General

  • Target

    b7fd23008ba0a521e2155fab6e50433c

  • Size

    3.3MB

  • Sample

    240306-v9rzlaeg9z

  • MD5

    b7fd23008ba0a521e2155fab6e50433c

  • SHA1

    2cc0c9b7ffe598f2af7a40141270f901699b0156

  • SHA256

    0b20accac922de51e34a7dc637841d6071c92929ae9dc566f043b268871b58dc

  • SHA512

    9e9acb73c1e34ec319a70cc0710003bc2c3884fdb44b31937985a81b437e743b41bd4f55f2f2236a5b75957b6ed916e206f4ea2dfaf788c894dcd289d0b77a45

  • SSDEEP

    98304:6hskdTAKH/appP/VbuB4ZzbjtiiLd1Vn8t8QtoLf6I5:6hVx/aDlnzbj9Z86MoLfX5

Malware Config

Targets

    • Target

      b7fd23008ba0a521e2155fab6e50433c

    • Size

      3.3MB

    • MD5

      b7fd23008ba0a521e2155fab6e50433c

    • SHA1

      2cc0c9b7ffe598f2af7a40141270f901699b0156

    • SHA256

      0b20accac922de51e34a7dc637841d6071c92929ae9dc566f043b268871b58dc

    • SHA512

      9e9acb73c1e34ec319a70cc0710003bc2c3884fdb44b31937985a81b437e743b41bd4f55f2f2236a5b75957b6ed916e206f4ea2dfaf788c894dcd289d0b77a45

    • SSDEEP

      98304:6hskdTAKH/appP/VbuB4ZzbjtiiLd1Vn8t8QtoLf6I5:6hVx/aDlnzbj9Z86MoLfX5

    • Hydra

      Android banker and info stealer.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks