Analysis

  • max time kernel
    154s
  • max time network
    136s
  • platform
    android_x64
  • resource
    android-x64-20240221-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
  • submitted
    28-02-2024 14:11

General

  • Target

    ac12c8d7db96fb5897954a28c6ab924f.apk

  • Size

    3.3MB

  • MD5

    ac12c8d7db96fb5897954a28c6ab924f

  • SHA1

    58707de8e58730efff71d4dd63cce16f01973966

  • SHA256

    fb14472165523fe133739d358f9a60d6398762fb75f6f8021bd16a58aa3b0614

  • SHA512

    91bb7e1721b5cfe0bbf9eb4e1647749a52234ef97ea7ebccfbb8eeb7738e372730e19e4d67dcb0cd77c34ddfe15a1d9eec3f194c693772dcf3e1460dd6ab1b04

  • SSDEEP

    98304:rgskdTAKH/apHSWtWAjerHpSERCk0zGo+PkF:rgVx/aRzjwJSERChacF

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator. 1 TTPs

Processes

  • com.rzzfwhaj.qwynaqj
    1⤵
    • Makes use of the framework's Accessibility service
    • Loads dropped Dex/Jar
    PID:5087

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.rzzfwhaj.qwynaqj/code_cache/secondary-dexes/tmp-base.apk.classes6832242321334802241.zip

    Filesize

    378KB

    MD5

    1bec2046cf2e445fc2108b63b979e1b8

    SHA1

    1fbce2798cc3d46dcc782e88835c3cf26f9a7c7f

    SHA256

    a18481dfd4df5266b3f388f10b32d8a54604f16c818861a944f947667adaedb5

    SHA512

    772a39241824fea18a049ea0ee1ead341b2137186da02c732a19f9c35a86423e7dd4bb9536a412970caac783b7693eed195e8c7ae463a17c68db41741642c61a

  • /data/user/0/com.rzzfwhaj.qwynaqj/code_cache/secondary-dexes/base.apk.classes1.zip

    Filesize

    902KB

    MD5

    938da95ec22ce466428fa22ff0f9f1e0

    SHA1

    810821d9c4334b25b76ac66dc47a1d5c64484670

    SHA256

    da73bbdb8a45f3787b553e01677ca552e94b7315312e22886bb5c874c8328476

    SHA512

    21eeabcebe5b54f707a63bf3f59381ddebbeadbfb867d548b3b47b052506d5403257dc48046bb2d155061f708427baf423a2d61c49b14c6d15db77b4749b637f