Analysis
-
max time kernel
150s -
max time network
142s -
platform
android_x64 -
resource
android-x64-arm64-20231215-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system -
submitted
24-01-2024 07:47
Static task
static1
Behavioral task
behavioral1
Sample
71abf35b94b0ab18fe5981a0e926810b.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral2
Sample
71abf35b94b0ab18fe5981a0e926810b.apk
Resource
android-x64-20231215-en
Behavioral task
behavioral3
Sample
71abf35b94b0ab18fe5981a0e926810b.apk
Resource
android-x64-arm64-20231215-en
General
-
Target
71abf35b94b0ab18fe5981a0e926810b.apk
-
Size
2.3MB
-
MD5
71abf35b94b0ab18fe5981a0e926810b
-
SHA1
a835759b647fea1b80762b1f3c5dcd1e99845881
-
SHA256
c67d0e91ad9b661f5a8b3a07ec5bc46d634c88e0bfe06a908f92a39fac7b1ad4
-
SHA512
7a73a2ceaa1319422bfc8de8efb1e2f4eaa047ddc4fe925f1ee471bd05732224e0131faf657b7d321f64342b2b6932414d9ddfa3ea43ea1b4a6bec8984e62c94
-
SSDEEP
49152:Bm6+ezp5FbkfrGRhlXA/yU69dWEvPcXhpV1x3QY:9+ezDFCGhlA/169dv3cXpQY
Malware Config
Signatures
-
Hydra
Android banker and info stealer.
-
Makes use of the framework's Accessibility service 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.biepghmse.limanqzfsfr Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.biepghmse.limanqzfsfr -
pid Process 4603 com.biepghmse.limanqzfsfr -
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.biepghmse.limanqzfsfr/app_offline/oighindvf.jar 4603 com.biepghmse.limanqzfsfr -
Requests enabling of the accessibility settings. 1 IoCs
description ioc Process Intent action android.settings.ACCESSIBILITY_SETTINGS com.biepghmse.limanqzfsfr -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 27 ip-api.com -
Reads information about phone network operator.
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
252KB
MD5f14d4be08bf720c3fc50a6e7f0f47a5d
SHA172b63780d2e13a5eff514ae2959d67fcf9b51add
SHA256954a4c0d40866574fede510660b251dbac922a8c90a222e3be3e441cca9b3ce0
SHA512bf6597e0a13c86cc783076fd1621b2ad3fc8fa39dfb82d902e45f3abba9e29c50853e43772ddd7a07f50a6e1f05a8023591f33343d081af25fce67f3358f6b89
-
Filesize
568KB
MD56da8b1032f37ed8e7686d912a1128431
SHA11f9124e082aed0acac28187ac6bd392a3ca67d29
SHA256367a700bcf4a864e4bb1c287546f37eaa84c383902272a0d037f9c0d90f75aa3
SHA5124bdccdcd47ef34029f65a11435101be0774ebb015f277db23fdb4b89cecaa1ed4aa286ff3f220a2d7bd9ef855c8e52e31c595f5022fce4ed3cb5820ca635bbc1