Overview

overview

10

Static

static

7

b59d430797...fc.apk

android-9-x86

10

b59d430797...fc.apk

android-10-x64

10

b59d430797...fc.apk

android-11-x64

10

bootstrap.min.js

windows7-x64

1

bootstrap.min.js

windows10-2004-x64

1

epl1.html

windows7-x64

1

epl1.html

windows10-2004-x64

1

gpl_3.html

windows7-x64

1

gpl_3.html

windows10-2004-x64

1

howto.html

windows7-x64

1

howto.html

windows10-2004-x64

1

jquery-2.1.1.min.js

windows7-x64

1

jquery-2.1.1.min.js

windows10-2004-x64

1

keyboard.js

windows7-x64

1

keyboard.js

windows10-2004-x64

1

mit.html

windows7-x64

1

mit.html

windows10-2004-x64

1

mpl2.html

windows7-x64

1

mpl2.html

windows10-2004-x64

1

mraid.js

windows7-x64

1

mraid.js

windows10-2004-x64

1

mraid3.js

windows7-x64

1

mraid3.js

windows10-2004-x64

1

omsdk-v1.js

windows7-x64

1

omsdk-v1.js

windows10-2004-x64

1

privacypolicy.html

windows7-x64

1

privacypolicy.html

windows10-2004-x64

1

ui.js

windows7-x64

1

ui.js

windows10-2004-x64

1

Analysis

  • max time kernel
    1091924s
  • max time network
    155s
  • platform
    android_x86
  • resource
    android-x86-arm-20230831-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20230831-enlocale:en-usos:android-9-x86system
  • submitted
    13-10-2023 04:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b59d43079747f8f280d0f2080cbee060e9fb7d3e0ccdd2882f6f5ffcac350efc.apk

  • Size

    3.2MB

  • MD5

    28e8e9410267495b26dac4e384d7d738

  • SHA1

    35e4c10b45c3354a32cd8e57bf1884e06a42988b

  • SHA256

    b59d43079747f8f280d0f2080cbee060e9fb7d3e0ccdd2882f6f5ffcac350efc

  • SHA512

    073140a03ee40e9589a40c0c9fff205c60e9aef333989ddda01aa43bf1e6cb708e756a00edc8ccd2b6fb9d247d17f0763c1603ff4b46226d0cf4c45e583a4c99

  • SSDEEP

    98304:WeBihQKs25/JKqFA3jA0VQMULcIyEJmdzFTUFqdtCryR:XZkKqF6A0VQ7JyEJGzmqvCGR

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Extracted

Family

hydra

C2

http://polkamoturnos.com

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 4 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • com.virus.medal
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    PID:4172
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.virus.medal/app_DynamicOptDex/rFaq.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.virus.medal/app_DynamicOptDex/oat/x86/rFaq.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4201

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.virus.medal/app_DynamicOptDex/oat/rFaq.json.cur.prof
    Filesize

    1KB

    MD5

    ee780e01d4f7eae05850a03000fdb5ca

    SHA1

    301293f918fdaf77a4d91d99582f520b65e4f5f9

    SHA256

    42019e737e02b2cfad38b70a3b5fa0874f5558a2684525b87c46e1fc720cc4ce

    SHA512

    604de7d58dd2836c3bdadf57d1f6067b5111903339e683c44a353931e8caffb18e846d8f12f513345b89b3f65a66028210822e2d812e3958276efce600491d28

    Download Submit

  • /data/data/com.virus.medal/app_DynamicOptDex/rFaq.json
    Filesize

    1.3MB

    MD5

    0a2754a0222186176cc7093cd5ca13da

    SHA1

    325223f01d6ce06092a87b44dc4a5ce32fe09226

    SHA256

    e58e8fad7b8904f7e950ee3b0577a93fd0bc25c5a7974d823dd9a468ed057120

    SHA512

    0467e4389e67283c4389e5b04b35a2c29910b27a41b3c97bdc463614b71d809d3bfdf2259b2c6bdb5cbf6ff61b3e86e5435847a2db60d9c7af12384071c82800

    Download Submit

  • /data/data/com.virus.medal/app_DynamicOptDex/rFaq.json
    Filesize

    1.3MB

    MD5

    6f8d0c43ba928b1362a744b37322c4ed

    SHA1

    8ce9cff444a2a394939c71c0f2d98743a57a104e

    SHA256

    f6a4e0a1eaee870d7224f7d9455dd4775d3ef6a65eb63d0b4261c3bc785e4329

    SHA512

    c64ceefaab1af30716bebc4ed00a8b3af69d7f9f0d3e83f224565d1ed1737b153eb9b088171799bdafe7735bba186fd53ff11669c45c9297639b3e7a90990523

    Download Submit

  • /data/user/0/com.virus.medal/app_DynamicOptDex/rFaq.json
    Filesize

    3.6MB

    MD5

    69caa044aa8182d795f0d53c4e90025e

    SHA1

    c84683c65911d78bc89b3f047a70984666980945

    SHA256

    b4c743a75e1bc375fee5c148c454500f3ec1074fdfc522e950bd5c01a8049dde

    SHA512

    c80b8bc2fe05c215263725fbcab70b39aaf4793dc6ab70fb4b5202a6086cdb0e52cf90cbe2dbeab0f1717e25b054219bdc10478eb258d0918595d070ba1e366c

    Download Submit

  • /data/user/0/com.virus.medal/app_DynamicOptDex/rFaq.json
    Filesize

    3.6MB

    MD5

    117cdf3d73499a5cda6d1f361b37712f

    SHA1

    c45bd1aaae9da1bc6e064eb83a95e99196f827ed

    SHA256

    a65a79a43f77cb8ce44d674b0285012f059c41501825f881e8ddc53f4d47268a

    SHA512

    572549870c72fad3cd88f08dd9602ba265213ec11119a4d5e1c86da2e3c6dc1b66fc893496f5a936356e380016c52cdb0d1f7eb5933e8793a98450aa587d37ec

    Download Submit