Analysis

  • max time kernel
    2817537s
  • max time network
    161s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    22-12-2023 01:57

General

  • Target

    4dd669342edfa0525643296013f24363.apk

  • Size

    2.8MB

  • MD5

    4dd669342edfa0525643296013f24363

  • SHA1

    95d5446d290ef7c6c7ea2f1f56f8cc3d9feaa124

  • SHA256

    5962d5f86037e8393c4fc90da9aefad16aba3352b315c709a0f4218d53c9fd8c

  • SHA512

    491471a4f674613893171f80e22cd129ae5c68c09ffbc6bbee0ae25c47defe2395c4d1edacf763e2626e73f66bd222260a828d2cc7d38cf229638351f6cfc0d3

  • SSDEEP

    49152:G6OpQPPGQ+AhoUFHe8dwlKKWxyjB3pB4wp4aw5O8rZK8XUHhyyzrlco1a05s51d6:GvpQPPGQ+AhFQ8dIy+rB4wpU5JrZKBHv

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • com.nmbwcltf.tvskjqp
    1⤵
    • Makes use of the framework's Accessibility service
    • Loads dropped Dex/Jar
    PID:4475

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.nmbwcltf.tvskjqp/code_cache/secondary-dexes/base.apk.classes1.zip

    Filesize

    817KB

    MD5

    076e28a6e981e378ed8e34b218bd4270

    SHA1

    b897244b84d678269caa33e81b3c3031e6f44a02

    SHA256

    7297dc3cc0712329f69572dbf216bad63f241b206deb738babd9b657c8372a4b

    SHA512

    85448b94029b474bfd6742de7926e721237c384152fd83d7e63c496329b854229e7d41e2d4bda1cf728ed4edda69a2d5207b752ac190f9e2174b89769d6fdf97

  • /data/user/0/com.nmbwcltf.tvskjqp/code_cache/secondary-dexes/tmp-base.apk.classes276946482299771419.zip

    Filesize

    344KB

    MD5

    70ad0e08f148e1285eda02504cb59669

    SHA1

    72751ad13f1c94465afcc3fa2ad3113f7ff2651b

    SHA256

    b225c1624f7dde7318c51530bac563dbaa0ead9d6a99d00ebf4d3c61a0deab8b

    SHA512

    2b5abab3a70a5b0b0daa7923350ee83210045bf338c6882445e5f3251118505a55a9b538cc722b32c9afe9fb58ef6f8c69f47a7fbfd413888aff50fb6d55ecc3