Analysis

  • max time kernel
    149s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    26-02-2024 14:40

General

  • Target

    a69b063e1e864e17a29a9d28b3e41531.apk

  • Size

    3.2MB

  • MD5

    a69b063e1e864e17a29a9d28b3e41531

  • SHA1

    67aeb5e5033516434d2c111e35104130d834953e

  • SHA256

    182252ae86aae33b4b13b824357bc02218e94ae8daaadb69b85101c08e74773b

  • SHA512

    7d14318dbd9f5ad3ebe35e51e83f223b4455cdd379847c7f9dcf4a3045bb420fb41cbe67f51a111ce27e33af362a0a07603804d37356977f4e9c3cf4716f42c2

  • SSDEEP

    98304:DaEuj0rGMikYH8g3o8/NUiY0PbMfCLrXp8UJw23W3g:DaA/MH//DPtBJP3r

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator. 1 TTPs

Processes

  • com.uqmzacie.uodnfwy
    1⤵
    • Makes use of the framework's Accessibility service
    • Loads dropped Dex/Jar
    PID:4235
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.uqmzacie.uodnfwy/code_cache/secondary-dexes/base.apk.classes1.zip --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.uqmzacie.uodnfwy/code_cache/secondary-dexes/oat/x86/base.apk.classes1.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4263

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.uqmzacie.uodnfwy/code_cache/secondary-dexes/tmp-base.apk.classes2287613142258083359.zip

    Filesize

    378KB

    MD5

    d68d546f6a484c0524af51dd77563a5c

    SHA1

    2cd2b49229b0155bc491f256f496488653a3068a

    SHA256

    c3a37716e5292a1a2779f7acb649ef711e5fd18f9885369c6f79ac915ebd613d

    SHA512

    475c5811f6665b9de44e67c295751f244d0d5bd2eb49cc230952801ef5fc5a663a13147b552f26a9477e8e5e607d8ec15844b3942c0adfee6868151f90855f33

  • /data/user/0/com.uqmzacie.uodnfwy/code_cache/secondary-dexes/base.apk.classes1.zip

    Filesize

    902KB

    MD5

    9c5a377feaba47ffb2c0d0d924867577

    SHA1

    ab83eb2be5896ddbdccc4619ff18a5c985d5d362

    SHA256

    589ca45c1a3062705a9df11d963fdffad53988f1b80d25f399f3c4580103a3d0

    SHA512

    032dc5df819277e7c7280a666a51d59d03b009df5296dddde1cb49d1e143ad9517a21a19f4add281217ca5934d92c36f970cec9e4ef00a996e2122aacdbe9269

  • /data/user/0/com.uqmzacie.uodnfwy/code_cache/secondary-dexes/base.apk.classes1.zip

    Filesize

    902KB

    MD5

    ce9d5c3ae53f4a7a6ed3ed313b2531ef

    SHA1

    6d73392296b9e602e3f38b9deb5ba56bb31be822

    SHA256

    c0a3c5026daf4bba56efb46f6fb904a8d69f96c3a8c078c5a7790a16e8237fb3

    SHA512

    97c0e61517abe5ef0cbe3c7f338fde7a43f93d1c733c3218874508ebdee160fd3e2340e00fbedf3fd35e8d81c5bb42e10fbf7aa3861049d34b1b9de1c73002f5