General

  • Target

    5f2a21c5569b01486fb791784aff7005

  • Size

    3.1MB

  • Sample

    240116-gxrw6seccn

  • MD5

    5f2a21c5569b01486fb791784aff7005

  • SHA1

    5c674b4543573ddc6008e9d013fbf5001fd3b923

  • SHA256

    9afaa372d732d9a920e8dc68ccc243a248f839f52dac33da41f69f2ba0941906

  • SHA512

    155a1b34bc78cd55fe4bb10dc8b5bafa65e23e6be4ee01a6139fc5bfb4b4ae9008fe2960b2ad4c5c9faa4ae4a8805c1e07edd790d745d5ede5ca766729ee653a

  • SSDEEP

    98304:ozQtjfDm3PO06zgBr3XlEY2P/nfyF3wBlAVI:oMhm/6z6T1EYWfyy

Malware Config

Targets

    • Target

      5f2a21c5569b01486fb791784aff7005

    • Size

      3.1MB

    • MD5

      5f2a21c5569b01486fb791784aff7005

    • SHA1

      5c674b4543573ddc6008e9d013fbf5001fd3b923

    • SHA256

      9afaa372d732d9a920e8dc68ccc243a248f839f52dac33da41f69f2ba0941906

    • SHA512

      155a1b34bc78cd55fe4bb10dc8b5bafa65e23e6be4ee01a6139fc5bfb4b4ae9008fe2960b2ad4c5c9faa4ae4a8805c1e07edd790d745d5ede5ca766729ee653a

    • SSDEEP

      98304:ozQtjfDm3PO06zgBr3XlEY2P/nfyF3wBlAVI:oMhm/6z6T1EYWfyy

    • Hydra

      Android banker and info stealer.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks