General

  • Target

    bfb16d1190106657d4f1c190c313a91a9563028c5f0b8b10f198f802f9bb3f8b.bin

  • Size

    3.1MB

  • Sample

    231026-1xfnpagg2t

  • MD5

    3e5ad285d52d85c21e90ef0745e500ba

  • SHA1

    7102edcc2d35729840b6274b5ab23896797381d1

  • SHA256

    bfb16d1190106657d4f1c190c313a91a9563028c5f0b8b10f198f802f9bb3f8b

  • SHA512

    bab2dc47174d21842874c4ad9c8207bdd316df7e5dc0924e280b81d6d7758139a62af127720769daaf2f9428a61e42a35936cf0cca5345694d7d3c66250704d2

  • SSDEEP

    98304:X4Cd1luEfq5SBBoera1l8Dalc/IeGhOIo/fqk:N1xrBj+8D0Mkhg/1

Malware Config

Targets

    • Target

      bfb16d1190106657d4f1c190c313a91a9563028c5f0b8b10f198f802f9bb3f8b.bin

    • Size

      3.1MB

    • MD5

      3e5ad285d52d85c21e90ef0745e500ba

    • SHA1

      7102edcc2d35729840b6274b5ab23896797381d1

    • SHA256

      bfb16d1190106657d4f1c190c313a91a9563028c5f0b8b10f198f802f9bb3f8b

    • SHA512

      bab2dc47174d21842874c4ad9c8207bdd316df7e5dc0924e280b81d6d7758139a62af127720769daaf2f9428a61e42a35936cf0cca5345694d7d3c66250704d2

    • SSDEEP

      98304:X4Cd1luEfq5SBBoera1l8Dalc/IeGhOIo/fqk:N1xrBj+8D0Mkhg/1

    • Hydra

      Android banker and info stealer.

    • Hydra payload

    • Makes use of the framework's Accessibility service.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

    • Target

      AboutCompat.jsm

    • Size

      1KB

    • MD5

      9ed5f3d1f0b66b8b9109f363890911d4

    • SHA1

      3da740298ad83f466aaae4c00ec6f24a317a4edb

    • SHA256

      06ee5a15a4ddef85378ab928602959c7f8dc74a65c7faa5ed232b1356393abe1

    • SHA512

      f7650bb581e06f02231b46a86c76fb11bc1b784a58e3429b9e3739da500e9f0d39b7c82be62a67e80b6a5bea071e205fbe46a38853dd5106c6aaa75f808c053f

    Score
    1/10
    • Target

      MultiSelection.js

    • Size

      15KB

    • MD5

      d112dd41df1b2849e8e449ff1ce4ecf8

    • SHA1

      08763f64ad3a23fb8224fde24b252c20253d2c9a

    • SHA256

      f587e2b43dac4b31a0ddc213f94afe2288a90724c3ab36666755ade4f3abb98f

    • SHA512

      5dc80a1fa19005407f775cbad675a7cd5d2a46b584fabbe734a13200f89c9aeadb0667f5dd0fe66ac3cbc897362ceab15e86af728390168d09e06fed677e64b2

    • SSDEEP

      384:bfKwA8RkZzcpNLeN3lso+ozRARKqjFZ+vN:DjRkZzcpNLeGR/+vN

    Score
    1/10
    • Target

      aboutCompat.html

    • Size

      1KB

    • MD5

      c4c061b20041a0aed2607935b632d57e

    • SHA1

      43ca40859dc435fc1061c7a5a9700b0634951536

    • SHA256

      e2fddef0e9477e6c24dc3be592f69c1dfbcc0a1f5e4e738a034a8e58ad2b86f4

    • SHA512

      ca8ea99ad72e3043f41b6c55db20a8976fddc1cddac4c2501da0ce096c02393c8b031d1df3dbd26e5b82c8d742d30adce1c7c8e1463a88dbee67ef62171c8e72

    Score
    1/10
    • Target

      aboutCompat.js

    • Size

      7KB

    • MD5

      fadd3c3387d35a4d3015616804a7635b

    • SHA1

      d406de87b3fa0ac89a655a043e801df09f6c8f74

    • SHA256

      8fec69f0a1ce6dc98a9a3850a11c217f65ec15bd6dc69d516ebde3e69ce73865

    • SHA512

      b23328df0b413b5baca43d1d357b3d8b99f20f214192e67bc118fcda4bec08a070b5b5bccb3f6b25eb4d8e8bd38c9fd30733a8d3a1322b09695254e5b779ded5

    • SSDEEP

      192:Az8cQ/GjaemIP8NsrMQo9m8RMxlY4lkX5phWQjKgDs:oaVKkeu5pjDs

    Score
    1/10
    • Target

      aboutPage.js

    • Size

      1KB

    • MD5

      415c0b737da0f5021f0a740fe7d5f094

    • SHA1

      d79610b71dd27bb3d6e4c9d4aa288cc167abe226

    • SHA256

      87c3b8f16ca07bf713f08ec9c7c70745bf85e67cc2d93bdeb01e624b9dabe88e

    • SHA512

      f8c59a5db75a63979a7c2fc63301a59f36b8451d5a329756ec0fe6ebf3265714d64b3d85afaa5af03712613802fabbec23df6665722af95e92f4b059e09cf1b6

    Score
    1/10
    • Target

      aboutPageProcessScript.js

    • Size

      974B

    • MD5

      5d639848905732aa096b3692e454abea

    • SHA1

      189956611638e80eb1d8c9d2ddca80be4221d024

    • SHA256

      8bb9029e0978f4de804fec6b6f7fdc89b98dd80866df48d5584403d594c09798

    • SHA512

      2fbc97d84327f49f6b3256434633968ec89750ea1362181763a21f4ab5cdd4e18841b78fd6baa249f7f29f37ab503e7d511005c9462966f19e5eca68fb5b95c0

    Score
    1/10
    • Target

      adsTelemetry.js

    • Size

      1KB

    • MD5

      d41d60fc369db003158a9a521795d67c

    • SHA1

      ca9a6e25560d12f19a97170e67f30e578f90713d

    • SHA256

      523f38d07d5907dd89df96ce94a55c27f405e03558a7193922177ff94cab108c

    • SHA512

      57d24ab93e5ad746bc7a27cf9d6d751e430f666cc721fadc1028a86953fd0086aaabb3fa2f35c3cc2167ae6acbe691ce70fbcab24efcc9673dea94734a2d0cf7

    Score
    1/10
    • Target

      bridgeShoppingExtractor.js

    • Size

      1KB

    • MD5

      806614ba5adfabf2690e0861f7af2e30

    • SHA1

      e851335e810e3a78c0356e20aac4ee72b4a106c5

    • SHA256

      bde1aeb76f974b48dab8a4c39d4d6c8509159e7d410bda9c5af8d1bc7e4094b5

    • SHA512

      bd218ec7677348d631e65e30b575caafb6a648a364f46bf55cfb8b0f799e567a5ca16ba5d76be4c03c161ebbe5eeaaa3e59af06629243463ad36328f1340deb5

    Score
    1/10
    • Target

      errorPageScripts.js

    • Size

      4KB

    • MD5

      25be2f67e20c3d61934a45d60dff6eba

    • SHA1

      87dac3d0544ea91b453c5fd8d5406332abeaca1a

    • SHA256

      0c23fc1f071898361ce362efa02eedde48fb58af790d85fc686cd8d67fe01809

    • SHA512

      2b3006af2739322b7bd353e894add6518fcadee8eb88888f70ef2499f6108215e5a9ff19d5de1f982ada8c96ba73046403490d889f2d05859dad42dcef19f55d

