General

  • Target

    56520eabdbd97a436868305176e2d1ba

  • Size

    3.0MB

  • Sample

    240112-ngrpssehdl

  • MD5

    56520eabdbd97a436868305176e2d1ba

  • SHA1

    08fbc7b29cd3e9b414e81ca65b4c51ef2cf77825

  • SHA256

    1c2695d5314b46ab77ff6ea879318161310d792f4e5339926bb0aa5dd5421bf6

  • SHA512

    b8d84cded022bf776b9939aa3abd868eca6c4f6f532a9de2ce1e99c35e33445c519b22f0a1ee90674145371d720c67de8430d208811c936b420171ea9bcf74de

  • SSDEEP

    49152:8/7yT/hx1qoB+bpbwdXe/w1arsCIauzN5t9PYUMf5MK28V4D9zwfsKt5Mt:8/+/DY++bp8dXe/w4sWCNRPYpHn0zwUF

Malware Config

Targets

    • Target

      56520eabdbd97a436868305176e2d1ba

    • Size

      3.0MB

    • MD5

      56520eabdbd97a436868305176e2d1ba

    • SHA1

      08fbc7b29cd3e9b414e81ca65b4c51ef2cf77825

    • SHA256

      1c2695d5314b46ab77ff6ea879318161310d792f4e5339926bb0aa5dd5421bf6

    • SHA512

      b8d84cded022bf776b9939aa3abd868eca6c4f6f532a9de2ce1e99c35e33445c519b22f0a1ee90674145371d720c67de8430d208811c936b420171ea9bcf74de

    • SSDEEP

      49152:8/7yT/hx1qoB+bpbwdXe/w1arsCIauzN5t9PYUMf5MK28V4D9zwfsKt5Mt:8/+/DY++bp8dXe/w4sWCNRPYpHn0zwUF

    • Hydra

      Android banker and info stealer.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks