Overview

overview

10

Static

static

7

15d9a5bdde...a5.apk

android-9-x86

10

15d9a5bdde...a5.apk

android-10-x64

10

15d9a5bdde...a5.apk

android-11-x64

10

libcrashyltics.so

ubuntu-18.04-amd64

1

zoom_app_sdk.js

windows7-x64

1

zoom_app_sdk.js

windows10-2004-x64

1

Analysis

  • max time kernel
    4005571s
  • max time network
    132s
  • platform
    android_x86
  • resource
    android-x86-arm-20231023-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231023-enlocale:en-usos:android-9-x86system
  • submitted
    20-11-2023 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    15d9a5bdde36d5f214d6963bbf05e4cdcd20e86dcd539f771c972112c75dc4a5.apk

  • Size

    3.1MB

  • MD5

    dbab340d07d659ac69fe2ae7a7119ace

  • SHA1

    b11519fd265fab67afe9e70edb661a52f413a187

  • SHA256

    15d9a5bdde36d5f214d6963bbf05e4cdcd20e86dcd539f771c972112c75dc4a5

  • SHA512

    1d05440aee275f350a956538890170030a0c28ad9f62691ca780c1570787065a0ef1290cfd7fd748bb1d772105f6b2621a870ca3ef32926b2303c44959f1c07c

  • SSDEEP

    49152:+NNGa1n+JGiJjFCmwTkH+u5DO7PrRQWbMl9PriWcHJ3dC:qh+JGi3ATk95cruwm9WWcHJ3dC

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Extracted

Family

hydra

C2

http://ciopuntinoapoldoaeuoererapol.com

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 4 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs

Processes

  • com.interest.discover
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    PID:4320
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.interest.discover/app_DynamicOptDex/EYRX.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.interest.discover/app_DynamicOptDex/oat/x86/EYRX.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.interest.discover/app_DynamicOptDex/EYRX.json
    Filesize

    1.6MB

    MD5

    f64e228b05c35ab01516a7539c05b6b9

    SHA1

    911ad6ebc61346202990b2f901e91a53f1368854

    SHA256

    267c2101f2d1cdd1126d3565a5759aecca0d98833e7690369c7666c5644b8a65

    SHA512

    9167e4efac4ddd7b69798714ac1d5cbcdf1860045bc77d1c100da54494a4a9629c263877081e62e192f310abf87b20c397302f5a870539f27584c3cb68e2ab1e

    Download Submit

  • /data/data/com.interest.discover/app_DynamicOptDex/EYRX.json
    Filesize

    1.6MB

    MD5

    3695bc4fa1869057d5c7ca5c96ec9edd

    SHA1

    e32638ca29fe15f5d171f901ccb4ef9c7b574fa8

    SHA256

    3e70f0277d6faae5abf401a49589a2e9f4c3658885349d4df94e0eff0f3c8eff

    SHA512

    35b6b854fa407b6fd54c5318191a253bb9a8e546f0e1c1bf48ec2ca7aab9468d63f26fc0f619c9ec84039c5465a2be5a1b62f524d28f83bab9d145f10f09cbae

    Download Submit

  • /data/data/com.interest.discover/app_DynamicOptDex/oat/EYRX.json.cur.prof
    Filesize

    631B

    MD5

    08ec6cf73f6a29acfc08c83814c1a032

    SHA1

    d4e427356b37dc61bfe755bf9c1e8581c35e59e8

    SHA256

    5f5f87fd5a38c15c2996ef2f87db79b6ffbe4744d4cc0efd5bf220b8830755b0

    SHA512

    e0a8f6797c49491fe318def3846346af8722d5b830b43ebf261b4c2c2db7329e7fe7e5d35fc36cdc294ebad30c5343a329e8cb9b2b4b6484ff408739f5126e08

    Download Submit

  • /data/user/0/com.interest.discover/app_DynamicOptDex/EYRX.json
    Filesize

    4.4MB

    MD5

    cc96143d2e0a9a33e55dcb3e560a773a

    SHA1

    a86acec3c851c1162fe34b910d270247e7e20db8

    SHA256

    8a1d36dd3527dfc658e661eaa8ed08738d8ecefabecb46354ff11edb770cb8ab

    SHA512

    fd13805098b0e35160a6c6afdf833dbff41a1f77ec1a6aab62548a2ccff6564d85612a1d4b6da9b66ff3917ff83b007794cf599d745256368a7cf6b27856f0b5

    Download Submit

  • /data/user/0/com.interest.discover/app_DynamicOptDex/EYRX.json
    Filesize

    4.4MB

    MD5

    493732eae1ec6f43d7bf0692d774b317

    SHA1

    a604ba4eb87d757cb6176799a7dd08859e25e97e

    SHA256

    a1a648bf5c9b9dd66d24b06d6a4ae6aa11fd73611c2840b1da74d8239a38698e

    SHA512

    75684bc7791042555babd50da4278984de8f0e9e50711da61784eed2fb8c2b10a064e094784d41adb3df511a40859177c1f0d70bc0d1740ed0556f7d850d9bb4

    Download Submit