Analysis
-
max time kernel
2817537s -
max time network
161s -
platform
android_x64 -
resource
android-x64-arm64-20231215-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system -
submitted
22-12-2023 01:57
Static task
static1
Behavioral task
behavioral1
Sample
4dd669342edfa0525643296013f24363.apk
Behavioral task
behavioral2
Sample
4dd669342edfa0525643296013f24363.apk
Resource
android-x64-20231215-en
Behavioral task
behavioral3
Sample
4dd669342edfa0525643296013f24363.apk
Resource
android-x64-arm64-20231215-en
Behavioral task
behavioral4
Sample
vk_dex.apk
Behavioral task
behavioral5
Sample
vk_dex.apk
Resource
android-x64-20231215-en
Behavioral task
behavioral6
Sample
vk_dex.apk
Resource
android-x64-arm64-20231215-en
General
-
Target
4dd669342edfa0525643296013f24363.apk
-
Size
2.8MB
-
MD5
4dd669342edfa0525643296013f24363
-
SHA1
95d5446d290ef7c6c7ea2f1f56f8cc3d9feaa124
-
SHA256
5962d5f86037e8393c4fc90da9aefad16aba3352b315c709a0f4218d53c9fd8c
-
SHA512
491471a4f674613893171f80e22cd129ae5c68c09ffbc6bbee0ae25c47defe2395c4d1edacf763e2626e73f66bd222260a828d2cc7d38cf229638351f6cfc0d3
-
SSDEEP
49152:G6OpQPPGQ+AhoUFHe8dwlKKWxyjB3pB4wp4aw5O8rZK8XUHhyyzrlco1a05s51d6:GvpQPPGQ+AhFQ8dIy+rB4wpU5JrZKBHv
Malware Config
Signatures
-
Hydra
Android banker and info stealer.
-
Makes use of the framework's Accessibility service 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.nmbwcltf.tvskjqp Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.nmbwcltf.tvskjqp -
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.nmbwcltf.tvskjqp/code_cache/secondary-dexes/base.apk.classes1.zip 4475 com.nmbwcltf.tvskjqp -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 29 ip-api.com -
Reads information about phone network operator.
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
817KB
MD5076e28a6e981e378ed8e34b218bd4270
SHA1b897244b84d678269caa33e81b3c3031e6f44a02
SHA2567297dc3cc0712329f69572dbf216bad63f241b206deb738babd9b657c8372a4b
SHA51285448b94029b474bfd6742de7926e721237c384152fd83d7e63c496329b854229e7d41e2d4bda1cf728ed4edda69a2d5207b752ac190f9e2174b89769d6fdf97
-
/data/user/0/com.nmbwcltf.tvskjqp/code_cache/secondary-dexes/tmp-base.apk.classes276946482299771419.zip
Filesize344KB
MD570ad0e08f148e1285eda02504cb59669
SHA172751ad13f1c94465afcc3fa2ad3113f7ff2651b
SHA256b225c1624f7dde7318c51530bac563dbaa0ead9d6a99d00ebf4d3c61a0deab8b
SHA5122b5abab3a70a5b0b0daa7923350ee83210045bf338c6882445e5f3251118505a55a9b538cc722b32c9afe9fb58ef6f8c69f47a7fbfd413888aff50fb6d55ecc3