Analysis

  • max time kernel
    150s
  • max time network
    142s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    24-01-2024 07:47

General

  • Target

    71abf35b94b0ab18fe5981a0e926810b.apk

  • Size

    2.3MB

  • MD5

    71abf35b94b0ab18fe5981a0e926810b

  • SHA1

    a835759b647fea1b80762b1f3c5dcd1e99845881

  • SHA256

    c67d0e91ad9b661f5a8b3a07ec5bc46d634c88e0bfe06a908f92a39fac7b1ad4

  • SHA512

    7a73a2ceaa1319422bfc8de8efb1e2f4eaa047ddc4fe925f1ee471bd05732224e0131faf657b7d321f64342b2b6932414d9ddfa3ea43ea1b4a6bec8984e62c94

  • SSDEEP

    49152:Bm6+ezp5FbkfrGRhlXA/yU69dWEvPcXhpV1x3QY:9+ezDFCGhlA/169dv3cXpQY

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • com.biepghmse.limanqzfsfr
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    PID:4603

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.biepghmse.limanqzfsfr/app_offline/oighindvf.jar

    Filesize

    252KB

    MD5

    f14d4be08bf720c3fc50a6e7f0f47a5d

    SHA1

    72b63780d2e13a5eff514ae2959d67fcf9b51add

    SHA256

    954a4c0d40866574fede510660b251dbac922a8c90a222e3be3e441cca9b3ce0

    SHA512

    bf6597e0a13c86cc783076fd1621b2ad3fc8fa39dfb82d902e45f3abba9e29c50853e43772ddd7a07f50a6e1f05a8023591f33343d081af25fce67f3358f6b89

  • /data/user/0/com.biepghmse.limanqzfsfr/app_offline/oighindvf.jar

    Filesize

    568KB

    MD5

    6da8b1032f37ed8e7686d912a1128431

    SHA1

    1f9124e082aed0acac28187ac6bd392a3ca67d29

    SHA256

    367a700bcf4a864e4bb1c287546f37eaa84c383902272a0d037f9c0d90f75aa3

    SHA512

    4bdccdcd47ef34029f65a11435101be0774ebb015f277db23fdb4b89cecaa1ed4aa286ff3f220a2d7bd9ef855c8e52e31c595f5022fce4ed3cb5820ca635bbc1