Analysis
-
max time kernel
149s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20231215-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system -
submitted
02-02-2024 21:14
Static task
static1
Behavioral task
behavioral1
Sample
8a8c858f34f3b62bcafb61154743131f.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral2
Sample
8a8c858f34f3b62bcafb61154743131f.apk
Resource
android-x64-20231215-en
Behavioral task
behavioral3
Sample
8a8c858f34f3b62bcafb61154743131f.apk
Resource
android-x64-arm64-20231215-en
General
-
Target
8a8c858f34f3b62bcafb61154743131f.apk
-
Size
3.1MB
-
MD5
8a8c858f34f3b62bcafb61154743131f
-
SHA1
16676b0251e8994c407102226163423e57c57e72
-
SHA256
e30a471eb9b435c0bd1c0cd077b3ff78f114bd77cfe922f061b09d6a2ab34ff5
-
SHA512
3d8e441c7293f60266aeefadb1041d479bdd892567bbf520564cc1be3c0c1d1f0458b5fdd5884674ce722d90fb352c0693bf5d8526a4411065d16f3dec2a2b57
-
SSDEEP
98304:EajRZA0Z9v7MfyuPtK1C653DKJn7TVMwsCMe0zK:EajR/QquFKo+DM7TVMYMJzK
Malware Config
Signatures
-
Hydra
Android banker and info stealer.
-
Makes use of the framework's Accessibility service 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.yekogrzb.jcbdtni Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.yekogrzb.jcbdtni -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.yekogrzb.jcbdtni/code_cache/secondary-dexes/base.apk.classes1.zip 4293 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.yekogrzb.jcbdtni/code_cache/secondary-dexes/base.apk.classes1.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.yekogrzb.jcbdtni/code_cache/secondary-dexes/oat/x86/base.apk.classes1.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.yekogrzb.jcbdtni/code_cache/secondary-dexes/base.apk.classes1.zip 4265 com.yekogrzb.jcbdtni -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 8 ip-api.com -
Reads information about phone network operator.
Processes
-
com.yekogrzb.jcbdtni1⤵
- Makes use of the framework's Accessibility service
- Loads dropped Dex/Jar
PID:4265 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.yekogrzb.jcbdtni/code_cache/secondary-dexes/base.apk.classes1.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.yekogrzb.jcbdtni/code_cache/secondary-dexes/oat/x86/base.apk.classes1.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4293
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.yekogrzb.jcbdtni/code_cache/secondary-dexes/tmp-base.apk.classes6165970758493062169.zip
Filesize378KB
MD5859767cb841faad1c6b5dda6f946f0b7
SHA1858e66dada02a8f805cb65243e31d54c1e9ee090
SHA2567049bcbb1c15c3f07bfdd4cc3d8e65ba57f3ac01e8f885f0804490602ebc3e02
SHA5122aa16409859a6a936cc55adebe88c62649e99617300aa274db68d0b36dc0609b3892c82b045938ad7e97a2d5988f6a8eaf0968825e33d7c5e8ff2e76b665e916
-
Filesize
902KB
MD5709c356f6484e72a1d9bfd9c12830346
SHA1ea9785be5934e4721a1887a46bb520ff3c4e3f5f
SHA2568811063c68d5bd7df6ce03eb5fdf1a93c84f4da43a2efe30332105ea6895b52c
SHA512ef833252cdcd1689ec4f6ca3f857791d0b4512bfd3359ffbee2b32b2fba786df010c56350a36dbd1df45f936cb5a9ccc8e27f39f166271d92e76f48931fcf6ce
-
Filesize
902KB
MD525afe4640e72b0ff5d6ceaa273b5bae8
SHA12a79fc64efabfeab1194d53eaa3f41bfa4e6e366
SHA2563083a292cda7dd3ef5ccaadef4980f63cb233cc6e6791c5ae7b14fbe3aa4daaf
SHA512527445006e2bb22dca2104b8f1374d8f20ebcde76735f952fc85ac90a45039e2c3865b37513f4f5364b7d43aa10623c096f76052e0653a2caee54b00e610318e