General

  • Target

    a8d120589c953cfb08c0b5d20482e0c21e5afc30b9b3635144de3fb019c19c66.apk

  • Size

    2.1MB

  • Sample

    231011-qwp6maad5z

  • MD5

    9c5ff70c77af1a4e0d85d9f1ad4413fb

  • SHA1

    a63125f958524cf3a5bd4715074dd87b61b0c9dc

  • SHA256

    a8d120589c953cfb08c0b5d20482e0c21e5afc30b9b3635144de3fb019c19c66

  • SHA512

    ec6b6057a96f002ab6bd2d65caac27ad73e10b191b6d4ace29043770a2df61108685f08e5618458bd50c3387658cbe6d69adb2afffde53acf006ea82176a31d1

  • SSDEEP

    49152:4bcOkWKBs6BJPZwxitfcbE1Nyvk4wW50lbNmQqM8DWi1B4O:4bc1u6XPlN18+N9nuD

Malware Config

Extracted

Family

hydra

C2

http://ikincikahromesdod.net

Targets

    • Target

      a8d120589c953cfb08c0b5d20482e0c21e5afc30b9b3635144de3fb019c19c66.apk

    • Size

      2.1MB

    • MD5

      9c5ff70c77af1a4e0d85d9f1ad4413fb

    • SHA1

      a63125f958524cf3a5bd4715074dd87b61b0c9dc

    • SHA256

      a8d120589c953cfb08c0b5d20482e0c21e5afc30b9b3635144de3fb019c19c66

    • SHA512

      ec6b6057a96f002ab6bd2d65caac27ad73e10b191b6d4ace29043770a2df61108685f08e5618458bd50c3387658cbe6d69adb2afffde53acf006ea82176a31d1

    • SSDEEP

      49152:4bcOkWKBs6BJPZwxitfcbE1Nyvk4wW50lbNmQqM8DWi1B4O:4bc1u6XPlN18+N9nuD

    • Hydra

      Android banker and info stealer.

    • Hydra payload

    • Makes use of the framework's Accessibility service.

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Target

      help.htm

    • Size

      53KB

    • MD5

      883888def347f0db8dbdec1fe82be5c9

    • SHA1

      f54280a3690f373a05cf438ca12c3e482bc1ed8a

    • SHA256

      766c2b736da4683d0f7cd5927cab1441dc13bca47af33b0911d5aaaa70da6ab2

    • SHA512

      4538af3b0b7b2786461d37ca6e3b93290ff9d6a6b7820f7dd3bf3840414c06e0c271786a91e5164d8767ecc66645f9a09599af661ddc39384717dbb80d9cc546

    • SSDEEP

      768:FWAtJoDQSUPSEXVe5wSsRz1K4I8Cnsro7:b6kxPSGowS+E4I8Wsa

    Score
    1/10
    • Target

      help_cs.htm

    • Size

      54KB

    • MD5

      22d33848ee6cae8aa8c1e90bdcd65226

    • SHA1

      982e9769391e13507289928289f11aa6e5b6c91b

    • SHA256

      b8a728e6bd697922bc23732cd444d25697d418ec6fd7a8cc322029cd71670148

    • SHA512

      25f1415f0b3e9c34fcd7f896b784d340622f74a7ff308c62da8961c1b7fa82f7ff038b54fed3d9a048a67039058d1c9f604f3be56f495288e417eacc034f7822

    • SSDEEP

      768:/3AjqEZHfLqlREwa3CL+9pcYX/wXBSBHz114I8h9KQc3G6mq/zAIjRK0:/4qC/KEwan7/wXBSlD4I8h9KQc3GX0

    Score
    1/10
    • Target

      help_de.htm

    • Size

      59KB

    • MD5

      52e18bac42fb06e4116cdaee988e0661

    • SHA1

      9d0ef32f76cab08d380ec1359e414fbbd1d207ae

    • SHA256

      54d12be384ad0a78c68a416873338edf8ceb5601a20895ca6aef9360b0cd75e8

    • SHA512

      8a2b4e11b1a368075b8871bf90517890c79dfa88ac2bc9b355af305fe134b6ec4c6d02a50d334ee3b734628f4a0f7df142fe30b5acbfd33abc9904cd48c485cb

    • SSDEEP

      768:cklY6UHcqSlF+xUVPB6rKboSNzCWidlub1uaablOEhEs8e2gcaUrF20OzGJPCGdC:AH7SlFs2Pam9idlub4los8e3ZUrgVETC

    Score
    1/10
    • Target

      help_es.htm

    • Size

      61KB

    • MD5

      31772dae5e7e480072ed6d872134201e

    • SHA1

      4c19adebf12a2aa4be9773ee4226fcbc79b89e84

    • SHA256

      f088fe7faadb088d3f63ad8f6d6eea2d88abf4e7318e31e17dbe52d5e4f92707

    • SHA512

      5f19c826336d100b5d104002eb0b35dbaf24889225630a3e9c31aeab3d77d912adaec0470d1d0fbd2e60956a11eaccbff385bd7d28ef8acf7dbccc9434fe8e2b

