General

  • Target

    91e93a3b47bd97744abbce5dc98330ca

  • Size

    3.3MB

  • Sample

    240205-nxvfmaehh8

  • MD5

    91e93a3b47bd97744abbce5dc98330ca

  • SHA1

    d6aac3de005d3af50a8780f1c0b3a0e5f42b672a

  • SHA256

    a89c50af8a2a4d8061031f966d5b4237b0c7e52851a30a115e76df0e7dc917d5

  • SHA512

    dfa0718aa4eb54c07aad488b1b911214d66caf5ac60666fbd4941f8f83c45832097987aed4cada6bed4e4a4005ea8aed74bf09441fc116d5ebb2113bc3e55a3b

  • SSDEEP

    98304:wwskdTAKH/apxtB9OwDcMbW4ys/ojSiNqnAuzb+kSf:wwVx/aDtHex6lnAMlS

Malware Config

Targets

    • Target

      91e93a3b47bd97744abbce5dc98330ca

    • Size

      3.3MB

    • MD5

      91e93a3b47bd97744abbce5dc98330ca

    • SHA1

      d6aac3de005d3af50a8780f1c0b3a0e5f42b672a

    • SHA256

      a89c50af8a2a4d8061031f966d5b4237b0c7e52851a30a115e76df0e7dc917d5

    • SHA512

      dfa0718aa4eb54c07aad488b1b911214d66caf5ac60666fbd4941f8f83c45832097987aed4cada6bed4e4a4005ea8aed74bf09441fc116d5ebb2113bc3e55a3b

    • SSDEEP

      98304:wwskdTAKH/apxtB9OwDcMbW4ys/ojSiNqnAuzb+kSf:wwVx/aDtHex6lnAMlS

    • Hydra

      Android banker and info stealer.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks