Overview

overview

10

Static

static

6

7e0fb2f9a4...4a.apk

android-9-x86

10

7e0fb2f9a4...4a.apk

android-10-x64

10

7e0fb2f9a4...4a.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    137s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    28-01-2024 21:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7e0fb2f9a44f5f0fd16b13a057073c4a.apk

  • Size

    4.8MB

  • MD5

    7e0fb2f9a44f5f0fd16b13a057073c4a

  • SHA1

    a05f51771024502c146840cd976007fa53c09ed1

  • SHA256

    65f49dd1523e0e28ff85f339142b6f36e36203e88ae969ef6e8fb8d3e48c171c

  • SHA512

    0909a1a7d883022f6afbfab5decc3841f8a1b0d0c993fb5730656eef38ee321cae2dcdf32cf11ce3650bdf33bc96f63803a424c104358131f76a9e629c224792

  • SSDEEP

    98304:RbmNnh99Cq7yEvmO4IdrC6MrUl3n46ca26tEQ6iv9L:RSRh99CCyEvmO4IdurK6a26tEQ6QZ

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 3 IoCs
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Loads dropped Dex/Jar 3 IoCs

    Runs executable file dropped to the device during analysis.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • fork.walk.elder
    1⤵
    • Makes use of the framework's Accessibility service
    • Loads dropped Dex/Jar
    PID:4240
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/fork.walk.elder/app_DynamicOptDex/orQR.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/fork.walk.elder/app_DynamicOptDex/oat/x86/orQR.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4267

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/fork.walk.elder/app_DynamicOptDex/oat/orQR.json.cur.prof
    Filesize

    1KB

    MD5

    9574d57dbb07881a21432467f31f4935

    SHA1

    ce98aefda106e3a869fcaa5454244826e13a1301

    SHA256

    65a202c298c1dca7dda2a03676d6fb61a2a2a9cab0e1ec2611a1f0e47f2f53ad

    SHA512

    735efae67d37965feb1f03612112693d7a1bb31e24d352a930e9dfa577e9e29752a29407c6d11dacdb6d5ca40a8e03875b66ab1114e5675a28480ae657b5552e

    Download Submit

  • /data/data/fork.walk.elder/app_DynamicOptDex/orQR.json
    Filesize

    2.8MB

    MD5

    45de85b6580748f906d9faf838cd921d

    SHA1

    613828b6262d81e86d50faf276f80ff0aa4cb506

    SHA256

    16ee8ff9501e199e184430c5203d23f2f5e0ceec89da579dc2bb0cf9c33850ab

    SHA512

    64bc690be7856b7d9cf696403d37f601d8dbefabc454e5e3d15733cc10365d82e89758c82b398e19c7d50f08abddfc349e5a3b33b781757fe4427192c8e1374a

    Download Submit

  • /data/data/fork.walk.elder/app_DynamicOptDex/orQR.json
    Filesize

    2.5MB

    MD5

    b962adc0aa69403b2ae930503829b51f

    SHA1

    18b5c870f98c0de7456865e779e0252ae528acd1

    SHA256

    7a20b1a83f5e056b7fef1078048b42f67cc8e717b3e57b61bd250b64b038f622

    SHA512

    28948af399dd2363757c05d5d7823861e5b2c359fb42677f5043869a4f9e6172c13297a4b828567b5dffd6eb47b47249a8e9448c0d016916a5d0fcc1b8727651

    Download Submit

  • /data/user/0/fork.walk.elder/app_DynamicOptDex/orQR.json
    Filesize

    2.8MB

    MD5

    6f038f3787e42510e4173ca1aae2e115

    SHA1

    3e97fe2e94cdde996ecac2ae167062328b78acce

    SHA256

    326b4f05011f0638e00136b69006f19abda44f00a8bfd0a3dea710eb20e47374

    SHA512

    754a339a52ef94427c4871f27293910353daab9cbc001ceea9406d2b8ce9efbfcaf43629395df28d6f43de4d1be4f5cc16e0b7aea9b2d749380ff210ac033120

    Download Submit

  • /data/user/0/fork.walk.elder/app_DynamicOptDex/orQR.json
    Filesize

    2.8MB

    MD5

    1530240b126bfa3d62b6f485b24b5ae6

    SHA1

    9423cb3ae8b6e36002c2c0ff6666131168d650c1

    SHA256

    f7b9eb9e9242a726f157537f23db4f9eaaaf4b90f99422d4cd6b2cd048564ffd

    SHA512

    a44b3a3459a5aabe076366429903436938a2ac7e7174e5867c751b0888cead0492ce634c969cef8b4bf24e70258f0df48344c3c2768023afd1be11496a754455

    Download Submit