Overview

overview

10

Static

static

7

800314641b...88.apk

android-10-x64

10

800314641b...88.apk

android-9-x86

10

Analysis

  • max time kernel
    528094s
  • max time network
    132s
  • platform
    android_x64
  • resource
    android-x64-20230831-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20230831-enlocale:en-usos:android-10-x64system
  • submitted
    11-10-2023 15:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    800314641bb3520cdd6b776fec1ad58abc50164c452d3bf350b7d1fd7c3abf88.apk

  • Size

    3.3MB

  • MD5

    d27538ac77db11598e49713982d2e7d9

  • SHA1

    5a44571b96e002d7faaba95d49d16bd1d296fe98

  • SHA256

    800314641bb3520cdd6b776fec1ad58abc50164c452d3bf350b7d1fd7c3abf88

  • SHA512

    49eb797e7ff6e2ddef7978bc32280eec6dcd4c5a55674ddafcd515089629c68c8c49ef6f44c86d76dd668584f79e332f9b7bc1c08640d6307f5dcbd0d31dd4b5

  • SSDEEP

    98304:je5ZHZmUaOg6DL1TYMAX9Xam0iRVbS7DtSjpYkyAGSMlx4:a5NdaOD/5k9am0ibbSsj+JAGLE

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Extracted

Family

hydra

C2

http://dolliemcnamara85483.top

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 2 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • com.piece.slot
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    PID:5034

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.piece.slot/app_DynamicOptDex/QfGRuK.json
    Filesize

    1.3MB

    MD5

    805946060690b212c10f94df302006de

    SHA1

    8a0be46ee48ba29c57fc59840f7fdb2b436f93cf

    SHA256

    dde0a8a189d98137d043d867cad77f26773b254801e03ab0a43c4391bd354a25

    SHA512

    6c1101844e05c85dd81a70903f7725b48e0824eecb0d5bbacb9aa9ab2a6ce9d047a5fac155575241f035eb3f16488742b50fe7fd169cdd7c6c03e8c50c215d2c

    Download Submit

  • /data/data/com.piece.slot/app_DynamicOptDex/QfGRuK.json
    Filesize

    1.3MB

    MD5

    93434c58ce91ffde5e52a574653d9209

    SHA1

    4527bb56180ae1f7b7cd04d92c945cf9bbb99db8

    SHA256

    025fff19f5961d895f3b761d1a8665be4edf3cf079d11f852287e3b4ab944fc2

    SHA512

    bfb6f24c0f7f7d541ef552b7ee41621c552ebcf036309e4d8d3891fa951d57623d09bf9c8e8310c7bd15e0e76c8a1b8559e7f9aa97a78a14d29e59fa2ff76830

    Download Submit

  • /data/data/com.piece.slot/app_DynamicOptDex/oat/QfGRuK.json.cur.prof
    Filesize

    1KB

    MD5

    fa4963dfb80e25b656a67023fcc8446c

    SHA1

    34483159f1cfa5ba21be7c570f7f4e3b5c286b0e

    SHA256

    3c5a0f56416f3fdcc77636c4c456ee78c670fbf96c3b39b65cbde3eb9b21f033

    SHA512

    ac3e5e9e17469c4d6063b5d7853701240cc9657a3d95898703136d4a2796259f0d7bc1c330831cf4a505d70691bd17a16e11023f6aef2705538818ebbdffd270

    Download Submit

  • /data/user/0/com.piece.slot/app_DynamicOptDex/QfGRuK.json
    Filesize

    3.6MB

    MD5

    4169dbf7104b8c87b3aaeb6126f085e3

    SHA1

    ad49472bf0a41ff8392531b2f7002b54ef722dc9

    SHA256

    c22a9b2bbe5ad70fe85bf2604c0536493ac6c0ce314c16854a855eae2f50ba93

    SHA512

    1b997729320e97ec9c5c5de23ee540a6f5758d419d6a776c6f4856954467439a451bbcf535c2c868c77c549c3d929857a995572441d69deb04f4520a38f0e08c

    Download Submit