Overview

overview

10

Static

static

10

61e49ea8ac...4b.apk

android-9-x86

10

61e49ea8ac...4b.apk

android-10-x64

10

61e49ea8ac...4b.apk

android-11-x64

10

Analysis

  • max time kernel
    2582579s
  • max time network
    151s
  • platform
    android_x64
  • resource
    android-x64-20231215-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
  • submitted
    23-12-2023 18:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    61e49ea8ac3572e344c27742a2d53266df15266d0163470bbb56e5cd7ad78a4b.apk

  • Size

    7.7MB

  • MD5

    86a3403d7a9b5a70b5ab1074e6faea47

  • SHA1

    eed67e0b464ff00aa14e9122d618bf063f2156e5

  • SHA256

    61e49ea8ac3572e344c27742a2d53266df15266d0163470bbb56e5cd7ad78a4b

  • SHA512

    91b516f4cf76cd77c2e333506ce320ab1f6645c67d31b18a6e67c208831bb5870de05aacfd0834457c9418b5067bbc17f53a8e9afe5d274d05e31c389bd75f27

  • SSDEEP

    196608:LKWKndNMyQI4/FVjt/NMC1NC3lDWx0RiQdyjynFAL9z:OWKdNMyQfNVjMzWabyj40z

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • wdc.rejg9r45.lzeg9rj
    1⤵
    • Makes use of the framework's Accessibility service
    • Loads dropped Dex/Jar
    PID:4982

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/wdc.rejg9r45.lzeg9rj/app_apkprotector_dex/aLQPicJi.fz
    Filesize

    15KB

    MD5

    c61aae98d3bfec558bc2a32197343753

    SHA1

    ed5b0a8c626a7e7d05f7179b45e27a8f6785628c

    SHA256

    0324ebcfbf1e14191b19c6b909c84389504694f7cee0d9895e2f1018bdd35e86

    SHA512

    7131083ffca32db7452803d1b4ffc8ae75a29d9e5f89832dda66e515f61771086bb08b2bfcd8ea4efe07244c92f3fb3c98884680660b5bb0dc3f88c4326bd4d6

    Download Submit

  • /data/data/wdc.rejg9r45.lzeg9rj/app_torfiles/geoip
    Filesize

    3KB

    MD5

    dd0b90e8c2f9abe80c2ccea56e42df96

    SHA1

    b5f8343cede081f2e504ec02a17f85a44a688dca

    SHA256

    255ddd1f5098cb23362e4a25c4cfc2d9bc330bce1ab90f2fc946118a1ace8cbb

    SHA512

    90b8944cc43d25296ab9ee724bb88880faba94485071765ebda9d40fd26ba86aee01f58836abc893d2595882a21c7745ed8a8c65d47a57e27d7e88185febe27b

    Download Submit

  • /data/user/0/wdc.rejg9r45.lzeg9rj/app_apkprotector_dex/aLQPicJi.fz
    Filesize

    3.7MB

    MD5

    56448dccfc5e741906a3f341a8074529

    SHA1

    25b37c288294286857068096f08fcaabe5f0d15c

    SHA256

    5cbe8700ccfc399187ca8fa571a25247e60d9e0dba8ad885c414f1a572720482

    SHA512

    1e83161e5472b11df0ba39ac094be877157e06fb6d52044cfafb7d902a67c9de0ef9dcc49423ab2f1dac7011fd99e6d65e6f505a3c8a82b864820de0ca264592

    Download Submit