Overview

overview

10

Static

static

7

a4b86f0f8e...d7.apk

android-9-x86

10

a4b86f0f8e...d7.apk

android-10-x64

10

a4b86f0f8e...d7.apk

android-11-x64

10

AlphaPresentForms.js

windows7-x64

1

AlphaPresentForms.js

windows10-2004-x64

1

BasicLatin.js

windows7-x64

1

BasicLatin.js

windows10-2004-x64

1

BoxDrawing.js

windows7-x64

1

BoxDrawing.js

windows10-2004-x64

1

CombDiactF...ols.js

windows7-x64

1

CombDiactF...ols.js

windows10-2004-x64

1

ControlPictures.js

windows7-x64

1

ControlPictures.js

windows10-2004-x64

1

CurrencySymbols.js

windows7-x64

1

CurrencySymbols.js

windows10-2004-x64

1

Cyrillic.js

windows7-x64

1

Cyrillic.js

windows10-2004-x64

1

EnclosedAlphanum.js

windows7-x64

1

EnclosedAlphanum.js

windows10-2004-x64

1

GeneralPunctuation.js

windows7-x64

1

GeneralPunctuation.js

windows10-2004-x64

1

GreekAndCoptic.js

windows7-x64

1

GreekAndCoptic.js

windows10-2004-x64

1

GreekBoldItalic.js

windows7-x64

1

GreekBoldItalic.js

windows10-2004-x64

1

GreekSSBoldItalic.js

windows7-x64

1

GreekSSBoldItalic.js

windows10-2004-x64

1

IPAExtensions.js

windows7-x64

1

IPAExtensions.js

windows10-2004-x64

1

Latin1Supplement.js

windows7-x64

1

Latin1Supplement.js

windows10-2004-x64

1

LatinExtendedA.js

windows7-x64

1

Analysis

  • max time kernel
    4265237s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20231023-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231023-enlocale:en-usos:android-9-x86system
  • submitted
    23-11-2023 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a4b86f0f8e904e8d8f3472b04c3054b004a503a5ace1c6409f7f55b7c0e62cd7.apk

  • Size

    1.9MB

  • MD5

    6c0f7526671497f0a925a16d2e7234ce

  • SHA1

    c8d160e6b568e2db42ebe618ee8aa3c57cc45310

  • SHA256

    a4b86f0f8e904e8d8f3472b04c3054b004a503a5ace1c6409f7f55b7c0e62cd7

  • SHA512

    a2c37a78561cbb444492ee574a081715562ecf7b694e83058981b6b6d957132aba68d941fe4a79bd4bde35a22477a7e5fd90ba96a8601bb573c5d2f188e4c3d2

  • SSDEEP

    49152:/VP5Iq9H7Ec/HFV3Xvk8lzWJI6e6VdQEjDBs:/f77EWlZXZWRVSEj1s

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Extracted

Family

hydra

C2

http://ihfwiohefwhiwririhererf.store

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 4 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

Processes

  • com.dress.pigeon
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    PID:4267
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dress.pigeon/app_DynamicOptDex/mL.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.dress.pigeon/app_DynamicOptDex/oat/x86/mL.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4293

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.dress.pigeon/app_DynamicOptDex/mL.json
    Filesize

    973KB

    MD5

    cec05dccd70934dd89864ccb3e1181e5

    SHA1

    3d8b400e2d684ad53be51f0f7ce4ab044f81fd28

    SHA256

    54a04510955b9d285044af0d0a3bb704db88cb6c57ccbbd45e326917019c581d

    SHA512

    62d206054eeecafbd93ae6401e47134241dfea368f4a9984d32fca7a72cebfa9787194e9b496873abc800e8c40aaa49339c698ed089064680d4bd154d2bcd631

    Download Submit

  • /data/data/com.dress.pigeon/app_DynamicOptDex/mL.json
    Filesize

    973KB

    MD5

    1cfff3092a7c49e093def19e3ba245b0

    SHA1

    add0d4edff7d35ed60e5725447b0e527be16993e

    SHA256

    14162502f769f2b78815d5dad25df7a6e2756860e8bdd7f5cd5ad6c2406ed5af

    SHA512

    89259335c432a83dfb07f84cc4075a9c95cbcbff167dc771f9d6637df491e338c353809a0fcdb97ef0cb0623e72843e105ff4010dc01da8be0f90cd5b68a0100

    Download Submit

  • /data/data/com.dress.pigeon/app_DynamicOptDex/oat/mL.json.cur.prof
    Filesize

    734B

    MD5

    47c350832b7fb61d9cfc5cb42c406352

    SHA1

    207672fefbd1c583365a31678822bdc2c258d8a5

    SHA256

    f802ead18a4c2550b20c6bc565f31119daf55dbc1ec73a7f13e096627109e6ff

    SHA512

    936fdd91ccc1243992d2f52795306a30324be8ca58e41b278b238dce59646093cfb93260d21767b26b39990546787e8c9b95725e62fdee4ca689e0b0c93ed49d

    Download Submit

  • /data/user/0/com.dress.pigeon/app_DynamicOptDex/mL.json
    Filesize

    2.2MB

    MD5

    ed9b83a4919b7cc78bfccdf69c50de8d

    SHA1

    cab7985a28d3f6078dbff475baf160217693bb01

    SHA256

    d119074ab96274a3ac0ba2ed09e8ca685b2a5eef6fe03a0de1ecbd48cf52071a

    SHA512

    0a75528904c07a4c24ff876396e163130ae76521c5ad5fe48279c5a521b2f4f4c7a77b9a234263adb4d2115d7b04254d8a00f4e64d60d679d548a3146920b8c3

    Download Submit

  • /data/user/0/com.dress.pigeon/app_DynamicOptDex/mL.json
    Filesize

    2.2MB

    MD5

    f1e4e15f6053f0b6d460b32d39e9c59a

    SHA1

    ff6a25fffa8fe34c9d0274a89d2b05963e97127e

    SHA256

    da1b508761ff1ff20564417804e02a3a058be3c12dafa6e559b43f33383b20ff

    SHA512

    76084bb959e5a86286d41432746e105a8f00c0213883a65168110721587ee02a6b24fe72f4445a11a4a59bd1055de2c35c98000965b9b0b6a0100fae549ea780

    Download Submit