Analysis
-
max time kernel
3769115s -
max time network
153s -
platform
android_x64 -
resource
android-x64-arm64-20231215-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system -
submitted
26-12-2023 16:51
Static task
static1
Behavioral task
behavioral1
Sample
7e0fb2f9a44f5f0fd16b13a057073c4a.apk
Behavioral task
behavioral2
Sample
7e0fb2f9a44f5f0fd16b13a057073c4a.apk
Behavioral task
behavioral3
Sample
7e0fb2f9a44f5f0fd16b13a057073c4a.apk
Resource
android-x64-arm64-20231215-en
General
-
Target
7e0fb2f9a44f5f0fd16b13a057073c4a.apk
-
Size
4.8MB
-
MD5
7e0fb2f9a44f5f0fd16b13a057073c4a
-
SHA1
a05f51771024502c146840cd976007fa53c09ed1
-
SHA256
65f49dd1523e0e28ff85f339142b6f36e36203e88ae969ef6e8fb8d3e48c171c
-
SHA512
0909a1a7d883022f6afbfab5decc3841f8a1b0d0c993fb5730656eef38ee321cae2dcdf32cf11ce3650bdf33bc96f63803a424c104358131f76a9e629c224792
-
SSDEEP
98304:RbmNnh99Cq7yEvmO4IdrC6MrUl3n46ca26tEQ6iv9L:RSRh99CCyEvmO4IdurK6a26tEQ6QZ
Malware Config
Signatures
-
Hydra
Android banker and info stealer.
-
Hydra payload 1 IoCs
resource yara_rule behavioral3/memory/4601-0.dex family_hydra1 -
Makes use of the framework's Accessibility service 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId fork.walk.elder Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId fork.walk.elder -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/fork.walk.elder/app_DynamicOptDex/orQR.json 4601 fork.walk.elder /data/user/0/fork.walk.elder/app_DynamicOptDex/orQR.json 4601 fork.walk.elder -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 31 ip-api.com -
Reads information about phone network operator.
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.8MB
MD56f038f3787e42510e4173ca1aae2e115
SHA13e97fe2e94cdde996ecac2ae167062328b78acce
SHA256326b4f05011f0638e00136b69006f19abda44f00a8bfd0a3dea710eb20e47374
SHA512754a339a52ef94427c4871f27293910353daab9cbc001ceea9406d2b8ce9efbfcaf43629395df28d6f43de4d1be4f5cc16e0b7aea9b2d749380ff210ac033120