Analysis
-
max time kernel
154s -
max time network
145s -
platform
android_x64 -
resource
android-x64-arm64-20240221-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system -
submitted
15-03-2024 19:16
Static task
static1
Behavioral task
behavioral1
Sample
cc35c497b11ad865cd6e601847936d4f.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
cc35c497b11ad865cd6e601847936d4f.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral3
Sample
cc35c497b11ad865cd6e601847936d4f.apk
Resource
android-x64-arm64-20240221-en
Behavioral task
behavioral4
Sample
vk_dex.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral5
Sample
vk_dex.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral6
Sample
vk_dex.apk
Resource
android-x64-arm64-20240221-en
General
-
Target
cc35c497b11ad865cd6e601847936d4f.apk
-
Size
2.3MB
-
MD5
cc35c497b11ad865cd6e601847936d4f
-
SHA1
1041180f91a03e7b34cb13e0f582a88a43d5a02f
-
SHA256
c594e0edb7612d5ee07697951429851c9b5553e773add50697a4395227e5ce03
-
SHA512
4cfe56006e422e85fb224e4f12a081ee76c1296ee26245c92de4a2f0a0a43440a4ac395a3d58c4a9d1f7310d8e4871f0f7799b00db97315049376936615beb39
-
SSDEEP
49152:Eq4A5Ol1XJKBSZxY3yYzVFkOIcm5qAwQ4oYf1ZBB1dtXaSeIxmj9IqvdYeW3B:Ew5uXYBKiCY3dIcmAfQU1HXrXaexmjJK
Malware Config
Signatures
-
Hydra
Android banker and info stealer.
-
Makes use of the framework's Accessibility service 2 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.apborlcf.zjvczbg Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.apborlcf.zjvczbg -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.apborlcf.zjvczbg/code_cache/secondary-dexes/base.apk.classes1.zip 4368 com.apborlcf.zjvczbg -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 30 ip-api.com -
Reads information about phone network operator. 1 TTPs
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
902KB
MD5891e24bf0398197beded4e16dff2760c
SHA1062d6dad7cb3499eafd94e4efa150c4b4fa17e5d
SHA256e3aac1c2a9530cfeb53a757fb726a8c0f2b0c82b2e7a160a4363b98c6bcf0920
SHA51285ea6c6209f6f7b1c237de85bdbeea6436277989e9be30440a10817baf2cb89e15ee6e90ef25cc34cddd2029f334d65d73f7d34d6ddb831ea213c05ba52928c3
-
/data/user/0/com.apborlcf.zjvczbg/code_cache/secondary-dexes/tmp-base.apk.classes8572008525556653702.zip
Filesize378KB
MD5bf8cc72710c129636b87d4a21e03d950
SHA163fabfbfa1da5316bb525c7c8d03c3faf09be61d
SHA256f66b86d9a60449f4298ade6312e754e64d8e6fd918d2a35cf38ede5cf618946a
SHA5126ef2d51e4c463f293a8f1163435f00bbef292fbee7490dbe9d8496b4d6055e222bb88fcdc5a1fb390e024d749b5c23aaaab7a0aa3c33a6088d208f901b07bfbc