Overview

overview

10

Static

static

7

527d81766a...0b.apk

android-9-x86

10

527d81766a...0b.apk

android-10-x64

10

527d81766a...0b.apk

android-11-x64

10

libcrashyltics.so

ubuntu-18.04-amd64

1

zoom_app_sdk.js

windows7-x64

1

zoom_app_sdk.js

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    527d81766a0d37a117b7d38938ee88adea64ba99e44cd47f534d2fef1360a90b.bin

  • Size

    2.9MB

  • Sample

    231112-1wq32ace81

  • MD5

    37184e75d764b25208619ac89960103d

  • SHA1

    4dfdd81923c82bdd7182b8d4377968e655e976d2

  • SHA256

    527d81766a0d37a117b7d38938ee88adea64ba99e44cd47f534d2fef1360a90b

  • SHA512

    9d304b3adda32a5fd51e0522e8605d360f3ac5b5be93934ed5ea4374ad91411e41d6674ed1d10c13f7ef4941c623df229a595bef569e3da821cae90e193c45fe

  • SSDEEP

    49152:6iU00JGitbPPuJzkHxR2M+bnd3mjitA28GxT/TgTORLJ5hj1s/z1Q/QXo:yJGitqJzk94ntm2TXxIORLsb1Q/T

Score
10/10
hydraandroidbankerinfostealerlinuxtrojan

Malware Config

Extracted

Family

hydra

C2

http://cioroapapoldoapolawe.org

Targets

    • Target

      527d81766a0d37a117b7d38938ee88adea64ba99e44cd47f534d2fef1360a90b.bin

    • Size

      2.9MB

    • MD5

      37184e75d764b25208619ac89960103d

    • SHA1

      4dfdd81923c82bdd7182b8d4377968e655e976d2

    • SHA256

      527d81766a0d37a117b7d38938ee88adea64ba99e44cd47f534d2fef1360a90b

    • SHA512

      9d304b3adda32a5fd51e0522e8605d360f3ac5b5be93934ed5ea4374ad91411e41d6674ed1d10c13f7ef4941c623df229a595bef569e3da821cae90e193c45fe

    • SSDEEP

      49152:6iU00JGitbPPuJzkHxR2M+bnd3mjitA28GxT/TgTORLJ5hj1s/z1Q/QXo:yJGitqJzk94ntm2TXxIORLsb1Q/T

    Score
    10/10
    hydrabankerinfostealertrojan

    • Hydra

      Android banker and info stealer.

      bankertrojaninfostealerhydra

    • Hydra payload

    • Makes use of the framework's Accessibility service.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

    behavioral1behavioral2behavioral3

    • Target

      libcrashyltics.so

    • Size

      17KB

    • MD5

      e509b005121e182dd12b9756377d8658

    • SHA1

      842448f7ad2fd2e2c956955db5fb33df70a66ad7

    • SHA256

      26bce973d073f1b6131b8694a2807facdef60a15d70406fefbbfbfacb46db78f

    • SHA512

      6739000dcf0177c13636401113f012ce2028fa937480c9c92b7edd34918673e829cee1f2f474ed86271c9afc43a710302405ea7917cc9a489d0f084325495e87

    • SSDEEP

      384:jNOhsWSVjz947yUZ88FG7fW3r21VmU30UTpXC0/4hOl+I4+F+t5s:h9WSVjz947yUZPg7fWKTmU30UTpXC0/h

    Score
    1/10
    behavioral4

    • Target

      zoom_app_sdk.js

    • Size

      13KB

    • MD5

      31a343f9b3a784c4b1e2990b9a61fb47

    • SHA1

      4e7b6cc8797900fcf583a492781e6d718c4caf56

    • SHA256

      fdb9baa1a9104286ae12ecff9aa3321d96680e4309e7706257dbf8b9d9a4e6f2

    • SHA512

      96e60ad34d9a9b29fca22c1d1a889b67137b40d668e34d5e57560b8b4686a757e421e002074e89192ff98591358c2163f8554af6fb2f11724798d5b371dd3ac5

    • SSDEEP

      384:TddnnqKUJI7Yb6l69k6z6l6gI6h6g3kXR:TddnnyJIE6l69k6z6l6gI6h6wkXR

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Matrix

Tasks