General

  • Target

    9939bea82bef38dff91be0182d26c13694dec687d1b8971bb2924076b89646f1

  • Size

    3.3MB

  • Sample

    231220-kycenaghg3

  • MD5

    c81e236e8e7445375ee40d8e3f327873

  • SHA1

    43fd1ac04a1793ceb60061c402c3f2bab67daa1c

  • SHA256

    9939bea82bef38dff91be0182d26c13694dec687d1b8971bb2924076b89646f1

  • SHA512

    f9a385117ca8b1c2a407c9d3e2bb24dd084b595a6e35f1be5c6526b872bdad215b2d365cb5e2b86a2abdde1b5f12adef515a1f44d78ae4a15a1de84f9fe36a48

  • SSDEEP

    98304:7ML/uN7+YiIEv6gbk2f4qn3KEPi/MvxlnciASbG9Qv7JvEH:likx2l3KEPUMZ6UK9Qvtm

Malware Config

Targets

    • Target

      9939bea82bef38dff91be0182d26c13694dec687d1b8971bb2924076b89646f1

    • Size

      3.3MB

    • MD5

      c81e236e8e7445375ee40d8e3f327873

    • SHA1

      43fd1ac04a1793ceb60061c402c3f2bab67daa1c

    • SHA256

      9939bea82bef38dff91be0182d26c13694dec687d1b8971bb2924076b89646f1

    • SHA512

      f9a385117ca8b1c2a407c9d3e2bb24dd084b595a6e35f1be5c6526b872bdad215b2d365cb5e2b86a2abdde1b5f12adef515a1f44d78ae4a15a1de84f9fe36a48

    • SSDEEP

      98304:7ML/uN7+YiIEv6gbk2f4qn3KEPi/MvxlnciASbG9Qv7JvEH:likx2l3KEPUMZ6UK9Qvtm

    • Hydra

      Android banker and info stealer.

    • Hydra payload

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

MITRE ATT&CK Enterprise v15

Tasks