General

  • Target

    83380ae57698d2b13e0773969c68e2ea32d02ff1955be0f865cfaace62cf1917

  • Size

    6.9MB

  • Sample

    231220-eta35sefb8

  • MD5

    09c03c318ab6a1b5f201f81480de022f

  • SHA1

    01b01d29b8b62e8152438740f8956c8a0ab730a4

  • SHA256

    83380ae57698d2b13e0773969c68e2ea32d02ff1955be0f865cfaace62cf1917

  • SHA512

    52ae7f63a3b91fc681f77aad31e2cde23c916394c77c354c0913ec32415847887dad8e16069a6d1036aa3c678e23922cef2d76ef6feb10b70458af6534827ce9

  • SSDEEP

    196608:GM6ePkMV3JKPaCalpxnz2A55eHKMeW2aNyeyrMhGyNL:GM5Pp5KSCaNnz9aK8G2L

Malware Config

Targets

    • Target

      83380ae57698d2b13e0773969c68e2ea32d02ff1955be0f865cfaace62cf1917

    • Size

      6.9MB

    • MD5

      09c03c318ab6a1b5f201f81480de022f

    • SHA1

      01b01d29b8b62e8152438740f8956c8a0ab730a4

    • SHA256

      83380ae57698d2b13e0773969c68e2ea32d02ff1955be0f865cfaace62cf1917

    • SHA512

      52ae7f63a3b91fc681f77aad31e2cde23c916394c77c354c0913ec32415847887dad8e16069a6d1036aa3c678e23922cef2d76ef6feb10b70458af6534827ce9

    • SSDEEP

      196608:GM6ePkMV3JKPaCalpxnz2A55eHKMeW2aNyeyrMhGyNL:GM5Pp5KSCaNnz9aK8G2L

    • Hydra

      Android banker and info stealer.

    • Hydra payload

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

MITRE ATT&CK Enterprise v15

Tasks