Analysis

  • max time kernel
    3201490s
  • max time network
    146s
  • platform
    android_x64
  • resource
    android-x64-20231215-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
  • submitted
    30-12-2023 02:07

General

  • Target

    0b1c0ff2a98a57fa9ced149762b8fb9c.apk

  • Size

    3.0MB

  • MD5

    0b1c0ff2a98a57fa9ced149762b8fb9c

  • SHA1

    3b184ddb11435dcb5d3f5de724c0718d0ecfc859

  • SHA256

    f3461634486f4177f1dd18f89a06ca6a8c5bdf829604c15ecda2fa51c6a88c95

  • SHA512

    73f256c581cef280938a09d34ad2bd511fcec8d354d3dacb1d855ccdba15efeec97b4bdf1acd24168d57733ede7a8947b8762377f563b14c8612383838cb9963

  • SSDEEP

    49152:YbuRuQUJjM9UhqBJbujHzieFSR+GFJnSyyNYN4of6zujiHWsWcHeX5KoIoE7bD:Yq4QUJc/buH64GWOrIWsWcH8t58

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • com.euhfotlq.fuzdajn
    1⤵
    • Makes use of the framework's Accessibility service
    • Loads dropped Dex/Jar
    PID:4985

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.euhfotlq.fuzdajn/code_cache/secondary-dexes/tmp-base.apk.classes7158940057770460597.zip

    Filesize

    31KB

    MD5

    f5c2476ac851574a39e0af18881001b7

    SHA1

    dde47138caba22bb9b5460008c1dac5c32fec678

    SHA256

    b3e27ec166b9cf3448c0a75328c087ee0e92849cf0224c11d7ec16461d04eda7

    SHA512

    d7597d15c34b9b82658a68c089b4b5669515d920128fbb0329486b998513c2392cb63b1b7b3025f01b7df625d53aaceb6f09a45ebbad92580e45d52925a56436

  • /data/user/0/com.euhfotlq.fuzdajn/code_cache/secondary-dexes/base.apk.classes1.zip

    Filesize

    902KB

    MD5

    0caa1a0ebd20647b4dae3bf6d7f2a19a

    SHA1

    c0ee2687bbaeb224141585058424613b19a10035

    SHA256

    f001e05266ecae0667daafb81dd948196a342f5df1f994b14b84ef0daf091df2

    SHA512

    b860436e0ce0ab0548129abcd23de18451719d4fe6d9228e276b1ca51658f771470379477b43442602a2dcfec08ade272143590731a37f53ff2f5c7ee4c2f91d