General

  • Target

    8bf2f3ac90a9c00855cbbdff2c3a0f28

  • Size

    3.3MB

  • Sample

    240203-k442vsdgb2

  • MD5

    8bf2f3ac90a9c00855cbbdff2c3a0f28

  • SHA1

    ae11797c3d9fa9d5b4d9b9fd74fda79e557ea82a

  • SHA256

    b16b3243bc9a93df147b1a8e08e94800282a7eadf76269424ee890241e842401

  • SHA512

    acec0ef3b57a9bdc2b61259384ad6462c0f280ea10f8bd5f413d10b0a62b746933f886c94a7ff18a45b634f1a061c9ad68dedbedc792ad008d876bfc928db3c8

  • SSDEEP

    98304:jxQVFvoFpultVMzLKXOQ+sSHO5WcROBCk6Pn:jxsFvZltKaXOJrHOAcRXn

Malware Config

Targets

    • Target

      8bf2f3ac90a9c00855cbbdff2c3a0f28

    • Size

      3.3MB

    • MD5

      8bf2f3ac90a9c00855cbbdff2c3a0f28

    • SHA1

      ae11797c3d9fa9d5b4d9b9fd74fda79e557ea82a

    • SHA256

      b16b3243bc9a93df147b1a8e08e94800282a7eadf76269424ee890241e842401

    • SHA512

      acec0ef3b57a9bdc2b61259384ad6462c0f280ea10f8bd5f413d10b0a62b746933f886c94a7ff18a45b634f1a061c9ad68dedbedc792ad008d876bfc928db3c8

    • SSDEEP

      98304:jxQVFvoFpultVMzLKXOQ+sSHO5WcROBCk6Pn:jxsFvZltKaXOJrHOAcRXn

    • Hydra

      Android banker and info stealer.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks