Overview
overview
10Static
static
7a8d120589c...66.apk
android-9-x86
10a8d120589c...66.apk
android-10-x64
10a8d120589c...66.apk
android-11-x64
10help.htm
android-9-x86
help.htm
android-10-x64
help.htm
android-11-x64
help_cs.htm
android-9-x86
help_cs.htm
android-10-x64
help_cs.htm
android-11-x64
help_de.htm
android-9-x86
help_de.htm
android-10-x64
help_de.htm
android-11-x64
help_es.htm
android-9-x86
help_es.htm
android-10-x64
help_es.htm
android-11-x64
help_ru.htm
android-9-x86
help_ru.htm
android-10-x64
help_ru.htm
android-11-x64
help_uk.htm
android-9-x86
help_uk.htm
android-10-x64
help_uk.htm
android-11-x64
license.htm
android-9-x86
license.htm
android-10-x64
license.htm
android-11-x64
playstore.htm
android-9-x86
playstore.htm
android-10-x64
playstore.htm
android-11-x64
totalcmd_d...ng.htm
android-9-x86
totalcmd_d...ng.htm
android-10-x64
totalcmd_d...ng.htm
android-11-x64
totalcmd_p...cy.htm
android-9-x86
totalcmd_p...cy.htm
android-10-x64
Analysis
-
max time kernel
519616s -
max time network
152s -
platform
android_x64 -
resource
android-x64-arm64-20230831-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230831-enlocale:en-usos:android-11-x64system -
submitted
11-10-2023 13:36
Static task
static1
Behavioral task
behavioral1
Sample
a8d120589c953cfb08c0b5d20482e0c21e5afc30b9b3635144de3fb019c19c66.apk
Resource
android-x86-arm-20230831-en
Behavioral task
behavioral2
Sample
a8d120589c953cfb08c0b5d20482e0c21e5afc30b9b3635144de3fb019c19c66.apk
Resource
android-x64-20230831-en
Behavioral task
behavioral3
Sample
a8d120589c953cfb08c0b5d20482e0c21e5afc30b9b3635144de3fb019c19c66.apk
Resource
android-x64-arm64-20230831-en
Behavioral task
behavioral4
Sample
help.htm
Resource
android-x86-arm-20230831-en
Behavioral task
behavioral5
Sample
help.htm
Resource
android-x64-20230831-en
Behavioral task
behavioral6
Sample
help.htm
Resource
android-x64-arm64-20230831-en
Behavioral task
behavioral7
Sample
help_cs.htm
Resource
android-x86-arm-20230831-en
Behavioral task
behavioral8
Sample
help_cs.htm
Resource
android-x64-20230831-en
Behavioral task
behavioral9
Sample
help_cs.htm
Resource
android-x64-arm64-20230831-en
Behavioral task
behavioral10
Sample
help_de.htm
Resource
android-x86-arm-20230831-en
Behavioral task
behavioral11
Sample
help_de.htm
Resource
android-x64-20230831-en
Behavioral task
behavioral12
Sample
help_de.htm
Resource
android-x64-arm64-20230831-en
Behavioral task
behavioral13
Sample
help_es.htm
Resource
android-x86-arm-20230831-en
Behavioral task
behavioral14
Sample
help_es.htm
Resource
android-x64-20230831-en
Behavioral task
behavioral15
Sample
help_es.htm
Resource
android-x64-arm64-20230831-en
Behavioral task
behavioral16
Sample
help_ru.htm
Resource
android-x86-arm-20230831-en
Behavioral task
behavioral17
Sample
help_ru.htm
Resource
android-x64-20230831-en
Behavioral task
behavioral18
Sample
help_ru.htm
Resource
android-x64-arm64-20230831-en
Behavioral task
behavioral19
Sample
help_uk.htm
Resource
android-x86-arm-20230831-en
Behavioral task
behavioral20
Sample
help_uk.htm
Resource
android-x64-20230831-en
Behavioral task
behavioral21
Sample
help_uk.htm
Resource
android-x64-arm64-20230831-en
Behavioral task
behavioral22
Sample
license.htm
Resource
android-x86-arm-20230831-en
Behavioral task
behavioral23
Sample
license.htm
Resource
android-x64-20230831-en
Behavioral task
behavioral24
Sample
license.htm
Resource
android-x64-arm64-20230831-en
Behavioral task
behavioral25
Sample
playstore.htm
Resource
android-x86-arm-20230831-en
Behavioral task
behavioral26
Sample
playstore.htm
Resource
android-x64-20230831-en
Behavioral task
behavioral27
Sample
playstore.htm
Resource
android-x64-arm64-20230831-en
Behavioral task
behavioral28
Sample
totalcmd_datenschutzerklaerung.htm
Resource
android-x86-arm-20230831-en
Behavioral task
behavioral29
Sample
totalcmd_datenschutzerklaerung.htm
Resource
android-x64-20230831-en
Behavioral task
behavioral30
Sample
totalcmd_datenschutzerklaerung.htm
Resource
android-x64-arm64-20230831-en
Behavioral task
behavioral31
Sample
totalcmd_privacy_policy.htm
Resource
android-x86-arm-20230831-en
Behavioral task
behavioral32
Sample
totalcmd_privacy_policy.htm
Resource
android-x64-20230831-en
General
-
Target
a8d120589c953cfb08c0b5d20482e0c21e5afc30b9b3635144de3fb019c19c66.apk
-
Size
2.1MB
-
MD5
9c5ff70c77af1a4e0d85d9f1ad4413fb
-
SHA1
a63125f958524cf3a5bd4715074dd87b61b0c9dc
-
SHA256
a8d120589c953cfb08c0b5d20482e0c21e5afc30b9b3635144de3fb019c19c66
-
SHA512
ec6b6057a96f002ab6bd2d65caac27ad73e10b191b6d4ace29043770a2df61108685f08e5618458bd50c3387658cbe6d69adb2afffde53acf006ea82176a31d1
-
SSDEEP
49152:4bcOkWKBs6BJPZwxitfcbE1Nyvk4wW50lbNmQqM8DWi1B4O:4bc1u6XPlN18+N9nuD
Malware Config
Extracted
hydra
http://ikincikahromesdod.net
Signatures
-
Hydra
Android banker and info stealer.
-
Hydra payload 2 IoCs
resource yara_rule behavioral3/memory/4523-0.dex family_hydra1 behavioral3/memory/4523-0.dex family_hydra2 -
Makes use of the framework's Accessibility service. 2 IoCs
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.payment.whale Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.payment.whale -
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.payment.whale/app_DynamicOptDex/anyOSUp.json 4523 com.payment.whale -
Requests enabling of the accessibility settings. 1 IoCs
description ioc Process Intent action android.settings.ACCESSIBILITY_SETTINGS com.payment.whale -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 29 ip-api.com -
Reads information about phone network operator.
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD5c7c1db6983e11cf4d40c7ead5dd2edf7
SHA1dbd1168f748b624629990c0121a0f56b2fcf5c36
SHA2566e5d9094e58f675dcb474a4b5db19db8e6f55b8b74c5a0eadcb839839c9f3ac1
SHA51275b34d9da722897bef1108553bedae2bc60f81e653e5bb306f060ea32a05cf8c2dc54bce444ef4b9e373fd67932d6a5f61312d853bf70d10fff044556e367d3a
-
Filesize
1.3MB
MD51a6ec1793372ff4f292482d59f699650
SHA104fc6bb65db8bf55751172dfda47c27765ae2f90
SHA256b2e9333f4549c67a68ca20593d4396a574afa3ac7aecbba943af57e48def0887
SHA5128c273c92d67d7a8d53a7ca313f139f9fe2d7b39b8b9315da62f30ee31dde86447a7eb38c6a3c9a09f17574cca9b70ba9e20c2d2ae27a03c44b31bae3a99fb8f7
-
Filesize
3.6MB
MD596b1a5462bede312113ea1aa86407aa1
SHA10e038706aa39226e130552e80dacb1976fc60da5
SHA25696b187cbda3239fd0e0a691c69578cd1ba59fdd976afab49e689341a159b4608
SHA512c3242d13108dbb23c52d56a156ed5d9297b1f24ebd1becdcf4a5d13dc69554cd666a79c4fcb87f73d444a4d02d00e95782360da2509101db05d898c3b2059ce6