Overview

overview

10

Static

static

7

1ebdbd1ae1...da.apk

android-9-x86

10

1ebdbd1ae1...da.apk

android-10-x64

10

1ebdbd1ae1...da.apk

android-11-x64

1

tcaptcha_webview.html

windows7-x64

1

tcaptcha_webview.html

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1ebdbd1ae10055d0dc0d56944788df673b866d6fdcf9d9b071b9a5d8798d6dda.bin

  • Size

    3.3MB

  • Sample

    231013-fc8hraec8w

  • MD5

    8530ca90408626a621b4d13993f693fe

  • SHA1

    12fccd12017eaa691d5decc67587807972214518

  • SHA256

    1ebdbd1ae10055d0dc0d56944788df673b866d6fdcf9d9b071b9a5d8798d6dda

  • SHA512

    d7fb121cc8db08a0692c2cb5fc7757215333ea59079cbfb9cd5680e8bca2de85c3d1fb7af43b402c94f1d60a6926da8e795c430628165ada0ebe5b211e418e6b

  • SSDEEP

    98304:eYt86ltxMwBlAVKKF8EfRtG/tTHBbsngT:xt86nxbBSlpRtGBl

Score
10/10
hydraandroidbankerinfostealertrojan

Malware Config

Extracted

Family

hydra

C2

http://carmonuletusoaszs.net

Targets

    • Target

      1ebdbd1ae10055d0dc0d56944788df673b866d6fdcf9d9b071b9a5d8798d6dda.bin

    • Size

      3.3MB

    • MD5

      8530ca90408626a621b4d13993f693fe

    • SHA1

      12fccd12017eaa691d5decc67587807972214518

    • SHA256

      1ebdbd1ae10055d0dc0d56944788df673b866d6fdcf9d9b071b9a5d8798d6dda

    • SHA512

      d7fb121cc8db08a0692c2cb5fc7757215333ea59079cbfb9cd5680e8bca2de85c3d1fb7af43b402c94f1d60a6926da8e795c430628165ada0ebe5b211e418e6b

    • SSDEEP

      98304:eYt86ltxMwBlAVKKF8EfRtG/tTHBbsngT:xt86nxbBSlpRtGBl

    Score
    10/10
    hydrabankerinfostealertrojan

    • Hydra

      Android banker and info stealer.

      bankertrojaninfostealerhydra

    • Hydra payload

    • Makes use of the framework's Accessibility service.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

    behavioral1behavioral2behavioral3

    • Target

      tcaptcha_webview.html

    • Size

      2KB

    • MD5

      91da5d9997c1e6e88bb16013fd2972a4

    • SHA1

      5678df78fe5f83ce2a0012246aa1bf9f625c5851

    • SHA256

      15faa9670379fd4c06bff363d2eec13db8ec0c61a0d7e5b59cf6db7b84eda125

    • SHA512

      f79bb52639cd1f6d889623c8204d9fb3b0d9669a966f48971911b39fe3a1bc95ba8285d24fec9a5e15f4e560471eadbc3eb431403f659e7fcba2f663a0e32cf1

    Score
    1/10
    behavioral4behavioral5

MITRE ATT&CK Enterprise v15

Tasks