General

  • Target

    011376f46a9ce15f6871530ba02465ce

  • Size

    4.8MB

  • Sample

    231229-xmmgpsefdm

  • MD5

    011376f46a9ce15f6871530ba02465ce

  • SHA1

    d94107888bdfbffcabc6ccb1608f741ee220e97e

  • SHA256

    3640f09bff39e3a943195ecac50c30017890013dadc9d8528fd2220e218f9abe

  • SHA512

    30738bad30be433c0a6b59b28b5478bb8530f54c13ac32cbb21315d7ecef1a4e742ed76683cfb071850281bdd7dfb01117f091126528b3f3f615ed88429d6a99

  • SSDEEP

    98304:6bWNylJAL3ubx87R5wA40fdQtSiUythyCmXsl4gh:6iolJAL3ubx87HwA4WfiUyth/usKgh

Malware Config

Targets

    • Target

      011376f46a9ce15f6871530ba02465ce

    • Size

      4.8MB

    • MD5

      011376f46a9ce15f6871530ba02465ce

    • SHA1

      d94107888bdfbffcabc6ccb1608f741ee220e97e

    • SHA256

      3640f09bff39e3a943195ecac50c30017890013dadc9d8528fd2220e218f9abe

    • SHA512

      30738bad30be433c0a6b59b28b5478bb8530f54c13ac32cbb21315d7ecef1a4e742ed76683cfb071850281bdd7dfb01117f091126528b3f3f615ed88429d6a99

    • SSDEEP

      98304:6bWNylJAL3ubx87R5wA40fdQtSiUythyCmXsl4gh:6iolJAL3ubx87HwA4WfiUyth/usKgh

    • Hydra

      Android banker and info stealer.

    • Hydra payload

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks