Analysis
-
max time kernel
2491920s -
max time network
170s -
platform
android_x64 -
resource
android-x64-arm64-20231215-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system -
submitted
20-12-2023 10:56
Static task
static1
Behavioral task
behavioral1
Sample
a6d27ba039ac9cb0d5a6a3cffca2002feb9ecb8cfed54ce5c0a768064084d43d.apk
Behavioral task
behavioral2
Sample
a6d27ba039ac9cb0d5a6a3cffca2002feb9ecb8cfed54ce5c0a768064084d43d.apk
Resource
android-x64-20231215-en
Behavioral task
behavioral3
Sample
a6d27ba039ac9cb0d5a6a3cffca2002feb9ecb8cfed54ce5c0a768064084d43d.apk
Resource
android-x64-arm64-20231215-en
General
-
Target
a6d27ba039ac9cb0d5a6a3cffca2002feb9ecb8cfed54ce5c0a768064084d43d.apk
-
Size
6.2MB
-
MD5
e5445cda1bf1f82fc1fd4edb1317c41f
-
SHA1
8b3d7122a94bb1694e1d3e33cbbd056e4350598b
-
SHA256
a6d27ba039ac9cb0d5a6a3cffca2002feb9ecb8cfed54ce5c0a768064084d43d
-
SHA512
84dcd079ac022faf2707c2cdb48bc656320307e0d03d58748de78a7fa73bfe8c071a491bdc4401e7b8d31e60024cae43c947307ffdc64d7c54e4f185076fe0bc
-
SSDEEP
196608:m8+atol4aXiwsyOKu/EywCJ8Uvqjn1AzA3dU6Ecsk:m8+ayeNwsL3Nw7UvqjKQU69sk
Malware Config
Signatures
-
Hydra
Android banker and info stealer.
-
Hydra payload 1 IoCs
resource yara_rule behavioral3/memory/4514-0.dex family_hydra2 -
Makes use of the framework's Accessibility service 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.ombththz.ufqsuqx Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.ombththz.ufqsuqx -
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.ombththz.ufqsuqx/tyfkjfUjju/HjIgfhjyqutIhjf/base.apk.gjGyTF81.88g 4514 com.ombththz.ufqsuqx -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 29 ip-api.com -
Reads information about phone network operator.
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7.4MB
MD551e100964dbe5ee426745201f1f8b705
SHA1936ce15dcb75bff6409e79dccfa5137691982159
SHA256e2e6b1095041c1cdb89ed390e884de77f4c8aa8f2d820ecf1ccdd1faba2da427
SHA51263c9e95a2e3923134177aa36e87deceb652d3ae5bd8bea1a4db57f5ecbba53fc9ded9f263e18e37bef57c6b47430adfd04aa7933fc523f29a6556121e0cd42e7
-
/data/user/0/com.ombththz.ufqsuqx/tyfkjfUjju/HjIgfhjyqutIhjf/tmp-base.apk.gjGyTF88312750608183428633.88g
Filesize639KB
MD5a3748251bfd1dd401f875437eafc9df2
SHA1252f14cf49ec18c6ad2af4f6f3c9f4a02a4503e0
SHA256f74bb181a37f353f559cfc3fe93083f9dfb2e9b352e6746726ca01f22676b634
SHA512d24fb868650e24981ad331cbf94f831f13b35fc7510d181e515a7d2949b0ee7269ecf63aa1b1657273226abe2375379eff5d006aaf677cbf75162e86e156ff27