General

  • Target

    ac12c8d7db96fb5897954a28c6ab924f

  • Size

    3.3MB

  • Sample

    240228-rhc5ksde25

  • MD5

    ac12c8d7db96fb5897954a28c6ab924f

  • SHA1

    58707de8e58730efff71d4dd63cce16f01973966

  • SHA256

    fb14472165523fe133739d358f9a60d6398762fb75f6f8021bd16a58aa3b0614

  • SHA512

    91bb7e1721b5cfe0bbf9eb4e1647749a52234ef97ea7ebccfbb8eeb7738e372730e19e4d67dcb0cd77c34ddfe15a1d9eec3f194c693772dcf3e1460dd6ab1b04

  • SSDEEP

    98304:rgskdTAKH/apHSWtWAjerHpSERCk0zGo+PkF:rgVx/aRzjwJSERChacF

Malware Config

Targets

    • Target

      ac12c8d7db96fb5897954a28c6ab924f

    • Size

      3.3MB

    • MD5

      ac12c8d7db96fb5897954a28c6ab924f

    • SHA1

      58707de8e58730efff71d4dd63cce16f01973966

    • SHA256

      fb14472165523fe133739d358f9a60d6398762fb75f6f8021bd16a58aa3b0614

    • SHA512

      91bb7e1721b5cfe0bbf9eb4e1647749a52234ef97ea7ebccfbb8eeb7738e372730e19e4d67dcb0cd77c34ddfe15a1d9eec3f194c693772dcf3e1460dd6ab1b04

    • SSDEEP

      98304:rgskdTAKH/apHSWtWAjerHpSERCk0zGo+PkF:rgVx/aRzjwJSERChacF

    • Hydra

      Android banker and info stealer.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks