Analysis

  • max time kernel
    154s
  • max time network
    149s
  • platform
    android_x64
  • resource
    android-x64-20231215-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
  • submitted
    31-01-2024 10:08

General

  • Target

    8421a95ea4edfe3a06cb6c78db58848b.apk

  • Size

    3.0MB

  • MD5

    8421a95ea4edfe3a06cb6c78db58848b

  • SHA1

    7b31ba4b4b2b5971ddbc812689c8ac28f28bd2a8

  • SHA256

    77b51738442f4d1b388db76db05388bd358b19f21c1f663e7993f9e32a7d6278

  • SHA512

    aaccf4c3343a3c0218b62e8545baeb8f2c3ebc1401001844303bb4f3d75b45538c7a99dc01482ee79990bbfe5bedd9edc27c614931d30f5a244488acbc409bb1

  • SSDEEP

    49152:v+afhiOsnVv0VdZNg6ieo3jGkIuFMEh4X64AKdA90Y3xnb5n5UgQCVSHn:vdf9aVv0Vd7rmXIWRj90WFusV0n

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • com.whbjegzv.oxvzbms
    1⤵
    • Makes use of the framework's Accessibility service
    • Loads dropped Dex/Jar
    PID:4958

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.whbjegzv.oxvzbms/code_cache/secondary-dexes/tmp-base.apk.classes5059821289223562117.zip

    Filesize

    378KB

    MD5

    a5ded51395a12d262442d786b2489d3f

    SHA1

    e584d450b9fbee2a6b6febd8986c21290c309a17

    SHA256

    f2a379e750e2a0934b919d32a612e653c03b722d133956f0145dbd2f20cad37e

    SHA512

    827a76b1dda74135824b3774054785e3d8081c52ae91011d5667aa42c7d2c61c863069e7dd19b11873d5887a31aacfed9e153d42c838acf041631d888ba8f755

  • /data/user/0/com.whbjegzv.oxvzbms/code_cache/secondary-dexes/base.apk.classes1.zip

    Filesize

    902KB

    MD5

    0513aa66ad0c5dbb6fb8a683718c95a0

    SHA1

    3a88fafe95ff98b03ed7135eba6e72ed621e8e8d

    SHA256

    b7ee7aabc058d6662c43d349c3768ea0952547b9b23962e1730aa434687e1f66

    SHA512

    b34ff787b9b5ac8e06e8985be95e1662b9c98f664af50355bb4fbd14a0f643d21ecef240d8e3a8fa169d9832b02acfbc53087953470a1b4a84576e272445f5f5