Overview

overview

10

Static

static

6

9883ebd9e8...ff.apk

 

9883ebd9e8...ff.apk

android-10-x64

10

9883ebd9e8...ff.apk

android-11-x64

10

Analysis

  • max time kernel
    2443658s
  • max time network
    153s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    20-12-2023 08:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9883ebd9e8537610c3ba268125e72e567c867a585218d6577b702223d3824fff.apk

  • Size

    2.5MB

  • MD5

    ecfdaf8c303494ec91eb27d326072e8d

  • SHA1

    66bb3945f64b46493ecf2525fb3f69dab6ea8376

  • SHA256

    9883ebd9e8537610c3ba268125e72e567c867a585218d6577b702223d3824fff

  • SHA512

    83c0e7306e3f02b8b7c38efa92eaa59323e5d2e9edff6d3fc8c811eac0da919a1b877a87503024b45d491ef6eebf5631dda2edeca4b2deb2cf7bce8f97e7beb1

  • SSDEEP

    49152:PaRkqpvITd0iIBTBcvuC7uhqI1nBXWYb+A4i29Zn+MIF9LMCFsRnYyEuz:yRkuvo09BOvHyhJ1nBXWGHHAK9QmMtE0

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 1 IoCs
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • com.chunk.claim
    1⤵
    • Makes use of the framework's Accessibility service
    • Loads dropped Dex/Jar
    PID:4483

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.chunk.claim/app_DynamicOptDex/qBFfc.json
    Filesize

    573KB

    MD5

    a4a29916bf611995c62eb638e254b6cf

    SHA1

    5c4dff5a836fa483e6951d6071e359379fbb524d

    SHA256

    b1dbe16f9b229f74c66f25b336585f4052ebc4a81113fd828866e3815314b4eb

    SHA512

    e47b47675265affa629f93c4efe135f669cd28a048ccf4d72a6f79856d164d7afe8423d35279e14a3aef5db6412f2e5e51ee360db6061a764301504ac8bf8e90

    Download Submit

  • /data/user/0/com.chunk.claim/app_DynamicOptDex/qBFfc.json
    Filesize

    573KB

    MD5

    13324c924566d74577ac425455435eaf

    SHA1

    1ad8b65a19a8d801d4c39c5419890dc0010f6576

    SHA256

    2f838b5796334270205a61538c7dd492d9a4c980f24139ac2aec47ce23d791af

    SHA512

    3d0b66702d83190649c94fe8bd0c0b3a7d1f1eceb8e5b2c3a5fa02ee3002bf0fb862be40a07d9d9ee596cf496b62cbc3ba42aad6993a0b37b59698aeb022044e

    Download Submit