hydra | e6e8a3b095a35a5267ec188b7d2d0aec7dc43a439bdd08c16fa178e865ed91dd

Analysis

max time kernel
521421s
max time network
134s
platform
android_x64
resource
android-x64-arm64-20230831-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230831-enlocale:en-usos:android-11-x64system
submitted
11-10-2023 14:05

Target

e6e8a3b095a35a5267ec188b7d2d0aec7dc43a439bdd08c16fa178e865ed91dd.apk
Size

2.2MB
MD5

2b92e47e75491696b9b6837b699c5731
SHA1

e5310aad29b8bd15282ec76158f75ffb6a4517fa
SHA256

e6e8a3b095a35a5267ec188b7d2d0aec7dc43a439bdd08c16fa178e865ed91dd
SHA512

0c9050063d11260d1d4821601ccb7a468c5ed8e7cbfbe8ea4038db1a8e64ef96581a8575e23034d0db6e0751af56a0a41100de2d3ba499a7bb4979b3adde25b4
SSDEEP

49152:wVmK5wMuIHKG27bCAQWGY0albepu4+FhiW5/mcTSadBmYplM/deLww:wVrWiKG+zQTYHlKuhiW5u0dYYlxr

Score

10^/10

Family

hydra

http://finloacramekries.info

Hydra payload 2 IoCs

Processes:

resource	yara_rule
/data/user/0/com.island.parent/app_DynamicOptDex/mGmUm.json	family_hydra1
/data/user/0/com.island.parent/app_DynamicOptDex/mGmUm.json	family_hydra2

Makes use of the framework's Accessibility service. 2 IoCs

Processes:

com.island.parent

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.island.parent
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.island.parent

Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

com.island.parent

ioc pid process

/data/user/0/com.island.parent/app_DynamicOptDex/mGmUm.json 4482 com.island.parent
Requests enabling of the accessibility settings. 1 IoCs

Processes:

com.island.parent

description ioc process

Intent action android.settings.ACCESSIBILITY_SETTINGS com.island.parent
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

37 ip-api.com
Reads information about phone network operator.

ioc	pid	process
/data/user/0/com.island.parent/app_DynamicOptDex/mGmUm.json	4482	com.island.parent

description	ioc	process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.island.parent

flow	ioc
37	ip-api.com

/data/user/0/com.island.parent/app_DynamicOptDex/mGmUm.json
Filesize
1.3MB

MD5
44b4d58e276b88bde7f7bb1a9b36d497

SHA1
8ac7377e07fa61769da51670241d59d0a58155aa

SHA256
006101b26b3074e620159ce46cea7d52721162d548f25f3ba11feb8f757a782d

SHA512
216af74ba7464760ecaddb66d21f6ed021546c9f72edcd9f8bc3bf7cc95969994c872e4c52520be0c0f26240775b3c9b5c7dba697f280d99e5a514e60a43ec79

Download Submit
/data/user/0/com.island.parent/app_DynamicOptDex/mGmUm.json
Filesize
1.3MB

MD5
ab3ea9aaf2f3b541aed1b57d794a7d30

SHA1
bd8273224e799dbf5ab383ae42f982a887b11afe

SHA256
05e99540d038cefdf462676aa7d493458cfc0cdccf2ea024092c5e72b7355d57

SHA512
622ca673b6f3b052405efad0b277cd6e37368d9a2753db2ca460d8f85e836fa0391b13381537ae94f03bb9b5b6b55f1c71e57c823c054712db393f601c4cd694

Download Submit
/data/user/0/com.island.parent/app_DynamicOptDex/mGmUm.json
Filesize
3.6MB

MD5
f1f776d88088f977dfa9517ded30588d

SHA1
cbf0211b2e776ccf0c68a3d26ad95e7c87e87c7a

SHA256
0009c07ca42c98334458cc1cf869c7689276be0a230c5c5cbc14217ce85e1c97

SHA512
020b8c08692cf48d632c88fbac98c7580965990062182e88ac1e929c4252916be51117b79ab7613c01c4ce0e6a39bbb2400af304f887a42adeeb8f672ad0e962

Download Submit