Overview

overview

10

Static

static

6

8de309b3b1...c3.apk

android-9-x86

10

8de309b3b1...c3.apk

android-10-x64

10

8de309b3b1...c3.apk

android-11-x64

10

Analysis

  • max time kernel
    2382319s
  • max time network
    148s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    20-12-2023 07:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8de309b3b12ec3f0115d8522179c825d77f111a56aa268f7eacb68afaa4d33c3.apk

  • Size

    3.0MB

  • MD5

    43cd96c840d9f2c91ff47948ad7e734b

  • SHA1

    3001104f5014c576a840fdf6f3734a44a2361404

  • SHA256

    8de309b3b12ec3f0115d8522179c825d77f111a56aa268f7eacb68afaa4d33c3

  • SHA512

    a4b6e533e9314728ef47aa7e448d0f890d24521b42c6bcfd6a57b6f3074a37016fca55eed8db4b40e1afb04b7fd8fd6b55bf04ae646db3b12ae134d4483cf20d

  • SSDEEP

    49152:SEsaNpGD0I8RlP2Oe/SOVjdxTtWNWon/cQrS8Y9vpLMP3E:fsaNpGwJu7VjdxT0N8GS8Y9vpLMM

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 2 IoCs
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • com.garbage.appear
    1⤵
    • Makes use of the framework's Accessibility service
    • Loads dropped Dex/Jar
    PID:4511

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.garbage.appear/app_DynamicOptDex/smFZWxD.json
    Filesize

    1.9MB

    MD5

    ac0ee887726e1047ac7374a5f8ffd4fc

    SHA1

    12b93d0b2f0fa0f53cc399ce45779c7090e2edc9

    SHA256

    1eafc72a4da52b387a3a51f86cf9021d81cac16ffbeb5dad4625f928832c2744

    SHA512

    fdc8e03bdc6f9513b4c755e4982e7cc2a13310c38795c05a47770544ced949a4d2427c796417ac8e559b23586ffa4e60bf6f862f7e90a758a25b4afedda5bf85

    Download Submit
  • /data/user/0/com.garbage.appear/app_DynamicOptDex/smFZWxD.json
    Filesize

    5.0MB

    MD5

    854e9bae18bb376e651ad2c0a624ab06

    SHA1

    5851daca98f585c4a74c56346cf1e333e53539dd

    SHA256

    2ec148b30c11fe04333d61e1b1381a6da153ff5f93746346dd14365c6ef66355

    SHA512

    84efa443f8baa267da47215e2008b1f4655d72a505e10f36d47ea36eeb82da43d313953fff6d319c1cb665079615464fd7319fa3a4c031f52600395ece522b42

    Download Submit