Analysis
-
max time kernel
2299620s -
max time network
147s -
platform
android_x64 -
resource
android-x64-arm64-20231215-en -
resource tags
-
submitted
19-12-2023 23:41
General
-
Target
6e126b848c0b8b714bed2e031799bfb86aa6c8f06665a1a1763ec691045c3682.apk
-
Size
8.6MB
-
MD5
f05a404eca2aeb0f0baa640fd3d0628b
-
SHA1
1b823a1381d9cfcd0d64eea8041f610b1ffcaf76
-
SHA256
6e126b848c0b8b714bed2e031799bfb86aa6c8f06665a1a1763ec691045c3682
-
SHA512
97dd958ed47066b591410d10417bacb9ade4ceeeaa2ed84f9aeb4be7120a62723da19b9d21ba4bf4a42ce65ed289ce17854a7bcf0bca34c8a0c02206df782e32
-
SSDEEP
196608:rHQNs41/gagNADWx0RiQdyjynFAL99AhJekNjhG1YyN2Lv3G:rwNTgaCsWabyj409WZjQ19N2/G
Malware Config
Signatures
-
Hydra
Android banker and info stealer.
-
Makes use of the framework's Accessibility service 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Reads information about phone network operator.
Processes
-
com.veefctqv.umehtvs1⤵
- Makes use of the framework's Accessibility service
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.9MB
MD5152982fd6a74135311c9eeb4667a6a29
SHA1e3e3197afcbf6253cb8a9b41bb273a2778a1127c
SHA25658d19e5b1e6aec570e3e6b9740aa2d250b0822a5db9912d536cee4569d6dd7f4
SHA512921c0b04a9ba930af94cbeb54ddf80d862c8e3f17ab06458411dc6abdd7c04acaab573580d961347e69ca492d8ae7a01179c17fe3970b4be008974d36c3eba9a
-
Filesize
1.1MB
MD54bf1881445c3cbdcad1706333575a738
SHA1ae3d6588aa89c423d3c5ce16288a35df4273742c
SHA256876b211591e576036d262fd6f1d2835ea7c7ed02a7aaf974531e2ca2307b2bb6
SHA51200a8043cc2135245e6cc385e49fe312bca0284aa479ea0600062f8dac2117aecba8836cc40db85dc5be51347761ffc16ae3a87d18eec6183508285993e0ed029