General

  • Target

    a6d27ba039ac9cb0d5a6a3cffca2002feb9ecb8cfed54ce5c0a768064084d43d

  • Size

    6.2MB

  • Sample

    231220-m1rcpsbggm

  • MD5

    e5445cda1bf1f82fc1fd4edb1317c41f

  • SHA1

    8b3d7122a94bb1694e1d3e33cbbd056e4350598b

  • SHA256

    a6d27ba039ac9cb0d5a6a3cffca2002feb9ecb8cfed54ce5c0a768064084d43d

  • SHA512

    84dcd079ac022faf2707c2cdb48bc656320307e0d03d58748de78a7fa73bfe8c071a491bdc4401e7b8d31e60024cae43c947307ffdc64d7c54e4f185076fe0bc

  • SSDEEP

    196608:m8+atol4aXiwsyOKu/EywCJ8Uvqjn1AzA3dU6Ecsk:m8+ayeNwsL3Nw7UvqjKQU69sk

Malware Config

Targets

    • Target

      a6d27ba039ac9cb0d5a6a3cffca2002feb9ecb8cfed54ce5c0a768064084d43d

    • Size

      6.2MB

    • MD5

      e5445cda1bf1f82fc1fd4edb1317c41f

    • SHA1

      8b3d7122a94bb1694e1d3e33cbbd056e4350598b

    • SHA256

      a6d27ba039ac9cb0d5a6a3cffca2002feb9ecb8cfed54ce5c0a768064084d43d

    • SHA512

      84dcd079ac022faf2707c2cdb48bc656320307e0d03d58748de78a7fa73bfe8c071a491bdc4401e7b8d31e60024cae43c947307ffdc64d7c54e4f185076fe0bc

    • SSDEEP

      196608:m8+atol4aXiwsyOKu/EywCJ8Uvqjn1AzA3dU6Ecsk:m8+ayeNwsL3Nw7UvqjKQU69sk

    • Hydra

      Android banker and info stealer.

    • Hydra payload

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

MITRE ATT&CK Enterprise v15

Tasks