General
-
Target
a3b826de0c445f0924c50939494a26b0d99ef3ccac80faacca98673625656278
-
Size
3.9MB
-
Sample
231220-mj8wesdfc6
-
MD5
29dbb4d3b12ef397538f6bfc04005af4
-
SHA1
a66e0803bcd3de355c4a0bbfc8cbe37141564b89
-
SHA256
a3b826de0c445f0924c50939494a26b0d99ef3ccac80faacca98673625656278
-
SHA512
5abfd4248dc26e17b751158fa8099db65f13eb96a1194d6d2d73a0ff8ee518b346d0ccd31eca8ae59822f950b22ab0861077fcbac067c864ed812fc19ae8d544
-
SSDEEP
98304:KoFFYtf1csBoNed4ri6MUp28jXTzUQqMMb5hMhk3hl1pcTSyFtBUZ:KtocIi6MQj3UQqMMOk3hl1pcTSyFtqZ
Malware Config
Targets
-
-
Target
a3b826de0c445f0924c50939494a26b0d99ef3ccac80faacca98673625656278
-
Size
3.9MB
-
MD5
29dbb4d3b12ef397538f6bfc04005af4
-
SHA1
a66e0803bcd3de355c4a0bbfc8cbe37141564b89
-
SHA256
a3b826de0c445f0924c50939494a26b0d99ef3ccac80faacca98673625656278
-
SHA512
5abfd4248dc26e17b751158fa8099db65f13eb96a1194d6d2d73a0ff8ee518b346d0ccd31eca8ae59822f950b22ab0861077fcbac067c864ed812fc19ae8d544
-
SSDEEP
98304:KoFFYtf1csBoNed4ri6MUp28jXTzUQqMMb5hMhk3hl1pcTSyFtBUZ:KtocIi6MQj3UQqMMOk3hl1pcTSyFtqZ
Score10/10-
Hydra
Android banker and info stealer.
-
Hydra payload
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Reads information about phone network operator.
-