Analysis
-
max time kernel
3487864s -
max time network
158s -
platform
android_x64 -
resource
android-x64-20231215-en -
resource tags
androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system -
submitted
03-01-2024 15:12
Behavioral task
behavioral1
Sample
61e49ea8ac3572e344c27742a2d53266df15266d0163470bbb56e5cd7ad78a4b.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral2
Sample
61e49ea8ac3572e344c27742a2d53266df15266d0163470bbb56e5cd7ad78a4b.apk
Resource
android-x64-20231215-en
Behavioral task
behavioral3
Sample
61e49ea8ac3572e344c27742a2d53266df15266d0163470bbb56e5cd7ad78a4b.apk
Resource
android-x64-arm64-20231215-en
General
-
Target
61e49ea8ac3572e344c27742a2d53266df15266d0163470bbb56e5cd7ad78a4b.apk
-
Size
7.7MB
-
MD5
86a3403d7a9b5a70b5ab1074e6faea47
-
SHA1
eed67e0b464ff00aa14e9122d618bf063f2156e5
-
SHA256
61e49ea8ac3572e344c27742a2d53266df15266d0163470bbb56e5cd7ad78a4b
-
SHA512
91b516f4cf76cd77c2e333506ce320ab1f6645c67d31b18a6e67c208831bb5870de05aacfd0834457c9418b5067bbc17f53a8e9afe5d274d05e31c389bd75f27
-
SSDEEP
196608:LKWKndNMyQI4/FVjt/NMC1NC3lDWx0RiQdyjynFAL9z:OWKdNMyQfNVjMzWabyj40z
Malware Config
Signatures
-
Hydra
Android banker and info stealer.
-
Makes use of the framework's Accessibility service 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
Processes:
wdc.rejg9r45.lzeg9rjdescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId wdc.rejg9r45.lzeg9rj Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId wdc.rejg9r45.lzeg9rj -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
wdc.rejg9r45.lzeg9rjioc pid process /data/user/0/wdc.rejg9r45.lzeg9rj/app_apkprotector_dex/aLQPicJi.fz 4991 wdc.rejg9r45.lzeg9rj /data/user/0/wdc.rejg9r45.lzeg9rj/app_apkprotector_dex/aLQPicJi.fz 4991 wdc.rejg9r45.lzeg9rj -
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 6 ip-api.com 11 ip-api.com -
Reads information about phone network operator.
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
18KB
MD56eac72b19cabf1a4a2ea2c6507246013
SHA1373594e132d44dea95490edfe5f0a12488ca14c3
SHA2569edbdf41162f4ab96a9136e414a3ed5efa8c92fdfc00c91c9d808907c580fd63
SHA512b125a8d074cbb6c08a52d1b4d7bb00b84599802d3381721995d36ab511346b098ccd510aec33dd0f31291dac539a1f7758f5b8c628042014e7ce8384c898d609
-
Filesize
2.7MB
MD54994eb4ab0ecec87316031d0521dc6c0
SHA11fafe4db5805bbcd9d0a2aad93848324f4d33286
SHA256cd3873d3e4f622c828bf0998fda591d5a55cc18e4a3e007f6634deeb6c66b4c5
SHA5123d070f2794614b3915ee3216513c01ab775d37629bce04a2a0e09424fbc021d817e43c272a20771f1c44b059db9b4a85adccd93435b7132d0cdb21c105426159
-
Filesize
3.7MB
MD556448dccfc5e741906a3f341a8074529
SHA125b37c288294286857068096f08fcaabe5f0d15c
SHA2565cbe8700ccfc399187ca8fa571a25247e60d9e0dba8ad885c414f1a572720482
SHA5121e83161e5472b11df0ba39ac094be877157e06fb6d52044cfafb7d902a67c9de0ef9dcc49423ab2f1dac7011fd99e6d65e6f505a3c8a82b864820de0ca264592