General

  • Target

    80630a69023958f7e5db3a8cb7dae82b

  • Size

    3.3MB

  • Sample

    240129-vmh36sefd7

  • MD5

    80630a69023958f7e5db3a8cb7dae82b

  • SHA1

    91a44630d301d26a068aaef8d4361a1477742aa7

  • SHA256

    9d3d3d558db60e78775b46ffa6d7f940892263aa62004113472eb6c8bdbefa1d

  • SHA512

    c3d8fa43b715155950f1622d6c84b82bcf832b1455631624b898b7e894669c1abf38ae5ce3acd001362b0461c4a24f0a94b792c41403d847cbd21042d446852e

  • SSDEEP

    98304:PRikegqLFQu4rj17uAjBmPjpy9VGdEV3Dz8:PU5gA2uQ17uAjBrrG6z8

Malware Config

Targets

    • Target

      80630a69023958f7e5db3a8cb7dae82b

    • Size

      3.3MB

    • MD5

      80630a69023958f7e5db3a8cb7dae82b

    • SHA1

      91a44630d301d26a068aaef8d4361a1477742aa7

    • SHA256

      9d3d3d558db60e78775b46ffa6d7f940892263aa62004113472eb6c8bdbefa1d

    • SHA512

      c3d8fa43b715155950f1622d6c84b82bcf832b1455631624b898b7e894669c1abf38ae5ce3acd001362b0461c4a24f0a94b792c41403d847cbd21042d446852e

    • SSDEEP

      98304:PRikegqLFQu4rj17uAjBmPjpy9VGdEV3Dz8:PU5gA2uQ17uAjBrrG6z8

    • Hydra

      Android banker and info stealer.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks