1KB

    MD5

    96a882d33a399e106dd8de2fb51b2b93

    SHA1

    9590d3021595826ea99cf12f77fae4d0c539068b

    SHA256

    9dc74ea7fbf5c928f1dda044aa8fef52ae5a6e44ebbbad2bf0ec17d4a9daeddb

    SHA512

    6b0a79d44d6aea754e5384fdda733fb9e40af3b61c06d0f2a908c6e99dbf7509772201d5870b7e4dde79d01f15dff64f60d1dd644e4a4a594524be6bec200b0b

    Download Submit

  • /data/data/com.analyst.pet/app_DynamicOptDex/qaNSXNC.json
    Filesize

    1.3MB

    MD5

    b4be200e59513d0b44b2cbaa68414fcc

    SHA1

    5bc09eabe501658524bc0ea92fe9b47ce4e4a465

    SHA256

    e829b41d2727c2d76d14badf3c0a9f12466b4ad6650d3a290c7528072a511117

    SHA512

    57e348808cded03c971d3ed05260500a13d22883270e0f5b4c63f4c9defea5b4b6a3452747a5187ef648483c9579df1ecc596332268d2c21ae53509fab22f2ba

    Download Submit

  • /data/data/com.analyst.pet/app_DynamicOptDex/qaNSXNC.json
    Filesize

    1.3MB

    MD5

    5ceae90f3b102a97a53e1204898616c1

    SHA1

    8928ed16513a75363ce46acede3c3cf7c72bd8d2

    SHA256

    141aac493488f4415293a306074401dcfdc66cf1510bee3225a1354785515f1d

    SHA512

    15b41a7cc3efdb6b2bc4e71a2c79cb053f6b7532f2a2004ea0e8fe926c214e9c376f660a437ef4cc73cea528187bd51535f84847c17dd48247b6310bb9694c06

    Download Submit

  • /data/user/0/com.analyst.pet/app_DynamicOptDex/qaNSXNC.json
    Filesize

    3.6MB

    MD5

    71fba9c9b98c94eda7886f013654f442

    SHA1

    523b0839f23e6d9addd348424b85b70994b369ef

    SHA256

    f7cdfe5e88f8aeafe00c51363bc5f3910d1db15228cd327fe37f4acda11d76ec

    SHA512

    7ffb0f2607e5bb0bae9292f4c7573128bd4073bf45ba07aa50fc9c68ed7510c33825780392014e891d63a11c38086af9d850a7886ad2c878653a04e4f0d1f76a

    Download Submit