Overview

overview

10

Static

static

6

9883ebd9e8...ff.apk

 

9883ebd9e8...ff.apk

android-10-x64

10

9883ebd9e8...ff.apk

android-11-x64

10

Analysis

  • max time kernel
    2443578s
  • max time network
    151s
  • platform
    android_x64
  • resource
    android-x64-20231215-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
  • submitted
    20-12-2023 08:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9883ebd9e8537610c3ba268125e72e567c867a585218d6577b702223d3824fff.apk

  • Size

    2.5MB

  • MD5

    ecfdaf8c303494ec91eb27d326072e8d

  • SHA1

    66bb3945f64b46493ecf2525fb3f69dab6ea8376

  • SHA256

    9883ebd9e8537610c3ba268125e72e567c867a585218d6577b702223d3824fff

  • SHA512

    83c0e7306e3f02b8b7c38efa92eaa59323e5d2e9edff6d3fc8c811eac0da919a1b877a87503024b45d491ef6eebf5631dda2edeca4b2deb2cf7bce8f97e7beb1

  • SSDEEP

    49152:PaRkqpvITd0iIBTBcvuC7uhqI1nBXWYb+A4i29Zn+MIF9LMCFsRnYyEuz:yRkuvo09BOvHyhJ1nBXWGHHAK9QmMtE0

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 1 IoCs
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • com.chunk.claim
    1⤵
    • Makes use of the framework's Accessibility service
    • Loads dropped Dex/Jar
    PID:4990

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.chunk.claim/app_DynamicOptDex/oat/qBFfc.json.cur.prof
    Filesize

    1KB

    MD5

    edc9b43a979248c5de53dd7f2f738cec

    SHA1

    fa82869016dafb98448bea9bdd62db2f34c13c99

    SHA256

    c8a91986db49cb12d2ad3a94fbe2fa80f8878933abe8f0f7c6406355aa49c828

    SHA512

    d6648abfbb7daac324252769426adb68a04e1071c413837cb02470f9fb0a8494be17bacd90872000aad7729ef22862542928058eabc0226d5859aca4cd9efb29

    Download Submit

  • /data/user/0/com.chunk.claim/app_DynamicOptDex/qBFfc.json
    Filesize

    573KB

    MD5

    13324c924566d74577ac425455435eaf

    SHA1

    1ad8b65a19a8d801d4c39c5419890dc0010f6576

    SHA256

    2f838b5796334270205a61538c7dd492d9a4c980f24139ac2aec47ce23d791af

    SHA512

    3d0b66702d83190649c94fe8bd0c0b3a7d1f1eceb8e5b2c3a5fa02ee3002bf0fb862be40a07d9d9ee596cf496b62cbc3ba42aad6993a0b37b59698aeb022044e

    Download Submit