Overview

overview

10

Static

static

7

390baefed2...1e.apk

android-9-x86

10

390baefed2...1e.apk

android-10-x64

10

390baefed2...1e.apk

android-11-x64

10

disney.js

windows7-x64

1

disney.js

windows10-2004-x64

1

googlephoto.js

windows7-x64

1

googlephoto.js

windows10-2004-x64

1

hbomax.js

windows7-x64

1

hbomax.js

windows10-2004-x64

1

netflix.js

windows7-x64

1

netflix.js

windows10-2004-x64

1

web.js

windows7-x64

1

web.js

windows10-2004-x64

1

Analysis

  • max time kernel
    588068s
  • max time network
    164s
  • platform
    android_x64
  • resource
    android-x64-20230831-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20230831-enlocale:en-usos:android-10-x64system
  • submitted
    11-10-2023 17:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    390baefed293313a4d6fdb37fe774090249455011e5fe82f44afca467f62881e.apk

  • Size

    3.3MB

  • MD5

    f8b60a66343ad882cb1cfece12e5b94e

  • SHA1

    0e17700551d094a8c6c1fedc6d1f114fa5ace804

  • SHA256

    390baefed293313a4d6fdb37fe774090249455011e5fe82f44afca467f62881e

  • SHA512

    379fd7f886b789ad32f2e3989c2f9421099dcf5db0b977c6196680da61cab291ff6635b537a5a3f902877baf0bf7da7f84a9ea4ba088879431b8276d91a0d85e

  • SSDEEP

    98304:Smj38THkGH+he0YwzMlmW1yM/th0MyIEZWbPQqx:R87kGebYwzMUAV/T0My1ZWD3x

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 2 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • com.glad.word
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    PID:5057

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.glad.word/app_DynamicOptDex/GWHMtIa.json
    Filesize

    1.9MB

    MD5

    b91c5947c02acaaec25a8ad1d9dd9ceb

    SHA1

    aabe47c378c2494530a4f052925fd36db569a082

    SHA256

    4fbf723701a167114afa782a78078e108175af7eeac7b63aaeea2129eb3232e0

    SHA512

    7bc49c0c43b39197c70c5b1405b8a682b29b61cc1d1effbd65a807797914d4ece7e454b550e63df4f31b037ca4d2728a39fb105ff06717f6ccd1035dc6e27b03

    Download Submit

  • /data/data/com.glad.word/app_DynamicOptDex/GWHMtIa.json
    Filesize

    1.9MB

    MD5

    1c0df5829844fd96e982249581eeb1f8

    SHA1

    bba71fecba984a32ca8a98293ea818377cd54990

    SHA256

    dbf3455a92dd10a27aeb007054e90f0ae9852d89c240ef402e760ad3d228a5a2

    SHA512

    d214993c7354ed08d74ce360c0df4839f2099bf2dbcca649b1f1527d8850c8cacd4fff8cef5477cb6850975b470a86c685251441307f1290bbe57f7987f6da9a

    Download Submit

  • /data/data/com.glad.word/app_DynamicOptDex/oat/GWHMtIa.json.cur.prof
    Filesize

    1KB

    MD5

    d8010aafd0e00c440ff830ee8d9ae2a3

    SHA1

    4713558e92285620b14e5369499f76c3df417548

    SHA256

    c05e27f48c8de2e1b7903c3220ba63d3d6b7e22422463645d332581d6b7deb35

    SHA512

    11e863a211bc790c8edaa84ed8c1fd4f5360a6e124ab76b2953d286baede7ac96f89fb034ec47faf68af4ab0fcdacec8c22d5b50b1b2569b7ccb04e6b11998e5

    Download Submit

  • /data/user/0/com.glad.word/app_DynamicOptDex/GWHMtIa.json
    Filesize

    5.0MB

    MD5

    33c7c9950172a836259776101bcac096

    SHA1

    f5c8598a28eec0bebf7e07fc23512c89b30472d6

    SHA256

    dc302c0fd08473b5916fc3d26a8035df332391d9535da610c52fcb2ec48d55ef

    SHA512

    75b0ed13a94fabe307c48971cf13150c9c3ab9f4c4128bcb1d71519b4d2aff2221f72e7174970b468ff00b09ad9c9ac613e6de586668fc6f9ed085366b35286d

    Download Submit