Analysis
-
max time kernel
154s -
max time network
150s -
platform
android_x64 -
resource
android-x64-20231215-en -
resource tags
-
submitted
27-01-2024 01:55
General
-
Target
78fa950df8e85e4866fbd9536567d1cd.apk
-
Size
3.0MB
-
MD5
78fa950df8e85e4866fbd9536567d1cd
-
SHA1
b456d8806dbd21342773f73f120e64f7b0f3f8f7
-
SHA256
20f45f1e7206b07876501aa829adae3e54b3620e733e7b8fee04c448078143b6
-
SHA512
606821bd1afcaf6e7179881b6198f24619fd84efb9bf5e2e3d68b47b4510832c12af279993bac0c9f33c080767b62dd9742946be1ecb80c5d6802c67298c1658
-
SSDEEP
49152:GfieXW1WFm4lnNQ/ZQ7TRcBALMcdg6Y4bAQNFZtqUJS8Zwz5f8Qo+pa:GqeX7k47QQRcDcGN8Z6hk+g
Malware Config
Signatures
-
Hydra
Android banker and info stealer.
-
Makes use of the framework's Accessibility service 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Reads information about phone network operator.
Processes
-
com.uewmuueh.nxoqdhf1⤵
- Makes use of the framework's Accessibility service
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
378KB
MD5cdd7e39ed775c03d17b3fec49d243995
SHA1beb25b50fbb587a74b45c9f95ce65f20ebcae561
SHA256f5e3bf27c32b644484c90bf98aa2d021fee0db4eb95c3a82328d4131dfa76afd
SHA5126af3bdd507fc6299b287a992ebb319ff9bfe04aba56fe24f94229bafbc8d1857753488e4d6c58e0eb0d171dde4f871468725c914f3f764fa9f80580fa2d908df
-
Filesize
902KB
MD5c30f5cf8797591adaa12e33d23b17745
SHA152177eb77f30a0bd94658ecf21ae0e92cdd8a76e
SHA2560294835eb8c9afe8e918fbed035f45bc9d5e4111c943a62af13eafc45e64db0e
SHA51235054ee3122cb39ec924d5a1acd2411d9429fb51be10f75d37da3a38ce97928501f3ed3ba12fe74bea2a152d1b9071317ff5f9e99f325faedaa120cbaed878a3