Overview

overview

10

Static

static

6

a78ee7c33c...fa.apk

 

a78ee7c33c...fa.apk

android-10-x64

10

a78ee7c33c...fa.apk

android-11-x64

10

Analysis

  • max time kernel
    2493836s
  • max time network
    160s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    20-12-2023 11:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a78ee7c33c6f5cefec6d8066c183d2da581b1f9cba78645a23feb16b9e84eafa.apk

  • Size

    3.0MB

  • MD5

    45b53a540cf8acd6bfeee8cf25132011

  • SHA1

    7e1fc57a9abf6e09476bc912235ad658f9168f63

  • SHA256

    a78ee7c33c6f5cefec6d8066c183d2da581b1f9cba78645a23feb16b9e84eafa

  • SHA512

    3148c54e3a8b22ea5381f5c7bc1593771f720e484eb7660450d5fac19428020ddca0a1107b35a34de8ee1fdf53244b30171d6046238e1727cd4bf953a3736d09

  • SSDEEP

    49152:Hlkl9aZNeNtqmzuBbyq2r4LtDun1sfkOfm+mohRBAK4c2edZHsF9h5cJI2eHGU7i:HIm0NqwbiQnyf7tecjGN+Olj77+rh

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 2 IoCs
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

Processes

  • com.federal.label
    1⤵
    • Makes use of the framework's Accessibility service
    • Loads dropped Dex/Jar
    PID:4479

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.federal.label/app_DynamicOptDex/HoEI.json
    Filesize

    1.9MB

    MD5

    7acd504ab9ecb12d34cfb32b552f393f

    SHA1

    f4c08be538c603ca5ef903a85a0239e1ebda7257

    SHA256

    1020f08d9e5a76cd67a80f141f13b48caf00628223c051c97e5787872275da26

    SHA512

    0a7eae84c9f66a335f67577ed35ffd67db94fffd5922d0019a0d41f0574378df29a162bd7b1b781242873fcef99118f74cce9f183fa2aa4eb1e538a0cba20151

    Download Submit

  • /data/user/0/com.federal.label/app_DynamicOptDex/HoEI.json
    Filesize

    1.9MB

    MD5

    022c92dddd84d9a1535f3caa36cc8ca1

    SHA1

    e1e2b6eead62acda59175455a6e47f1469c63093

    SHA256

    4442c5285523636a33737c2f1241f68d51e4b36539495170fa64ad15a491a7b0

    SHA512

    e8babbb72687e386c50374502d099ba2e501f36833e2c70d442fe7d49778e4025c18092ff05a4e439b310bdce11a8d69c1cbf9b0b235a576af0e78f25e3170da

    Download Submit

  • /data/user/0/com.federal.label/app_DynamicOptDex/HoEI.json
    Filesize

    5.0MB

    MD5

    5c031c79dbe11082ece199a62aa471b7

    SHA1

    1a7e2d5b8b524c0fd1082fcb564ef2e6095c8ccc

    SHA256

    60e34f9cbd66cce374fcecbc92e209f6593c4b109795bb0ad48b37756d5fd3ee

    SHA512

    dd2fb0bdfcf10f9a40544ff59cb8b13824ee8b791e6b040047bf069ecc39af292f025146764a2e7b5c18fa8858aafbfff2ea6b4b096c904a216f6a6412605681

    Download Submit