Analysis
-
max time kernel
154s -
max time network
149s -
platform
android_x64 -
resource
android-x64-20231215-en -
resource tags
androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system -
submitted
31-01-2024 10:08
Static task
static1
Behavioral task
behavioral1
Sample
8421a95ea4edfe3a06cb6c78db58848b.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral2
Sample
8421a95ea4edfe3a06cb6c78db58848b.apk
Resource
android-x64-20231215-en
Behavioral task
behavioral3
Sample
8421a95ea4edfe3a06cb6c78db58848b.apk
Resource
android-x64-arm64-20231215-en
General
-
Target
8421a95ea4edfe3a06cb6c78db58848b.apk
-
Size
3.0MB
-
MD5
8421a95ea4edfe3a06cb6c78db58848b
-
SHA1
7b31ba4b4b2b5971ddbc812689c8ac28f28bd2a8
-
SHA256
77b51738442f4d1b388db76db05388bd358b19f21c1f663e7993f9e32a7d6278
-
SHA512
aaccf4c3343a3c0218b62e8545baeb8f2c3ebc1401001844303bb4f3d75b45538c7a99dc01482ee79990bbfe5bedd9edc27c614931d30f5a244488acbc409bb1
-
SSDEEP
49152:v+afhiOsnVv0VdZNg6ieo3jGkIuFMEh4X64AKdA90Y3xnb5n5UgQCVSHn:vdf9aVv0Vd7rmXIWRj90WFusV0n
Malware Config
Signatures
-
Hydra
Android banker and info stealer.
-
Makes use of the framework's Accessibility service 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.whbjegzv.oxvzbms Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.whbjegzv.oxvzbms -
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.whbjegzv.oxvzbms/code_cache/secondary-dexes/base.apk.classes1.zip 4958 com.whbjegzv.oxvzbms -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 8 ip-api.com -
Reads information about phone network operator.
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.whbjegzv.oxvzbms/code_cache/secondary-dexes/tmp-base.apk.classes5059821289223562117.zip
Filesize378KB
MD5a5ded51395a12d262442d786b2489d3f
SHA1e584d450b9fbee2a6b6febd8986c21290c309a17
SHA256f2a379e750e2a0934b919d32a612e653c03b722d133956f0145dbd2f20cad37e
SHA512827a76b1dda74135824b3774054785e3d8081c52ae91011d5667aa42c7d2c61c863069e7dd19b11873d5887a31aacfed9e153d42c838acf041631d888ba8f755
-
Filesize
902KB
MD50513aa66ad0c5dbb6fb8a683718c95a0
SHA13a88fafe95ff98b03ed7135eba6e72ed621e8e8d
SHA256b7ee7aabc058d6662c43d349c3768ea0952547b9b23962e1730aa434687e1f66
SHA512b34ff787b9b5ac8e06e8985be95e1662b9c98f664af50355bb4fbd14a0f643d21ecef240d8e3a8fa169d9832b02acfbc53087953470a1b4a84576e272445f5f5