Overview

overview

10

Static

static

6

1a1c0beae1...5a.apk

android-9-x86

10

1a1c0beae1...5a.apk

android-10-x64

10

1a1c0beae1...5a.apk

android-11-x64

10

vk_dex.apk

android-9-x86

vk_dex.apk

android-10-x64

vk_dex.apk

android-11-x64

Analysis

  • max time kernel
    3496917s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    30-12-2023 13:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1a1c0beae19827530fe6e3fea729845a.apk

  • Size

    3.2MB

  • MD5

    1a1c0beae19827530fe6e3fea729845a

  • SHA1

    0accfe19ad55130c45063cd0cdadbe9cb002437f

  • SHA256

    1cd704ca2729a62bfab839ffdc5fd1c19de0bc15fb961da305c7ae1ccbe8e1c7

  • SHA512

    f6a89dd955d3f780883ab3a65be97859d1a6157465904d94e01ec6976a456037c1f92ce0a3feb6ebf434f398d28359765ac9fa1f47bf800b5933434a9ba2328d

  • SSDEEP

    98304:9KvwDNss09Wro46vM78DvADyLrXnUCHGY3W3PcF6dM:9KvwxlcIb6vM8Ay7Hj3oOcM

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • com.kxgosnpq.wxwdgdb
    1⤵
    • Makes use of the framework's Accessibility service
    • Loads dropped Dex/Jar
    PID:4265
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.kxgosnpq.wxwdgdb/code_cache/secondary-dexes/base.apk.classes1.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.kxgosnpq.wxwdgdb/code_cache/secondary-dexes/oat/x86/base.apk.classes1.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.kxgosnpq.wxwdgdb/code_cache/secondary-dexes/tmp-base.apk.classes3652339772516468604.zip
    Filesize

    378KB

    MD5

    7091a3c2246d9615bffad304696dbb6d

    SHA1

    362595608f76c90fd28fe06a76ca01bbbf15657e

    SHA256

    3c79254308d885c2d97142e5ecdae1cf7991f0c6596caa6b7c887704f52caae8

    SHA512

    48b6ec4a2ed1bef3b3aad290771a4e93fcaf90de768e2ef9217aadff1ab233790ee0bbe74cee82fd5e11346e4ea3ba60b40f000f38ee2be51c23d7c66ff156e7

    Download Submit

  • /data/user/0/com.kxgosnpq.wxwdgdb/code_cache/secondary-dexes/base.apk.classes1.zip
    Filesize

    902KB

    MD5

    ab71582744338a77fb8012ef7292c494

    SHA1

    951f60719cebb0d9231fae3a23ded825691a8a6f

    SHA256

    c2859e1892acfd38eae074443e24a545f7ca60044947bbc32a92a5e74283d0bf

    SHA512

    8cb66eed48a92d97a7a6d3e26545d240708b033027cdc65197873ed912ce594fa629dd7dc1be943731bd26e618eeddb64acdbdcb1dcfa18f4b775487e9889201

    Download Submit

  • /data/user/0/com.kxgosnpq.wxwdgdb/code_cache/secondary-dexes/base.apk.classes1.zip
    Filesize

    902KB

    MD5

    cd40f31b4229bbf687198e85a687066c

    SHA1

    653bfccef387e56a9903a09c945bd44cdad315da

    SHA256

    b7ba60ca4f4494f8415b7ed71d07e486cf1541168e78f8602fc47fd905122807

    SHA512

    ac46be620dbd8960693cb3845ee91bb4ff5b23fc13bd81fbf4cfd0ab1587b64c3b360a2566e722063c8b800fd29f85897aa941cfa6deddc931c67a70fb637825

    Download Submit