Analysis

  • max time kernel
    3715267s
  • max time network
    154s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    06-01-2024 06:22

General

  • Target

    45830da853df876cc3e46716c7da738b.apk

  • Size

    3.2MB

  • MD5

    45830da853df876cc3e46716c7da738b

  • SHA1

    cfac92065b0d115504e008683ec792e8ddc54925

  • SHA256

    ae6f5521304808c1871efeb9168ad649aa4996c9c55909c6c3580f43203a40b1

  • SHA512

    818de822cfb48c302f40990407914d5408d261dbad23541b2c8a458917995cfd26768b142943bd552302157ad71d45c92707fa1107bbacc4db87c4dd50e24917

  • SSDEEP

    98304:iXvfTET+HggtmXEo6S/FMiwCoDkPpx3O9iEYNLrX4qzclf3W34:iXvfHm/6S95e2pRVEYe8cp3V

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • com.vlvkbtii.uprlqjs
    1⤵
    • Makes use of the framework's Accessibility service
    • Loads dropped Dex/Jar
    PID:4473

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.vlvkbtii.uprlqjs/code_cache/secondary-dexes/base.apk.classes1.zip

    Filesize

    902KB

    MD5

    52988cc4159fb4316b4a4d95358a9226

    SHA1

    73c73627aef4c02d7c8a623f11a3cb2d2b3715f2

    SHA256

    37b84f5c6fc4587849d7152868b15492ac133643df644dca638c58453a7af5e6

    SHA512

    f59a3cc74a547db4705738e06bd76feb7fd393a19e78977627d3de9ae58e3ed4e1ef9189c850d0ea8e2bc3dcb4538abe12c9dbe5bbc0442ea10cff0076673902

  • /data/user/0/com.vlvkbtii.uprlqjs/code_cache/secondary-dexes/tmp-base.apk.classes7971036874634822887.zip

    Filesize

    378KB

    MD5

    276b104783ea96b740ab3f28a09d80e2

    SHA1

    e9c4caa2dc7fdb9b488d52ab16232f9b1f86bc18

    SHA256

    f9957850fd997cc6bb3da0542da4886c304eefb9c5e87401317f739591f70840

    SHA512

    7b8e82ce5ebbf75e8c803ff06be67355d5de29708307951aa26742ea397a5dc51327c6261be9378b74f7da7c52f6b93ea36b5d5fa82648d4d8ceb666adc0af08