Overview

overview

10

Static

static

7

817dd433f3...93.apk

android-9-x86

10

817dd433f3...93.apk

android-10-x64

10

817dd433f3...93.apk

android-11-x64

10

createjs-2...min.js

windows7-x64

1

createjs-2...min.js

windows10-2004-x64

1

vpaid_html...e.html

windows7-x64

1

vpaid_html...e.html

windows10-2004-x64

1

webClipper.js

windows7-x64

1

webClipper.js

windows10-2004-x64

1

Analysis

  • max time kernel
    808880s
  • max time network
    153s
  • platform
    android_x86
  • resource
    android-x86-arm-20230831-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20230831-enlocale:en-usos:android-9-x86system
  • submitted
    14-10-2023 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    817dd433f3854717f8923d0b91daa9616bf22872cf4f30f5278f63fc310a9693.apk

  • Size

    3.1MB

  • MD5

    590f836626e83e163b57e9aaba3550f6

  • SHA1

    c9c1a7ede7fd212ae42dd55314cefcb75d0d2da3

  • SHA256

    817dd433f3854717f8923d0b91daa9616bf22872cf4f30f5278f63fc310a9693

  • SHA512

    9e770d2483f0f3fe1c0c4f7544b89d77437f86fbffe4188c1399499c24dfd27348696abd9edc9803c399d76a6f77d641dd892b7c625f6f2f56844197f73ff365

  • SSDEEP

    98304:g4tzA6xu3CtC+YiS7CdgF30Ky8mhQZfr5P:g4txxu3ACaS7Cc30KyWF

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 2 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • com.motor.hobby
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    PID:4135

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.motor.hobby/app_DynamicOptDex/Hed.json
    Filesize

    1.9MB

    MD5

    fbdce6eaf430f1d1ca19ce9780de2ead

    SHA1

    2f6d27bfad0e7bc68fd6060f297a017e2fba1991

    SHA256

    0bb6c29c47280a79f2bc8aa1af9a3bf28a6288a8cba579baed23bfa6a4b38ee5

    SHA512

    0c85a7c19b2168df5f37781e07c9835553fd20a6f94d0a44b3a7c0319f2da7cdae1570ba3e904b9fd57e4ca8639f333cd9ec706466855ae1202b99d232993c15

    Download Submit
  • /data/data/com.motor.hobby/app_DynamicOptDex/Hed.json
    Filesize

    1.9MB

    MD5

    ac1cc071f5c9c80e172247523155b185

    SHA1

    48d92e47974304f4d37372bc94dfb3332b2661d7

    SHA256

    5be3a339a1beea789e0c783fb5d3281fc1d4a3313f3c2e61b8983a925ca430ff

    SHA512

    fe196025fccab621166a7107bb735a9956aec44670ef1636a453af75268ddaab46b315c251107819df4d8377c06c4e2377dc2df0d1fd7722f7bf0cfd44c2de89

    Download Submit
  • /data/data/com.motor.hobby/app_DynamicOptDex/oat/Hed.json.cur.prof
    Filesize

    1KB

    MD5

    8ae8151115a2d33c88df0368e08db4d4

    SHA1

    7f7c0f14361fd0e4f8f86b9cce77e4754a9243ce

    SHA256

    f8a9b968dc6000a42e2e79456cf90a4c75b872f46f03cc716d5885a27378eeed

    SHA512

    4b88a07710de58ecbcdaf8efd13dba7a65d8b0a6c01c272efe0b462d13fa057e1c4a22540f1f02336f6cd5580ac19af9e7e2d05285c03eeea60c0ff249b6032f

    Download Submit
  • /data/user/0/com.motor.hobby/app_DynamicOptDex/Hed.json
    Filesize

    5.0MB

    MD5

    5c031c79dbe11082ece199a62aa471b7

    SHA1

    1a7e2d5b8b524c0fd1082fcb564ef2e6095c8ccc

    SHA256

    60e34f9cbd66cce374fcecbc92e209f6593c4b109795bb0ad48b37756d5fd3ee

    SHA512

    dd2fb0bdfcf10f9a40544ff59cb8b13824ee8b791e6b040047bf069ecc39af292f025146764a2e7b5c18fa8858aafbfff2ea6b4b096c904a216f6a6412605681

    Download Submit