Analysis
-
max time kernel
3715267s -
max time network
154s -
platform
android_x64 -
resource
android-x64-arm64-20231215-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system -
submitted
06-01-2024 06:22
Static task
static1
Behavioral task
behavioral1
Sample
45830da853df876cc3e46716c7da738b.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral2
Sample
45830da853df876cc3e46716c7da738b.apk
Resource
android-x64-20231215-en
Behavioral task
behavioral3
Sample
45830da853df876cc3e46716c7da738b.apk
Resource
android-x64-arm64-20231215-en
Behavioral task
behavioral4
Sample
vk_dex.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral5
Sample
vk_dex.apk
Resource
android-x64-20231215-en
Behavioral task
behavioral6
Sample
vk_dex.apk
Resource
android-x64-arm64-20231215-en
General
-
Target
45830da853df876cc3e46716c7da738b.apk
-
Size
3.2MB
-
MD5
45830da853df876cc3e46716c7da738b
-
SHA1
cfac92065b0d115504e008683ec792e8ddc54925
-
SHA256
ae6f5521304808c1871efeb9168ad649aa4996c9c55909c6c3580f43203a40b1
-
SHA512
818de822cfb48c302f40990407914d5408d261dbad23541b2c8a458917995cfd26768b142943bd552302157ad71d45c92707fa1107bbacc4db87c4dd50e24917
-
SSDEEP
98304:iXvfTET+HggtmXEo6S/FMiwCoDkPpx3O9iEYNLrX4qzclf3W34:iXvfHm/6S95e2pRVEYe8cp3V
Malware Config
Signatures
-
Hydra
Android banker and info stealer.
-
Makes use of the framework's Accessibility service 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.vlvkbtii.uprlqjs Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.vlvkbtii.uprlqjs -
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.vlvkbtii.uprlqjs/code_cache/secondary-dexes/base.apk.classes1.zip 4473 com.vlvkbtii.uprlqjs -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 30 ip-api.com -
Reads information about phone network operator.
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
902KB
MD552988cc4159fb4316b4a4d95358a9226
SHA173c73627aef4c02d7c8a623f11a3cb2d2b3715f2
SHA25637b84f5c6fc4587849d7152868b15492ac133643df644dca638c58453a7af5e6
SHA512f59a3cc74a547db4705738e06bd76feb7fd393a19e78977627d3de9ae58e3ed4e1ef9189c850d0ea8e2bc3dcb4538abe12c9dbe5bbc0442ea10cff0076673902
-
/data/user/0/com.vlvkbtii.uprlqjs/code_cache/secondary-dexes/tmp-base.apk.classes7971036874634822887.zip
Filesize378KB
MD5276b104783ea96b740ab3f28a09d80e2
SHA1e9c4caa2dc7fdb9b488d52ab16232f9b1f86bc18
SHA256f9957850fd997cc6bb3da0542da4886c304eefb9c5e87401317f739591f70840
SHA5127b8e82ce5ebbf75e8c803ff06be67355d5de29708307951aa26742ea397a5dc51327c6261be9378b74f7da7c52f6b93ea36b5d5fa82648d4d8ceb666adc0af08