General

  • Target

    7e0fb2f9a44f5f0fd16b13a057073c4a

  • Size

    4.8MB

  • Sample

    240128-1eqqyacbal

  • MD5

    7e0fb2f9a44f5f0fd16b13a057073c4a

  • SHA1

    a05f51771024502c146840cd976007fa53c09ed1

  • SHA256

    65f49dd1523e0e28ff85f339142b6f36e36203e88ae969ef6e8fb8d3e48c171c

  • SHA512

    0909a1a7d883022f6afbfab5decc3841f8a1b0d0c993fb5730656eef38ee321cae2dcdf32cf11ce3650bdf33bc96f63803a424c104358131f76a9e629c224792

  • SSDEEP

    98304:RbmNnh99Cq7yEvmO4IdrC6MrUl3n46ca26tEQ6iv9L:RSRh99CCyEvmO4IdurK6a26tEQ6QZ

Malware Config

Targets

    • Target

      7e0fb2f9a44f5f0fd16b13a057073c4a

    • Size

      4.8MB

    • MD5

      7e0fb2f9a44f5f0fd16b13a057073c4a

    • SHA1

      a05f51771024502c146840cd976007fa53c09ed1

    • SHA256

      65f49dd1523e0e28ff85f339142b6f36e36203e88ae969ef6e8fb8d3e48c171c

    • SHA512

      0909a1a7d883022f6afbfab5decc3841f8a1b0d0c993fb5730656eef38ee321cae2dcdf32cf11ce3650bdf33bc96f63803a424c104358131f76a9e629c224792

    • SSDEEP

      98304:RbmNnh99Cq7yEvmO4IdrC6MrUl3n46ca26tEQ6iv9L:RSRh99CCyEvmO4IdurK6a26tEQ6QZ

    • Hydra

      Android banker and info stealer.

    • Hydra payload

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks