General

  • Target

    8de309b3b12ec3f0115d8522179c825d77f111a56aa268f7eacb68afaa4d33c3

  • Size

    3.0MB

  • Sample

    231220-hvxkbaggdr

  • MD5

    43cd96c840d9f2c91ff47948ad7e734b

  • SHA1

    3001104f5014c576a840fdf6f3734a44a2361404

  • SHA256

    8de309b3b12ec3f0115d8522179c825d77f111a56aa268f7eacb68afaa4d33c3

  • SHA512

    a4b6e533e9314728ef47aa7e448d0f890d24521b42c6bcfd6a57b6f3074a37016fca55eed8db4b40e1afb04b7fd8fd6b55bf04ae646db3b12ae134d4483cf20d

  • SSDEEP

    49152:SEsaNpGD0I8RlP2Oe/SOVjdxTtWNWon/cQrS8Y9vpLMP3E:fsaNpGwJu7VjdxT0N8GS8Y9vpLMM

Malware Config

Targets

    • Target

      8de309b3b12ec3f0115d8522179c825d77f111a56aa268f7eacb68afaa4d33c3

    • Size

      3.0MB

    • MD5

      43cd96c840d9f2c91ff47948ad7e734b

    • SHA1

      3001104f5014c576a840fdf6f3734a44a2361404

    • SHA256

      8de309b3b12ec3f0115d8522179c825d77f111a56aa268f7eacb68afaa4d33c3

    • SHA512

      a4b6e533e9314728ef47aa7e448d0f890d24521b42c6bcfd6a57b6f3074a37016fca55eed8db4b40e1afb04b7fd8fd6b55bf04ae646db3b12ae134d4483cf20d

    • SSDEEP

      49152:SEsaNpGD0I8RlP2Oe/SOVjdxTtWNWon/cQrS8Y9vpLMP3E:fsaNpGwJu7VjdxT0N8GS8Y9vpLMM

    • Hydra

      Android banker and info stealer.

    • Hydra payload

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

MITRE ATT&CK Enterprise v15

Tasks