Analysis

  • max time kernel
    154s
  • max time network
    136s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240221-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
  • submitted
    26-02-2024 14:40

General

  • Target

    a69b063e1e864e17a29a9d28b3e41531.apk

  • Size

    3.2MB

  • MD5

    a69b063e1e864e17a29a9d28b3e41531

  • SHA1

    67aeb5e5033516434d2c111e35104130d834953e

  • SHA256

    182252ae86aae33b4b13b824357bc02218e94ae8daaadb69b85101c08e74773b

  • SHA512

    7d14318dbd9f5ad3ebe35e51e83f223b4455cdd379847c7f9dcf4a3045bb420fb41cbe67f51a111ce27e33af362a0a07603804d37356977f4e9c3cf4716f42c2

  • SSDEEP

    98304:DaEuj0rGMikYH8g3o8/NUiY0PbMfCLrXp8UJw23W3g:DaA/MH//DPtBJP3r

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator. 1 TTPs

Processes

  • com.uqmzacie.uodnfwy
    1⤵
    • Makes use of the framework's Accessibility service
    • Loads dropped Dex/Jar
    PID:4422

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.uqmzacie.uodnfwy/code_cache/secondary-dexes/base.apk.classes1.zip

    Filesize

    902KB

    MD5

    ce9d5c3ae53f4a7a6ed3ed313b2531ef

    SHA1

    6d73392296b9e602e3f38b9deb5ba56bb31be822

    SHA256

    c0a3c5026daf4bba56efb46f6fb904a8d69f96c3a8c078c5a7790a16e8237fb3

    SHA512

    97c0e61517abe5ef0cbe3c7f338fde7a43f93d1c733c3218874508ebdee160fd3e2340e00fbedf3fd35e8d81c5bb42e10fbf7aa3861049d34b1b9de1c73002f5

  • /data/user/0/com.uqmzacie.uodnfwy/code_cache/secondary-dexes/tmp-base.apk.classes1815002736127992531.zip

    Filesize

    378KB

    MD5

    d68d546f6a484c0524af51dd77563a5c

    SHA1

    2cd2b49229b0155bc491f256f496488653a3068a

    SHA256

    c3a37716e5292a1a2779f7acb649ef711e5fd18f9885369c6f79ac915ebd613d

    SHA512

    475c5811f6665b9de44e67c295751f244d0d5bd2eb49cc230952801ef5fc5a663a13147b552f26a9477e8e5e607d8ec15844b3942c0adfee6868151f90855f33