Overview

overview

10

Static

static

7

15d9a5bdde...a5.apk

android-9-x86

10

15d9a5bdde...a5.apk

android-10-x64

10

15d9a5bdde...a5.apk

android-11-x64

10

libcrashyltics.so

ubuntu-18.04-amd64

1

zoom_app_sdk.js

windows7-x64

1

zoom_app_sdk.js

windows10-2004-x64

1

Analysis

  • max time kernel
    4005700s
  • max time network
    168s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231023-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231023-enlocale:en-usos:android-11-x64system
  • submitted
    20-11-2023 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    15d9a5bdde36d5f214d6963bbf05e4cdcd20e86dcd539f771c972112c75dc4a5.apk

  • Size

    3.1MB

  • MD5

    dbab340d07d659ac69fe2ae7a7119ace

  • SHA1

    b11519fd265fab67afe9e70edb661a52f413a187

  • SHA256

    15d9a5bdde36d5f214d6963bbf05e4cdcd20e86dcd539f771c972112c75dc4a5

  • SHA512

    1d05440aee275f350a956538890170030a0c28ad9f62691ca780c1570787065a0ef1290cfd7fd748bb1d772105f6b2621a870ca3ef32926b2303c44959f1c07c

  • SSDEEP

    49152:+NNGa1n+JGiJjFCmwTkH+u5DO7PrRQWbMl9PriWcHJ3dC:qh+JGi3ATk95cruwm9WWcHJ3dC

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Extracted

Family

hydra

C2

http://ciopuntinoapoldoaeuoererapol.com

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 2 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • com.interest.discover
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    PID:4594

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.interest.discover/app_DynamicOptDex/EYRX.json
    Filesize

    1.6MB

    MD5

    f64e228b05c35ab01516a7539c05b6b9

    SHA1

    911ad6ebc61346202990b2f901e91a53f1368854

    SHA256

    267c2101f2d1cdd1126d3565a5759aecca0d98833e7690369c7666c5644b8a65

    SHA512

    9167e4efac4ddd7b69798714ac1d5cbcdf1860045bc77d1c100da54494a4a9629c263877081e62e192f310abf87b20c397302f5a870539f27584c3cb68e2ab1e

    Download Submit
  • /data/data/com.interest.discover/app_DynamicOptDex/EYRX.json
    Filesize

    1.6MB

    MD5

    3695bc4fa1869057d5c7ca5c96ec9edd

    SHA1

    e32638ca29fe15f5d171f901ccb4ef9c7b574fa8

    SHA256

    3e70f0277d6faae5abf401a49589a2e9f4c3658885349d4df94e0eff0f3c8eff

    SHA512

    35b6b854fa407b6fd54c5318191a253bb9a8e546f0e1c1bf48ec2ca7aab9468d63f26fc0f619c9ec84039c5465a2be5a1b62f524d28f83bab9d145f10f09cbae

    Download Submit
  • /data/data/com.interest.discover/app_DynamicOptDex/oat/EYRX.json.cur.prof
    Filesize

    1KB

    MD5

    6f6cd9f5837a67ab6ddaf6ecce174ec3

    SHA1

    f3efdbe0bd701669503ac92a0f799a91df4916b6

    SHA256

    f59d831d270b42da70cbc22d911b35e8b26b154f940552187da255c026adffbe

    SHA512

    7a88c2ed3c7900193dfafd8cafe107d5604924e5c61593a4286f56846786fdc1f7164717b2478acffc67411765473df1d64e0ea7adfa6cf91f49bf5bb6960dc5

    Download Submit
  • /data/user/0/com.interest.discover/app_DynamicOptDex/EYRX.json
    Filesize

    4.4MB

    MD5

    493732eae1ec6f43d7bf0692d774b317

    SHA1

    a604ba4eb87d757cb6176799a7dd08859e25e97e

    SHA256

    a1a648bf5c9b9dd66d24b06d6a4ae6aa11fd73611c2840b1da74d8239a38698e

    SHA512

    75684bc7791042555babd50da4278984de8f0e9e50711da61784eed2fb8c2b10a064e094784d41adb3df511a40859177c1f0d70bc0d1740ed0556f7d850d9bb4

    Download Submit