hydra | 8b321553f1a269ee4b68a02162ba2d14c71a92907b6001ff3db0fe5bae6b3430

Analysis

max time kernel
2379858s
max time network
144s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
20-12-2023 06:22

Target

8b321553f1a269ee4b68a02162ba2d14c71a92907b6001ff3db0fe5bae6b3430.apk
Size

2.8MB
MD5

d1a68785559ae6b0049a2bd1798277a1
SHA1

8ea0706e77e57810ff1bc9073f3701772f032557
SHA256

8b321553f1a269ee4b68a02162ba2d14c71a92907b6001ff3db0fe5bae6b3430
SHA512

b4c676c19dedf7b582598bc8bc9d3bf260b3847564d7da755cf9e694abdf2ad3555da526b7ff847dcbddf75b9d1183924a29078d181b313fcec18c8b5349637a
SSDEEP

49152:Ucz4N3omNn0M+CGN3SPXLD8S/obeUQGkfC1T3Eb0KizuNAGq6BXk2M:LrmR0vCSC/robeZGkfk0xA1XX

Score

10^/10

Family

hydra

http://lalabanda.com

Hydra payload 2 IoCs

Processes:

resource	yara_rule
/data/user/0/com.wife.dizzy/app_DynamicOptDex/KCFj.json	family_hydra1
/data/user/0/com.wife.dizzy/app_DynamicOptDex/KCFj.json	family_hydra2

Makes use of the framework's Accessibility service 2 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

Processes:

com.wife.dizzy

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.wife.dizzy
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.wife.dizzy

Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.

Processes:

com.wife.dizzy

ioc pid process

/data/user/0/com.wife.dizzy/app_DynamicOptDex/KCFj.json 4610 com.wife.dizzy
Requests enabling of the accessibility settings. 1 IoCs

Processes:

com.wife.dizzy

description ioc process

Intent action android.settings.ACCESSIBILITY_SETTINGS com.wife.dizzy
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

24 ip-api.com
Reads information about phone network operator.

ioc	pid	process
/data/user/0/com.wife.dizzy/app_DynamicOptDex/KCFj.json	4610	com.wife.dizzy

description	ioc	process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.wife.dizzy

flow	ioc
24	ip-api.com

/data/user/0/com.wife.dizzy/app_DynamicOptDex/KCFj.json
Filesize
1.3MB

MD5
f84f5fda1df953a8fbe24c17bacdf3ae

SHA1
044b7ca9f5988e175bea21312e81043aa17c9027

SHA256
e31d73a78d821a4ee86e55c77432c3c52ef01a8cb7be18fda83faf50772f7ffa

SHA512
0fb2a6900c79f673df5089ead0bfbbff7582cd17c0094cff3c90cfab2e2f64eb3b1d0ceebb70f6df113b7a68ae13e837477a3e9512efa33530901ccff52bbfd7

Download Submit
/data/user/0/com.wife.dizzy/app_DynamicOptDex/KCFj.json
Filesize
1.3MB

MD5
9b4f8f8895a6e4ccfb5a1b2e0279c3f6

SHA1
6ec87b70d5fcc55f9e9fcd8cb9407d721f7a6068

SHA256
fd87c4f7c8ece0448dab67a0b689c4a417a153081059750295fbed29a1422b03

SHA512
e9049874ccb34af36b6a6837771867532ed0d73b02117de2d3f9908ed96f9c118ff0922702b6b3bd55dba90bac4e335aa7f5769c5c21ac49582a0c5551b5b408

Download Submit
/data/user/0/com.wife.dizzy/app_DynamicOptDex/KCFj.json
Filesize
3.6MB

MD5
7135f1564d788d4f037d1fce183fb480

SHA1
d0b34f23799c14770a8b5fc1f1a1d81697bb6f53

SHA256
df7bbead42e925c5b6b349c89c5fa85b8dbd113317acf05fed32243b4827f6b3

SHA512
d4ad950737096138a221850f58180962b5a29e81b4b6866f041f2ca7d3b0d03a2262ce7e081eb71c72d28c057e760521bb986136729be506b934f44ec04ebea2

Download Submit