    • SSDEEP

      768:hLYLmYEm9UhhJ6TJ5w7NKVwvTAybuosWqPOg+YS3+brRzf:hlYjikW7NKVwbootYXfS3Sx

    Score
    1/10
    • Target

      help_ru.htm

    • Size

      58KB

    • MD5

      0b8a2f9f0fefa77f9b5e53371195d732

    • SHA1

      53cdd30958d2863ba976fa4e9e7ceabdd85ffb60

    • SHA256

      88212e9f4c88a33b0147f5aa5dd3f8fa434707b1b925e3d45fb03366e909ec5a

    • SHA512

      5b3f90561d9b819dcfa05ef463c2453786b7d4adddc9ea5d84b2b2ebc07106fd6aa3b906e04b386cda7103e22e10d5430e258983d2aaf8880c4230ef06894309

    • SSDEEP

      768:PRtY5bm3l9Q/DVcYRTI3n81skx61fJBwghQg:p+5C3l8Pu3n81sFBAg

    Score
    1/10
    • Target

      help_uk.htm

    • Size

      57KB

    • MD5

      6f351ddb8050526c77850db00448d3c8

    • SHA1

      dd253c3d52261d3504bfeadeee08266ab01da749

    • SHA256

      6bf22746ea6b58743544aeebb5f47fdc690e19037d4702926567a69ad426c463

    • SHA512

      e52e1b60b6866175249c33e5b72329c02d2a743673d6845d2ccc2051f4e77967367b095714c583d315ad03e849ab6877e958f6beb5314274e263bc03a8362551

    • SSDEEP

      768:m6At7jfON+B88ArRwU5XG0uUOBiKaBb4JKpBbZM5XyZwhDmILSsb:1UOnrRwtfiKaBb4WXMoaqI2sb

    Score
    1/10
    • Target

      license.htm

    • Size

      6KB

    • MD5

      407f13382c8d7a039a9eaef44f79642e

    • SHA1

      d16f70c6d1703efc33823ab385ceabd8447ac1bc

    • SHA256

      657c157f78e360d37e2485f6245b4f87789ece5a2b150a4f4fe9fead0c6facd3

    • SHA512

      213e32e5f04199153ad3702e8706b0399fdb8c683a47dfbde7dce8a91ef7786c7d43830eeaf5d03fade136a74ca0908eabd797be806d15c106a2e070579ada9c

    • SSDEEP

      96:27r6shoCs4pHbHF0cRKKxUREEQAk5cVB54x/XHFCWFJYJzzTF3G3zVHCU:DsmQHbHxRKKME6FWXHZLsXTF3G3BCU

    Score
    1/10
    • Target

      playstore.htm

    • Size

      4KB

    • MD5

      b5761ec7f4412406c8f521379cbfe466

    • SHA1

      621c6720da697ab81116bfdd6bf81d1c8ad5e7a1

    • SHA256

      27b9dbf27f7d81fc3cb84c6b3b2430a14fcf78d82d351d38b92dd18537f0bc26

    • SHA512

      e4115829d744cfe44891eb753c4b2ef042d6d5397e5138899ddcfbf9f5a7ac84f2a47af3ca496e11505ca501b8ccadd51b276adafa42d709525b337049d7ed4d

    • SSDEEP

      48:mB79CNoW1ii1n8BfDaqDUMmckWmk1ZVEsMToZtME1NOar5McIp9AMF3Y:mB79C2WT16DaqAMv5ZxoMMUbMrHBFI

    Score
    1/10
    • Target

      totalcmd_datenschutzerklaerung.htm

    • Size

      3KB

    • MD5

      41cb1edf3388232ed16c7827671b6437

    • SHA1

      0f48049463f07cbd9da8a8c32431e3cd398dec2f

    • SHA256

      d4e95c717f4af725ace14cdcf249171f842186b56c365c9897c5f273ad41af57

    • SHA512

      0c649466d7af3ea3c3985b94f44b5d689fab96226c7667fe798727faabe798edb92cbf8abcc67ec559377da7250c19fc15a116d09e3521c0445d2ee66585fd63

    Score
    1/10
    • Target

      totalcmd_privacy_policy.htm

    • Size

      3KB

    • MD5

      f5bd54f89d624a56a0368d1bf532c60b

    • SHA1

      6fdb247506d811132bc5b51ffc1d82afeb6e72b4

    • SHA256

      eb87dd5ca31a26b9d8a8bc650c324b49027d38242ffc71a89b04e0aae8b4cb4b

    • SHA512

      8dc96be4781bb08b1dcbc3205f59eac592285e98a349a330301ab32e81a25beebd9224880215c62e431d9926c7ed0433e886b61730ada1012ca2f907fcceb263

    Score
    1/10

MITRE ATT&CK Matrix

Tasks

static1

Score
7/10

behavioral1

hydrabankerevasioninfostealerstealthtrojan
Score
10/10

behavioral2

hydrabankerinfostealertrojan
Score
10/10

behavioral3

hydrabankerinfostealertrojan
Score
10/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10