Overview

overview

10

Static

static

7

6a483d3e38...b1.apk

android-9-x86

10

6a483d3e38...b1.apk

android-10-x64

10

6a483d3e38...b1.apk

android-11-x64

10

DefaultWsd...tor.js

windows7-x64

1

DefaultWsd...tor.js

windows10-2004-x64

1

cid

ubuntu-18.04-amd64

ui.js

windows7-x64

1

ui.js

windows10-2004-x64

1

Analysis

  • max time kernel
    3314926s
  • max time network
    168s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231023-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231023-enlocale:en-usos:android-11-x64system
  • submitted
    12-11-2023 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6a483d3e3827ad58d08422dc50ca74878205f09d884fc355985dac9e342fa2b1.apk

  • Size

    2.6MB

  • MD5

    26a2a37e01f3537d7dfb9c5895997992

  • SHA1

    2e7b8103048489b870a67389dbcde0cdc352b025

  • SHA256

    6a483d3e3827ad58d08422dc50ca74878205f09d884fc355985dac9e342fa2b1

  • SHA512

    f87bac3bb56474dbb27c550bbd7f8a75101bce286e51a35728a5b34e3c575c62c37f91b90be6693cdb85fb31eeff95e51a9331b026166aee0f9b00ac1e800a3b

  • SSDEEP

    49152:JHsluagI3k4NvkuNZvodwJ6vKzDB0xcY0lPhHmir0Rs+LLcRohk32etO5M1ZEg:5sluIU4JkuNZvKwJpHY0jHXr0RJERoCj

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 2 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • com.actor.wrestle
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    PID:4398

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.actor.wrestle/app_DynamicOptDex/NU.json
    Filesize

    1.9MB

    MD5

    1080a5ada7debc85a2bf1c38ad107ea2

    SHA1

    88ac1c721ed2c042ae0d91a60f780b1820a7b861

    SHA256

    0570df8e36b006086c1dbb44f2f0ec439ec5d2be59e956d17e7eb21f6e48c114

    SHA512

    2f4881af92d315bb1164e0ac06620b8ee085b36f852fa21c709781c25fe38e6b72f5cd79d62ee9c8692855b30a09969cfabed134e3646f8be4445ddb40117f6a

    Download Submit

  • /data/user/0/com.actor.wrestle/app_DynamicOptDex/NU.json
    Filesize

    1.9MB

    MD5

    a7f8fd4c3698fd1c7b5cda66de4b3ab2

    SHA1

    17d999875e8d99f9887604a8ff29f6664b5cec51

    SHA256

    72595cf771791492eb9e4bf6ec4c7380916457bc5afe39943669cafa4006c9e2

    SHA512

    12502fc772895dd45fb06a0d2113528a33ee9e1470e0bfd4da384825516d5f23dbf15a5bcad53f6cdc458581baa33f38b5857cc78bb36f15794aff86a43cb2b3

    Download Submit

  • /data/user/0/com.actor.wrestle/app_DynamicOptDex/NU.json
    Filesize

    5.0MB

    MD5

    a4387fc74e412b17d73ca0ef45f16c46

    SHA1

    a56260429dda59a52c0aa4d9f9ef593462cfb098

    SHA256

    47888cdddaa5111c6c7a288f14f556ea9ec028da730bf7441ad3f19a9733b5a2

    SHA512

    cc00732fd6c7923da8e5b4cb07b6b753dbd6fdc42e87e43d46034c0bd2a2eb4dfcab4b7e55b6541a4596db3f06bb11d6d65d1bdfe48a5a9dfca9ffd005035aa9

    Download Submit