General

  • Target

    4d378b4fbf06a8d5065b4014a5be500e

  • Size

    3.1MB

  • Sample

    240109-dzr36sdhaq

  • MD5

    4d378b4fbf06a8d5065b4014a5be500e

  • SHA1

    8bbf8e73a24da31a640566ed5c54ae3803c32c4c

  • SHA256

    71c5bd9ef412ea0602a910f63f4baa556719cb901dc6c8b952e7d513cb9061e1

  • SHA512

    50e70ce7f1df95adffe897982488185e78a5e8b7ed78bccb41e991cdd987d431e88b7cbcabf92e87d54fc7604f3ac106eb8f4e299a0d8f011bd1c7ad94ca7599

  • SSDEEP

    49152:NzjEqZRVabFZ50iXeo7+QM7L8d1WqWjkztOGQUZMbNCTSzEJlD5CWJOlh:NzjEcRVaxZ5reU+ROw0ZOH2Mbg2aJM

Malware Config

Targets

    • Target

      4d378b4fbf06a8d5065b4014a5be500e

    • Size

      3.1MB

    • MD5

      4d378b4fbf06a8d5065b4014a5be500e

    • SHA1

      8bbf8e73a24da31a640566ed5c54ae3803c32c4c

    • SHA256

      71c5bd9ef412ea0602a910f63f4baa556719cb901dc6c8b952e7d513cb9061e1

    • SHA512

      50e70ce7f1df95adffe897982488185e78a5e8b7ed78bccb41e991cdd987d431e88b7cbcabf92e87d54fc7604f3ac106eb8f4e299a0d8f011bd1c7ad94ca7599

    • SSDEEP

      49152:NzjEqZRVabFZ50iXeo7+QM7L8d1WqWjkztOGQUZMbNCTSzEJlD5CWJOlh:NzjEcRVaxZ5reU+ROw0ZOH2Mbg2aJM

    • Hydra

      Android banker and info stealer.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks