Analysis
-
max time kernel
3487860s -
max time network
156s -
platform
android_x86 -
resource
android-x86-arm-20231215-en -
resource tags
-
submitted
03-01-2024 15:12
General
-
Target
61e49ea8ac3572e344c27742a2d53266df15266d0163470bbb56e5cd7ad78a4b.apk
-
Size
7.7MB
-
MD5
86a3403d7a9b5a70b5ab1074e6faea47
-
SHA1
eed67e0b464ff00aa14e9122d618bf063f2156e5
-
SHA256
61e49ea8ac3572e344c27742a2d53266df15266d0163470bbb56e5cd7ad78a4b
-
SHA512
91b516f4cf76cd77c2e333506ce320ab1f6645c67d31b18a6e67c208831bb5870de05aacfd0834457c9418b5067bbc17f53a8e9afe5d274d05e31c389bd75f27
-
SSDEEP
196608:LKWKndNMyQI4/FVjt/NMC1NC3lDWx0RiQdyjynFAL9z:OWKdNMyQfNVjMzWabyj40z
Malware Config
Signatures
-
Hydra
Android banker and info stealer.
-
Makes use of the framework's Accessibility service 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Loads dropped Dex/Jar 3 IoCs
Runs executable file dropped to the device during analysis.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Reads information about phone network operator.
Processes
-
wdc.rejg9r45.lzeg9rj1⤵
- Makes use of the framework's Accessibility service
- Loads dropped Dex/Jar
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/wdc.rejg9r45.lzeg9rj/app_apkprotector_dex/aLQPicJi.fz --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/wdc.rejg9r45.lzeg9rj/app_apkprotector_dex/oat/x86/aLQPicJi.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
-
/system/bin/ndk_translation_program_runner_binfmt_misc /data/user/0/wdc.rejg9r45.lzeg9rj/app_torfiles/tor /data/user/0/wdc.rejg9r45.lzeg9rj/app_torfiles/tor -f /data/user/0/wdc.rejg9r45.lzeg9rj/app_torfiles/torrc __OwningControllerProcess 42302⤵
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
63KB
MD5f972820b92dfa357cc1149325264109b
SHA16decc61e450b1535301ccfbe5b20d268cfeb313c
SHA2567cae3ba6ad87460f4f726001e29a69895d497edc039be528ef657663109fd011
SHA51240d481896eedaa5043404ba4382692f03ef0dcfd8d7922b258f2681fdd4e93505ae6e5c82c0e1b6c9f3cc904df524ff6a499f8c50bd85757fbbeb3e635126834
-
Filesize
336B
MD532d528f3a74b2ae9240d83470f675d19
SHA10c8a08da3dca19d3a8700856f6782f400d685938
SHA25626f162857107e648e9e2c6ca68239f09152ce0b2c82523cb81d72e4001331e0a
SHA512026cab77f5c6b217f68abc58ec87fc96ee597090ccb6f17d07aed44a2c1b6b9fef1e300a095517e160ebc1d4a397e3b0caa13a8598c972c8486a2f3af0895ea4
-
Filesize
3.7MB
MD556448dccfc5e741906a3f341a8074529
SHA125b37c288294286857068096f08fcaabe5f0d15c
SHA2565cbe8700ccfc399187ca8fa571a25247e60d9e0dba8ad885c414f1a572720482
SHA5121e83161e5472b11df0ba39ac094be877157e06fb6d52044cfafb7d902a67c9de0ef9dcc49423ab2f1dac7011fd99e6d65e6f505a3c8a82b864820de0ca264592
-
Filesize
3.7MB
MD5823fe6efd8bfc17675f886ec6ae2b8f4
SHA14d095bc5f2d9c9fa9aec6ac3ecb92cb1907eb9bc
SHA25628c0d0f3c242b01ac37f47d79e7577cfb4ab9f0a824b4df59e3db78e836f9125
SHA5124f0965f90642fd8e59fd35da8978b042a2170686e0d7e8d0d4b4a0f64e98bef94cb37da69cf7e79b9b536458a4da7ca273f28ebbd0022df9ed68e7ac11b32be2