Overview

overview

10

Static

static

6

1a1c0beae1...5a.apk

android-9-x86

10

1a1c0beae1...5a.apk

android-10-x64

10

1a1c0beae1...5a.apk

android-11-x64

10

vk_dex.apk

android-9-x86

vk_dex.apk

android-10-x64

vk_dex.apk

android-11-x64

Analysis

  • max time kernel
    3496934s
  • max time network
    149s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    30-12-2023 13:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1a1c0beae19827530fe6e3fea729845a.apk

  • Size

    3.2MB

  • MD5

    1a1c0beae19827530fe6e3fea729845a

  • SHA1

    0accfe19ad55130c45063cd0cdadbe9cb002437f

  • SHA256

    1cd704ca2729a62bfab839ffdc5fd1c19de0bc15fb961da305c7ae1ccbe8e1c7

  • SHA512

    f6a89dd955d3f780883ab3a65be97859d1a6157465904d94e01ec6976a456037c1f92ce0a3feb6ebf434f398d28359765ac9fa1f47bf800b5933434a9ba2328d

  • SSDEEP

    98304:9KvwDNss09Wro46vM78DvADyLrXnUCHGY3W3PcF6dM:9KvwxlcIb6vM8Ay7Hj3oOcM

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • com.kxgosnpq.wxwdgdb
    1⤵
    • Makes use of the framework's Accessibility service
    • Loads dropped Dex/Jar
    PID:4461

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.kxgosnpq.wxwdgdb/code_cache/secondary-dexes/base.apk.classes1.zip
    Filesize

    902KB

    MD5

    cd40f31b4229bbf687198e85a687066c

    SHA1

    653bfccef387e56a9903a09c945bd44cdad315da

    SHA256

    b7ba60ca4f4494f8415b7ed71d07e486cf1541168e78f8602fc47fd905122807

    SHA512

    ac46be620dbd8960693cb3845ee91bb4ff5b23fc13bd81fbf4cfd0ab1587b64c3b360a2566e722063c8b800fd29f85897aa941cfa6deddc931c67a70fb637825

    Download Submit

  • /data/user/0/com.kxgosnpq.wxwdgdb/code_cache/secondary-dexes/tmp-base.apk.classes699219333289057504.zip
    Filesize

    378KB

    MD5

    7091a3c2246d9615bffad304696dbb6d

    SHA1

    362595608f76c90fd28fe06a76ca01bbbf15657e

    SHA256

    3c79254308d885c2d97142e5ecdae1cf7991f0c6596caa6b7c887704f52caae8

    SHA512

    48b6ec4a2ed1bef3b3aad290771a4e93fcaf90de768e2ef9217aadff1ab233790ee0bbe74cee82fd5e11346e4ea3ba60b40f000f38ee2be51c23d7c66ff156e7

    Download Submit