General
-
Target
a6a6ece0976dccad4ecbdb686f7d704bba91bbd234b6056b83004091e12ee0aa.bin
-
Size
2.1MB
-
Sample
240316-1xxl7sfb59
-
MD5
9da9296bcce45a5e25571ce8c682117d
-
SHA1
618998ccc33a7f6be9f2732b2ede1f49beb158d7
-
SHA256
a6a6ece0976dccad4ecbdb686f7d704bba91bbd234b6056b83004091e12ee0aa
-
SHA512
837784684354c93fc3afdbac56565df7529036e8429d9fc79121807f582b43a27a05d9c247491cd9b4d0a026f3600c20987cd85fa80a306726e3cccea30b2af6
-
SSDEEP
49152:0d+mweBjzqe3R9KglU6qZhw2rgrpCjQavyOgA28eiEKhJqVoqKX:0EmweBjzqQRRU6qZh73v728eiE7Vot
Static task
static1
Behavioral task
behavioral1
Sample
a6a6ece0976dccad4ecbdb686f7d704bba91bbd234b6056b83004091e12ee0aa.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
a6a6ece0976dccad4ecbdb686f7d704bba91bbd234b6056b83004091e12ee0aa.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral3
Sample
a6a6ece0976dccad4ecbdb686f7d704bba91bbd234b6056b83004091e12ee0aa.apk
Resource
android-x64-arm64-20240221-en
Malware Config
Extracted
hydra
http://ikincipansizde.net
Targets
-
-
Target
a6a6ece0976dccad4ecbdb686f7d704bba91bbd234b6056b83004091e12ee0aa.bin
-
Size
2.1MB
-
MD5
9da9296bcce45a5e25571ce8c682117d
-
SHA1
618998ccc33a7f6be9f2732b2ede1f49beb158d7
-
SHA256
a6a6ece0976dccad4ecbdb686f7d704bba91bbd234b6056b83004091e12ee0aa
-
SHA512
837784684354c93fc3afdbac56565df7529036e8429d9fc79121807f582b43a27a05d9c247491cd9b4d0a026f3600c20987cd85fa80a306726e3cccea30b2af6
-
SSDEEP
49152:0d+mweBjzqe3R9KglU6qZhw2rgrpCjQavyOgA28eiEKhJqVoqKX:0EmweBjzqQRRU6qZh73v728eiE7Vot
-
Hydra payload
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Requests enabling of the accessibility settings.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Reads information about phone network operator.
-