Analysis
-
max time kernel
154s -
max time network
132s -
platform
android_x64 -
resource
android-x64-arm64-20240221-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system -
submitted
28-02-2024 14:11
Static task
static1
Behavioral task
behavioral1
Sample
ac12c8d7db96fb5897954a28c6ab924f.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
ac12c8d7db96fb5897954a28c6ab924f.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral3
Sample
ac12c8d7db96fb5897954a28c6ab924f.apk
Resource
android-x64-arm64-20240221-en
General
-
Target
ac12c8d7db96fb5897954a28c6ab924f.apk
-
Size
3.3MB
-
MD5
ac12c8d7db96fb5897954a28c6ab924f
-
SHA1
58707de8e58730efff71d4dd63cce16f01973966
-
SHA256
fb14472165523fe133739d358f9a60d6398762fb75f6f8021bd16a58aa3b0614
-
SHA512
91bb7e1721b5cfe0bbf9eb4e1647749a52234ef97ea7ebccfbb8eeb7738e372730e19e4d67dcb0cd77c34ddfe15a1d9eec3f194c693772dcf3e1460dd6ab1b04
-
SSDEEP
98304:rgskdTAKH/apHSWtWAjerHpSERCk0zGo+PkF:rgVx/aRzjwJSERChacF
Malware Config
Signatures
-
Hydra
Android banker and info stealer.
-
Makes use of the framework's Accessibility service 2 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.rzzfwhaj.qwynaqj Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.rzzfwhaj.qwynaqj -
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.rzzfwhaj.qwynaqj/code_cache/secondary-dexes/base.apk.classes1.zip 4599 com.rzzfwhaj.qwynaqj -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 30 ip-api.com -
Reads information about phone network operator. 1 TTPs
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
902KB
MD5938da95ec22ce466428fa22ff0f9f1e0
SHA1810821d9c4334b25b76ac66dc47a1d5c64484670
SHA256da73bbdb8a45f3787b553e01677ca552e94b7315312e22886bb5c874c8328476
SHA51221eeabcebe5b54f707a63bf3f59381ddebbeadbfb867d548b3b47b052506d5403257dc48046bb2d155061f708427baf423a2d61c49b14c6d15db77b4749b637f
-
/data/user/0/com.rzzfwhaj.qwynaqj/code_cache/secondary-dexes/tmp-base.apk.classes4685665673674347500.zip
Filesize378KB
MD51bec2046cf2e445fc2108b63b979e1b8
SHA11fbce2798cc3d46dcc782e88835c3cf26f9a7c7f
SHA256a18481dfd4df5266b3f388f10b32d8a54604f16c818861a944f947667adaedb5
SHA512772a39241824fea18a049ea0ee1ead341b2137186da02c732a19f9c35a86423e7dd4bb9536a412970caac783b7693eed195e8c7ae463a17c68db41741642c61a