General
-
Target
d37354a9ee083d1cc8d337cd4008231d303c763768c3fe2f443c7bb4ec184522.bin
-
Size
3.2MB
-
Sample
231220-1wvq8ahbb5
-
MD5
be81405574365c97fc0b3010cc039cad
-
SHA1
5a7ff7b6998ae7de9a94d4fb5af4805b6eab4fb9
-
SHA256
d37354a9ee083d1cc8d337cd4008231d303c763768c3fe2f443c7bb4ec184522
-
SHA512
9e539cc62019eab99aecf02eb29b517467e257a46392c2da69831e4cf39818938d86c50c427a5afa4de743f073d2699275ed3ca14299e2b94545011854e93bbf
-
SSDEEP
49152:+mZ5+Rb9KN9/QaJGiXNc9GUnDdYxU82S0lZYfvuXibOHh4K4844qkGdWGNTc:dlJGiWYeD0U870lZs2XNB4Kp4LjTc
Static task
static1
Behavioral task
behavioral1
Sample
d37354a9ee083d1cc8d337cd4008231d303c763768c3fe2f443c7bb4ec184522.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral2
Sample
d37354a9ee083d1cc8d337cd4008231d303c763768c3fe2f443c7bb4ec184522.apk
Resource
android-x64-20231215-en
Behavioral task
behavioral3
Sample
d37354a9ee083d1cc8d337cd4008231d303c763768c3fe2f443c7bb4ec184522.apk
Resource
android-x64-arm64-20231215-en
Malware Config
Extracted
hydra
http://cioroapapoldoapolawe.org
Targets
-
-
Target
d37354a9ee083d1cc8d337cd4008231d303c763768c3fe2f443c7bb4ec184522.bin
-
Size
3.2MB
-
MD5
be81405574365c97fc0b3010cc039cad
-
SHA1
5a7ff7b6998ae7de9a94d4fb5af4805b6eab4fb9
-
SHA256
d37354a9ee083d1cc8d337cd4008231d303c763768c3fe2f443c7bb4ec184522
-
SHA512
9e539cc62019eab99aecf02eb29b517467e257a46392c2da69831e4cf39818938d86c50c427a5afa4de743f073d2699275ed3ca14299e2b94545011854e93bbf
-
SSDEEP
49152:+mZ5+Rb9KN9/QaJGiXNc9GUnDdYxU82S0lZYfvuXibOHh4K4844qkGdWGNTc:dlJGiWYeD0U870lZs2XNB4Kp4LjTc
Score10/10-
Hydra payload
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Requests enabling of the accessibility settings.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Reads information about phone network operator.
-