Analysis
-
max time kernel
3201490s -
max time network
146s -
platform
android_x64 -
resource
android-x64-20231215-en -
resource tags
androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system -
submitted
30-12-2023 02:07
Static task
static1
Behavioral task
behavioral1
Sample
0b1c0ff2a98a57fa9ced149762b8fb9c.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral2
Sample
0b1c0ff2a98a57fa9ced149762b8fb9c.apk
Resource
android-x64-20231215-en
Behavioral task
behavioral3
Sample
0b1c0ff2a98a57fa9ced149762b8fb9c.apk
Resource
android-x64-arm64-20231215-en
General
-
Target
0b1c0ff2a98a57fa9ced149762b8fb9c.apk
-
Size
3.0MB
-
MD5
0b1c0ff2a98a57fa9ced149762b8fb9c
-
SHA1
3b184ddb11435dcb5d3f5de724c0718d0ecfc859
-
SHA256
f3461634486f4177f1dd18f89a06ca6a8c5bdf829604c15ecda2fa51c6a88c95
-
SHA512
73f256c581cef280938a09d34ad2bd511fcec8d354d3dacb1d855ccdba15efeec97b4bdf1acd24168d57733ede7a8947b8762377f563b14c8612383838cb9963
-
SSDEEP
49152:YbuRuQUJjM9UhqBJbujHzieFSR+GFJnSyyNYN4of6zujiHWsWcHeX5KoIoE7bD:Yq4QUJc/buH64GWOrIWsWcH8t58
Malware Config
Signatures
-
Hydra
Android banker and info stealer.
-
Makes use of the framework's Accessibility service 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.euhfotlq.fuzdajn Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.euhfotlq.fuzdajn -
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.euhfotlq.fuzdajn/code_cache/secondary-dexes/base.apk.classes1.zip 4985 com.euhfotlq.fuzdajn -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 8 ip-api.com -
Reads information about phone network operator.
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.euhfotlq.fuzdajn/code_cache/secondary-dexes/tmp-base.apk.classes7158940057770460597.zip
Filesize31KB
MD5f5c2476ac851574a39e0af18881001b7
SHA1dde47138caba22bb9b5460008c1dac5c32fec678
SHA256b3e27ec166b9cf3448c0a75328c087ee0e92849cf0224c11d7ec16461d04eda7
SHA512d7597d15c34b9b82658a68c089b4b5669515d920128fbb0329486b998513c2392cb63b1b7b3025f01b7df625d53aaceb6f09a45ebbad92580e45d52925a56436
-
Filesize
902KB
MD50caa1a0ebd20647b4dae3bf6d7f2a19a
SHA1c0ee2687bbaeb224141585058424613b19a10035
SHA256f001e05266ecae0667daafb81dd948196a342f5df1f994b14b84ef0daf091df2
SHA512b860436e0ce0ab0548129abcd23de18451719d4fe6d9228e276b1ca51658f771470379477b43442602a2dcfec08ade272143590731a37f53ff2f5c7ee4c2f91d