General

  • Target

    4de47a1a6c0db896371ea6d7c3826e02

  • Size

    7.5MB

  • Sample

    240109-kwqjhacden

  • MD5

    4de47a1a6c0db896371ea6d7c3826e02

  • SHA1

    0bd2c907249f9abcf86bba8b853247335db51a2b

  • SHA256

    3eba7728425ff722be181f04703abc8e4f4972be4ee0a16dbd904ec12f0aeaec

  • SHA512

    947dafb8fd89bbe98e148ffe40c759dde245d345b7e0b9300c21c80e5ddbb76b14080d412a6a81800666988d75731a2250df5c33e8a58b235db2929a7bf1dd9a

  • SSDEEP

    196608:NJb3r1miltWPWDK9spB0W8DWx0RiQdyjynFAL9P:NJb71fMWesYWoWabyj40P

Malware Config

Targets

    • Target

      4de47a1a6c0db896371ea6d7c3826e02

    • Size

      7.5MB

    • MD5

      4de47a1a6c0db896371ea6d7c3826e02

    • SHA1

      0bd2c907249f9abcf86bba8b853247335db51a2b

    • SHA256

      3eba7728425ff722be181f04703abc8e4f4972be4ee0a16dbd904ec12f0aeaec

    • SHA512

      947dafb8fd89bbe98e148ffe40c759dde245d345b7e0b9300c21c80e5ddbb76b14080d412a6a81800666988d75731a2250df5c33e8a58b235db2929a7bf1dd9a

    • SSDEEP

      196608:NJb3r1miltWPWDK9spB0W8DWx0RiQdyjynFAL9P:NJb71fMWesYWoWabyj40P

    • Hydra

      Android banker and info stealer.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks