Overview

overview

10

Static

static

7

e6e8a3b095...dd.apk

android-9-x86

10

e6e8a3b095...dd.apk

android-10-x64

10

e6e8a3b095...dd.apk

android-11-x64

10

help.htm

android-9-x86

help.htm

android-10-x64

help.htm

android-11-x64

help_cs.htm

android-9-x86

help_cs.htm

android-10-x64

help_cs.htm

android-11-x64

help_de.htm

android-9-x86

help_de.htm

android-10-x64

help_de.htm

android-11-x64

help_es.htm

android-9-x86

help_es.htm

android-10-x64

help_es.htm

android-11-x64

help_ru.htm

android-9-x86

help_ru.htm

android-10-x64

help_ru.htm

android-11-x64

help_uk.htm

android-9-x86

help_uk.htm

android-10-x64

help_uk.htm

android-11-x64

license.htm

android-9-x86

license.htm

android-10-x64

license.htm

android-11-x64

playstore.htm

android-9-x86

playstore.htm

android-10-x64

playstore.htm

android-11-x64

totalcmd_d...ng.htm

android-9-x86

totalcmd_d...ng.htm

android-10-x64

totalcmd_d...ng.htm

android-11-x64

totalcmd_p...cy.htm

android-9-x86

totalcmd_p...cy.htm

android-10-x64

Analysis

  • max time kernel
    521413s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20230831-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20230831-enlocale:en-usos:android-9-x86system
  • submitted
    11-10-2023 14:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e6e8a3b095a35a5267ec188b7d2d0aec7dc43a439bdd08c16fa178e865ed91dd.apk

  • Size

    2.2MB

  • MD5

    2b92e47e75491696b9b6837b699c5731

  • SHA1

    e5310aad29b8bd15282ec76158f75ffb6a4517fa

  • SHA256

    e6e8a3b095a35a5267ec188b7d2d0aec7dc43a439bdd08c16fa178e865ed91dd

  • SHA512

    0c9050063d11260d1d4821601ccb7a468c5ed8e7cbfbe8ea4038db1a8e64ef96581a8575e23034d0db6e0751af56a0a41100de2d3ba499a7bb4979b3adde25b4

  • SSDEEP

    49152:wVmK5wMuIHKG27bCAQWGY0albepu4+FhiW5/mcTSadBmYplM/deLww:wVrWiKG+zQTYHlKuhiW5u0dYYlxr

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Extracted

Family

hydra

C2

http://finloacramekries.info

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 4 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • com.island.parent
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    PID:4164
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.island.parent/app_DynamicOptDex/mGmUm.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.island.parent/app_DynamicOptDex/oat/x86/mGmUm.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4189

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.island.parent/app_DynamicOptDex/mGmUm.json
    Filesize

    1.3MB

    MD5

    44b4d58e276b88bde7f7bb1a9b36d497

    SHA1

    8ac7377e07fa61769da51670241d59d0a58155aa

    SHA256

    006101b26b3074e620159ce46cea7d52721162d548f25f3ba11feb8f757a782d

    SHA512

    216af74ba7464760ecaddb66d21f6ed021546c9f72edcd9f8bc3bf7cc95969994c872e4c52520be0c0f26240775b3c9b5c7dba697f280d99e5a514e60a43ec79

    Download Submit
  • /data/data/com.island.parent/app_DynamicOptDex/mGmUm.json
    Filesize

    1.3MB

    MD5

    ab3ea9aaf2f3b541aed1b57d794a7d30

    SHA1

    bd8273224e799dbf5ab383ae42f982a887b11afe

    SHA256

    05e99540d038cefdf462676aa7d493458cfc0cdccf2ea024092c5e72b7355d57

    SHA512

    622ca673b6f3b052405efad0b277cd6e37368d9a2753db2ca460d8f85e836fa0391b13381537ae94f03bb9b5b6b55f1c71e57c823c054712db393f601c4cd694

    Download Submit
  • /data/data/com.island.parent/app_DynamicOptDex/oat/mGmUm.json.cur.prof
    Filesize

    684B

    MD5

    eb04a9011aeabf7f2b98a395f28c65af

    SHA1

    26145bb2324ae8fe559e55004eb1235f554ceaf0

    SHA256

    f86a07c908a3c8fa56a95ab07b89fc97effec568dea736d31d0204dd826c0b7c

    SHA512

    f25eda2cb9c6cd082243fed8a0ca05ecdd20e83585c507a6b483ffe39bb76fa0dc9f56497ffc5a67290860e134c777ce283020841188320f5683089e5c929970

    Download Submit
  • /data/user/0/com.island.parent/app_DynamicOptDex/mGmUm.json
    Filesize

    3.6MB

    MD5

    fc8d3a2be76919ed7e9ff06eb24489a9

    SHA1

    eeab5aaba0cd036a9e07d2aa7a0ac4c56b209b86

    SHA256

    45be53b5b3f7e862a73e6d38856ed335596e8e84a187c9c5ea8026ce361917a0

    SHA512

    c75ac3e09d9a479f8e20d12deb1fe50301a3c76e91be7fbaa5ea8cf3b4be24dd740e6ce41c1275c0d6c3d3c517d73a88d189f76787405ec6a36e7a5a54c7da3a

    Download Submit
  • /data/user/0/com.island.parent/app_DynamicOptDex/mGmUm.json
    Filesize

    3.6MB

    MD5

    f1f776d88088f977dfa9517ded30588d

    SHA1

    cbf0211b2e776ccf0c68a3d26ad95e7c87e87c7a

    SHA256

    0009c07ca42c98334458cc1cf869c7689276be0a230c5c5cbc14217ce85e1c97

    SHA512

    020b8c08692cf48d632c88fbac98c7580965990062182e88ac1e929c4252916be51117b79ab7613c01c4ce0e6a39bbb2400af304f887a42adeeb8f672ad0e962

    Download Submit