Overview

overview

10

Static

static

7

b0d137f1f9...73.apk

android-9-x86

10

b0d137f1f9...73.apk

android-10-x64

10

b0d137f1f9...73.apk

android-11-x64

10

libcrashyltics.so

ubuntu-18.04-amd64

1

zoom_app_sdk.js

windows7-x64

1

zoom_app_sdk.js

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b0d137f1f9ad7588c6bdd0bdd94652b1ecbf4d30354025eee036d96f223b1273.bin

  • Size

    2.8MB

  • Sample

    231111-1wpvzabg6w

  • MD5

    0d95b3fedb55bdb90276467169c28cb4

  • SHA1

    31079fc2813413577b6065da0185afb27e9b4755

  • SHA256

    b0d137f1f9ad7588c6bdd0bdd94652b1ecbf4d30354025eee036d96f223b1273

  • SHA512

    a6c864bebd041cfca6fabd62dfe5f289d66b92ba5e28c7ee9ad01c3b2f6ed1debafe9c78739302be3c0bea2c51a668a97e3effc9e622ba267aff8d9127721f68

  • SSDEEP

    49152:QmyJGiuVhbtuUykHhRPAikjLY6TsoogbpP/BAfrC2Baw3PDsmgtf5mVqrKT4mDS6:QmyJGiuV2Uyk0i4Y6TsiBAfDBa/mgGVv

Score
10/10
hydraandroidbankerinfostealerlinuxtrojan

Malware Config

Extracted

Family

hydra

C2

http://fioklksisisakkkkas.com

Targets

    • Target

      b0d137f1f9ad7588c6bdd0bdd94652b1ecbf4d30354025eee036d96f223b1273.bin

    • Size

      2.8MB

    • MD5

      0d95b3fedb55bdb90276467169c28cb4

    • SHA1

      31079fc2813413577b6065da0185afb27e9b4755

    • SHA256

      b0d137f1f9ad7588c6bdd0bdd94652b1ecbf4d30354025eee036d96f223b1273

    • SHA512

      a6c864bebd041cfca6fabd62dfe5f289d66b92ba5e28c7ee9ad01c3b2f6ed1debafe9c78739302be3c0bea2c51a668a97e3effc9e622ba267aff8d9127721f68

    • SSDEEP

      49152:QmyJGiuVhbtuUykHhRPAikjLY6TsoogbpP/BAfrC2Baw3PDsmgtf5mVqrKT4mDS6:QmyJGiuV2Uyk0i4Y6TsiBAfDBa/mgGVv

    Score
    10/10
    hydrabankerinfostealertrojan

    • Hydra

      Android banker and info stealer.

      bankertrojaninfostealerhydra

    • Hydra payload

    • Makes use of the framework's Accessibility service.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

    behavioral1behavioral2behavioral3

    • Target

      libcrashyltics.so

    • Size

      17KB

    • MD5

      e509b005121e182dd12b9756377d8658

    • SHA1

      842448f7ad2fd2e2c956955db5fb33df70a66ad7

    • SHA256

      26bce973d073f1b6131b8694a2807facdef60a15d70406fefbbfbfacb46db78f

    • SHA512

      6739000dcf0177c13636401113f012ce2028fa937480c9c92b7edd34918673e829cee1f2f474ed86271c9afc43a710302405ea7917cc9a489d0f084325495e87

    • SSDEEP

      384:jNOhsWSVjz947yUZ88FG7fW3r21VmU30UTpXC0/4hOl+I4+F+t5s:h9WSVjz947yUZPg7fWKTmU30UTpXC0/h

    Score
    1/10
    behavioral4

    • Target

      zoom_app_sdk.js

    • Size

      13KB

    • MD5

      31a343f9b3a784c4b1e2990b9a61fb47

    • SHA1

      4e7b6cc8797900fcf583a492781e6d718c4caf56

    • SHA256

      fdb9baa1a9104286ae12ecff9aa3321d96680e4309e7706257dbf8b9d9a4e6f2

    • SHA512

      96e60ad34d9a9b29fca22c1d1a889b67137b40d668e34d5e57560b8b4686a757e421e002074e89192ff98591358c2163f8554af6fb2f11724798d5b371dd3ac5

    • SSDEEP

      384:TddnnqKUJI7Yb6l69k6z6l6gI6h6g3kXR:TddnnyJIE6l69k6z6l6gI6h6wkXR

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Matrix

Tasks