Overview

overview

10

Static

static

7

527d81766a...0b.apk

android-9-x86

10

527d81766a...0b.apk

android-10-x64

10

527d81766a...0b.apk

android-11-x64

10

libcrashyltics.so

ubuntu-18.04-amd64

1

zoom_app_sdk.js

windows7-x64

1

zoom_app_sdk.js

windows10-2004-x64

1

Analysis

  • max time kernel
    3314367s
  • max time network
    144s
  • platform
    android_x86
  • resource
    android-x86-arm-20231023-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231023-enlocale:en-usos:android-9-x86system
  • submitted
    12-11-2023 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    527d81766a0d37a117b7d38938ee88adea64ba99e44cd47f534d2fef1360a90b.apk

  • Size

    2.9MB

  • MD5

    37184e75d764b25208619ac89960103d

  • SHA1

    4dfdd81923c82bdd7182b8d4377968e655e976d2

  • SHA256

    527d81766a0d37a117b7d38938ee88adea64ba99e44cd47f534d2fef1360a90b

  • SHA512

    9d304b3adda32a5fd51e0522e8605d360f3ac5b5be93934ed5ea4374ad91411e41d6674ed1d10c13f7ef4941c623df229a595bef569e3da821cae90e193c45fe

  • SSDEEP

    49152:6iU00JGitbPPuJzkHxR2M+bnd3mjitA28GxT/TgTORLJ5hj1s/z1Q/QXo:yJGitqJzk94ntm2TXxIORLsb1Q/T

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Extracted

Family

hydra

C2

http://cioroapapoldoapolawe.org

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 4 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs

Processes

  • com.vicious.depth
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    PID:4246
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.vicious.depth/app_DynamicOptDex/ORIj.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.vicious.depth/app_DynamicOptDex/oat/x86/ORIj.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4272

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.vicious.depth/app_DynamicOptDex/ORIj.json
    Filesize

    1.6MB

    MD5

    20ebec3a6c0d83497989fdc844a7b266

    SHA1

    8b810af9756caef62efd48ca2be6ff6ef9062caf

    SHA256

    497321a931c799fcc61094307665e7f9fcb26324b5240bb5e99b7a6a7e30c68b

    SHA512

    78f4311f422fb66ba89efd3f157bf3e6faaa5d2e2bb6d1d1a6aa2007c5aec82b8682c557b0010033cba8863aa79823d41f29fc2cd3cc33cf92bdc44719431f71

    Download Submit

  • /data/data/com.vicious.depth/app_DynamicOptDex/ORIj.json
    Filesize

    1.6MB

    MD5

    c104d679805c0473fd154195e7ba80cf

    SHA1

    763e3ac1f15713438dd9c608f6f94f29a3472607

    SHA256

    00ad423ab487c8a4e7309c798c4a7a5b20648fcbcc0bd3f1ba2d8f777e1048db

    SHA512

    d813af0471a6fb110e049db041a693895791f5d4969a0faf9185fe64cc3685eceabffcc913cba434afbe8cbfa848abd54d81caf2a867ad6468e3ad723e1e14c0

    Download Submit

  • /data/data/com.vicious.depth/app_DynamicOptDex/oat/ORIj.json.cur.prof
    Filesize

    659B

    MD5

    6d651f8e4f4775759fde641c99a1d725

    SHA1

    72881e52163d058e2078db4ea6bf3b5c7f1f0e3a

    SHA256

    f01b1dfd0df46c9125c6d1b30541ebca90584f7acea31713cd1434d0002a89cf

    SHA512

    261ce10650d9abeddc7eee16a037cd6ca21c9ea47912bd7f8f04a8c94831125ed44161b639f026565c9e8221bc5560f0c8b6201411bccce0dc8661912ecf4698

    Download Submit

  • /data/user/0/com.vicious.depth/app_DynamicOptDex/ORIj.json
    Filesize

    4.4MB

    MD5

    dd0049919780df9deb16ef4c246c8165

    SHA1

    8752e62f2a41180088a80c30931dfa99c05e4e29

    SHA256

    0a5290092b2307e5b02753986e7f70b08613d3076ab24bdf27191c7ddf443afd

    SHA512

    38ab55944bf166abe84f7fd55815a6ff3c46a5e3a440ae9b3fd37131ce3950929a772cae1175334942f2c07aef4e071e973ba98faf7a8b2d8d875658b0798a2e

    Download Submit

  • /data/user/0/com.vicious.depth/app_DynamicOptDex/ORIj.json
    Filesize

    4.4MB

    MD5

    93732af40fb03e352577e250a3500f8a

    SHA1

    08e3c3aab7524d770cbcdf597d043796c4578316

    SHA256

    8cd199f412b8bcfcd9dc4d8957e5d74d31348f43b3363729aa1402ba18d1d227

    SHA512

    55efaec342acb6a409e6fff8b15663e39ba8f366bf1aababa2ccf7b757f29c1fa9ee6ed36680a599d52d868090698c2f424c969a9da4a88c97c78b5e2329f990

    Download Submit