Overview

overview

10

Static

static

7

c41eb0c8ad...68.apk

android-9-x86

10

c41eb0c8ad...68.apk

android-10-x64

10

c41eb0c8ad...68.apk

android-11-x64

10

HM_JsBridge.js

windows7-x64

1

HM_JsBridge.js

windows10-2004-x64

1

consentform.html

windows7-x64

1

consentform.html

windows10-2004-x64

1

Analysis

  • max time kernel
    1068232s
  • max time network
    154s
  • platform
    android_x64
  • resource
    android-x64-arm64-20230831-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230831-enlocale:en-usos:android-11-x64system
  • submitted
    17-10-2023 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c41eb0c8ad6b311a8eabd431fecbfc3ff578514189c5a75d65604316546cb368.apk

  • Size

    3.0MB

  • MD5

    bc34c1b3599c5d369491c763c9c4813a

  • SHA1

    d21f63841d0a8827bb8f40d8e6cfddeb50ba6086

  • SHA256

    c41eb0c8ad6b311a8eabd431fecbfc3ff578514189c5a75d65604316546cb368

  • SHA512

    1815ce8a2423d4cdd4982392f3de8b75e3dae75b7e9d682368db7227f5f29da70c0a24fdc878fc02761e621e6f7e744f4f65d26450ae86bb0bae6eafc3a82c70

  • SSDEEP

    49152:T8krsWTxBtwrjxS+LxIvKwwc5gsvL0m2zcTqSYi0J0801E/HnNAiPcl1dIpkJjRd:45VxxPJsT0m9qSYVNASMX1wEjH

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Extracted

Family

hydra

C2

http://wandawolmentokez.com

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 2 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • com.exhaust.shed
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    PID:4528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.exhaust.shed/app_DynamicOptDex/kGp.json
    Filesize

    973KB

    MD5

    0ff317d630a8537c52aff1d7c8c41242

    SHA1

    72e5447e409509732e60229cf1939d156e879f6f

    SHA256

    1dbce6b9fac5b443a59c9c03d31dde3a34319d9b77b76db2b7f509d4a95a2c74

    SHA512

    e5179bcafa57d60a6d26db5235f2b085e17179d1cbc7b27e87a9f3971af734b1c3d7df5e0701031804d876d9445c7f4afbdf9c39a0c45b837c0c1475fd1421bb

    Download Submit

  • /data/user/0/com.exhaust.shed/app_DynamicOptDex/kGp.json
    Filesize

    973KB

    MD5

    bc30d59661045c0900729d7054aa1522

    SHA1

    24524b50319c59b22b3373de021c3b9493543498

    SHA256

    d26a5574dd9239f27196f163d272bcbd2611f6fec6cf05f48fdc58e5916ea8aa

    SHA512

    9d30f8e0e8018d8912076dd1cb84a205753b280c915e7ca6321c738961e4582d880c3aa7a0013a448ea227d6c7e0e25d94e058af0c0f994ffc0e8d509f6b19ff

    Download Submit

  • /data/user/0/com.exhaust.shed/app_DynamicOptDex/kGp.json
    Filesize

    2.2MB

    MD5

    481a5e28db38dfa53ff9c07fe433e1a8

    SHA1

    71a7e81b6abdc8813dbbd2009106cc70325db4c1

    SHA256

    266ce8f9574d517f9726134c8b4f748699def03c85a414e38a247e369334eb56

    SHA512

    9e248eada176f3ab7a56539ed3c7d8b0cac57b95cec88051fc702cdc17af1f86799e5300f341f8f6b621a7d7706bc98d3fb3052ed34b645eac2e5be87db7224e

    Download Submit