    • SSDEEP

      96:APn5k2c0PjNX+UGx5i92ZMMEkQGZdgLlCV5:A/22cgX+UM5isMMEkQGZdclCV5

    Score
    1/10
    • Target

      highRiskErrorPages.js

    • Size

      1KB

    • MD5

      e6f80798f5fd0250e5995a77593e4cf5

    • SHA1

      271faca2283a3ebb130793f9e201f2dffa5074a0

    • SHA256

      5469ade56ee26e7fdf5e28c5f7db570f75d5d5df7a002dcbf149ceeec68f536d

    • SHA512

      4a795fbdc7be9eafd68bc4733a29a9a64f6132c7a8238f0f4350c03797af030a3c644a069cc6c63c24ff910b44081282fecdf3ba27a2d01d071d1264af3e1685

    Score
    1/10
    • Target

      icons.js

    • Size

      2KB

    • MD5

      c9dbfb1b54d571307e8def71ace9cdc7

    • SHA1

      72aaa644aa1c83cea233f7dcb138afa632559006

    • SHA256

      16f655ae9da854adef3f070ae16adbd94d5973c032f4769a332397e79ec3d68e

    • SHA512

      c80f979580993bf4fe7ba2764952d50ea73a4ba9504f9b5451693e5ef68a4b183f38723fc8e6d6fda72583107e9caa32e80b0027fbd47893be7d63300df25b52

    Score
    1/10
    • Target

      lowMediumErrorPages.js

    • Size

      4KB

    • MD5

      6ce366c42e410a8f852487d55941e69f

    • SHA1

      072a0415c19d2dcab81c7895ae1af390006f0c11

    • SHA256

      7d76b80d35f137da1c0238fa2ffa56f576e6582f0b6198258adcfbaf680dda4d

    • SHA512

      e0e7fd14ae5a91529b0035486c5f4098ac30031a6499d6c483a270457df6cf25d7aff04cc85397745ac46c7ac13c1588fce42a3c403b89aa8bf70b54ac38cc64

    • SSDEEP

      96:APbdktbN0YXC4Z2Zr8MEkA7ZBdzRgBlCG:AjKtbNDXCtr8MEkA7ZrFSlCG

    Score
    1/10
    • Target

      reader.js

    • Size

      76KB

    • MD5

      53cd5e861dbbcc817967cd775353138d

    • SHA1

      072d537590cfcf63adb285532fbeec9f667080ce

    • SHA256

      83941666e25c493ea93c14d66870ec6437b3a5096506cf5e3f274ffb161170df

    • SHA512

      eb63a216919a64a505bfb1b3856829cafc79338fd47b019981474b21089e85be451a2897417e871af7cf8637d4c0dbae15d9b1fbb3ef13a8b0d9a3652979a80a

    • SSDEEP

      1536:kn7YP8Qs1ZRb1jA7o55fWIphMeofRvi+V3KEKEGNHRuSbTHqAEEAs3nNmaA3VSPR:GfQ5WkLDgWG

    Score
    1/10
    • Target

      reader_theme.js

    • Size

      2KB

    • MD5

      ee6555f847d998a1f18de715eb9923d7

    • SHA1

      b556fcc5616e6dfb5cc78b696ad3265f89d81087

    • SHA256

      1a2b67db092df4ecb6700080ed62cc5fdc0bbd4da18292bade619eb1b0c9001e

    • SHA512

      a640fada69838e92ec2b272d7f60844f558d49cac3347658cb0b6606c3ab5db4d673377add359cb1cb1063ad51be218bd1f0fe15bce301dafd1cfef03abd10e5

    Score
    1/10
    • Target

      run.js

    • Size

      1KB

    • MD5

      1ce8705cfef551d71a03b3b43f288488

    • SHA1

      6f7a58efa3b052f73d3c0100f70c738c8037ede4

    • SHA256

      e7402f82200b9c101b8596c867ed30ef648114ff9b8108f50440dc3e95f6c3f9

    • SHA512

      05e9efb817ecd37e87798603e35d78bdc4e3fcfa27fc34719dfc9360b8014119c5caa484e626aebd93e60d41f53cfdeae14d25904d23b3cbd6b1299e8f5ac98c

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
7/10

behavioral1

hydrabankerinfostealertrojan
Score
10/10

behavioral2

hydrabankerinfostealertrojan
Score
10/10

behavioral3

hydrabankerinfostealertrojan
Score
10/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10