Analysis
-
max time kernel
154s -
max time network
136s -
platform
android_x64 -
resource
android-x64-arm64-20240221-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system -
submitted
26-02-2024 14:40
Static task
static1
Behavioral task
behavioral1
Sample
a69b063e1e864e17a29a9d28b3e41531.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
a69b063e1e864e17a29a9d28b3e41531.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral3
Sample
a69b063e1e864e17a29a9d28b3e41531.apk
Resource
android-x64-arm64-20240221-en
Behavioral task
behavioral4
Sample
vk_dex.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral5
Sample
vk_dex.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral6
Sample
vk_dex.apk
Resource
android-x64-arm64-20240221-en
General
-
Target
a69b063e1e864e17a29a9d28b3e41531.apk
-
Size
3.2MB
-
MD5
a69b063e1e864e17a29a9d28b3e41531
-
SHA1
67aeb5e5033516434d2c111e35104130d834953e
-
SHA256
182252ae86aae33b4b13b824357bc02218e94ae8daaadb69b85101c08e74773b
-
SHA512
7d14318dbd9f5ad3ebe35e51e83f223b4455cdd379847c7f9dcf4a3045bb420fb41cbe67f51a111ce27e33af362a0a07603804d37356977f4e9c3cf4716f42c2
-
SSDEEP
98304:DaEuj0rGMikYH8g3o8/NUiY0PbMfCLrXp8UJw23W3g:DaA/MH//DPtBJP3r
Malware Config
Signatures
-
Hydra
Android banker and info stealer.
-
Makes use of the framework's Accessibility service 2 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.uqmzacie.uodnfwy Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.uqmzacie.uodnfwy -
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.uqmzacie.uodnfwy/code_cache/secondary-dexes/base.apk.classes1.zip 4422 com.uqmzacie.uodnfwy -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 24 ip-api.com -
Reads information about phone network operator. 1 TTPs
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
902KB
MD5ce9d5c3ae53f4a7a6ed3ed313b2531ef
SHA16d73392296b9e602e3f38b9deb5ba56bb31be822
SHA256c0a3c5026daf4bba56efb46f6fb904a8d69f96c3a8c078c5a7790a16e8237fb3
SHA51297c0e61517abe5ef0cbe3c7f338fde7a43f93d1c733c3218874508ebdee160fd3e2340e00fbedf3fd35e8d81c5bb42e10fbf7aa3861049d34b1b9de1c73002f5
-
/data/user/0/com.uqmzacie.uodnfwy/code_cache/secondary-dexes/tmp-base.apk.classes1815002736127992531.zip
Filesize378KB
MD5d68d546f6a484c0524af51dd77563a5c
SHA12cd2b49229b0155bc491f256f496488653a3068a
SHA256c3a37716e5292a1a2779f7acb649ef711e5fd18f9885369c6f79ac915ebd613d
SHA512475c5811f6665b9de44e67c295751f244d0d5bd2eb49cc230952801ef5fc5a663a13147b552f26a9477e8e5e607d8ec15844b3942c0adfee6868151f90855f33