General

  • Target

    71abf35b94b0ab18fe5981a0e926810b

  • Size

    2.3MB

  • Sample

    240124-jmlzaadbep

  • MD5

    71abf35b94b0ab18fe5981a0e926810b

  • SHA1

    a835759b647fea1b80762b1f3c5dcd1e99845881

  • SHA256

    c67d0e91ad9b661f5a8b3a07ec5bc46d634c88e0bfe06a908f92a39fac7b1ad4

  • SHA512

    7a73a2ceaa1319422bfc8de8efb1e2f4eaa047ddc4fe925f1ee471bd05732224e0131faf657b7d321f64342b2b6932414d9ddfa3ea43ea1b4a6bec8984e62c94

  • SSDEEP

    49152:Bm6+ezp5FbkfrGRhlXA/yU69dWEvPcXhpV1x3QY:9+ezDFCGhlA/169dv3cXpQY

Malware Config

Targets

    • Target

      71abf35b94b0ab18fe5981a0e926810b

    • Size

      2.3MB

    • MD5

      71abf35b94b0ab18fe5981a0e926810b

    • SHA1

      a835759b647fea1b80762b1f3c5dcd1e99845881

    • SHA256

      c67d0e91ad9b661f5a8b3a07ec5bc46d634c88e0bfe06a908f92a39fac7b1ad4

    • SHA512

      7a73a2ceaa1319422bfc8de8efb1e2f4eaa047ddc4fe925f1ee471bd05732224e0131faf657b7d321f64342b2b6932414d9ddfa3ea43ea1b4a6bec8984e62c94

    • SSDEEP

      49152:Bm6+ezp5FbkfrGRhlXA/yU69dWEvPcXhpV1x3QY:9+ezDFCGhlA/169dv3cXpQY

    • Hydra

      Android banker and info stealer.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks