General

  • Target

    a6a6ece0976dccad4ecbdb686f7d704bba91bbd234b6056b83004091e12ee0aa.bin

  • Size

    2.1MB

  • Sample

    240316-1xxl7sfb59

  • MD5

    9da9296bcce45a5e25571ce8c682117d

  • SHA1

    618998ccc33a7f6be9f2732b2ede1f49beb158d7

  • SHA256

    a6a6ece0976dccad4ecbdb686f7d704bba91bbd234b6056b83004091e12ee0aa

  • SHA512

    837784684354c93fc3afdbac56565df7529036e8429d9fc79121807f582b43a27a05d9c247491cd9b4d0a026f3600c20987cd85fa80a306726e3cccea30b2af6

  • SSDEEP

    49152:0d+mweBjzqe3R9KglU6qZhw2rgrpCjQavyOgA28eiEKhJqVoqKX:0EmweBjzqQRRU6qZh73v728eiE7Vot

Malware Config

Extracted

Family

hydra

C2

http://ikincipansizde.net

Targets

    • Target

      a6a6ece0976dccad4ecbdb686f7d704bba91bbd234b6056b83004091e12ee0aa.bin

    • Size

      2.1MB

    • MD5

      9da9296bcce45a5e25571ce8c682117d

    • SHA1

      618998ccc33a7f6be9f2732b2ede1f49beb158d7

    • SHA256

      a6a6ece0976dccad4ecbdb686f7d704bba91bbd234b6056b83004091e12ee0aa

    • SHA512

      837784684354c93fc3afdbac56565df7529036e8429d9fc79121807f582b43a27a05d9c247491cd9b4d0a026f3600c20987cd85fa80a306726e3cccea30b2af6

    • SSDEEP

      49152:0d+mweBjzqe3R9KglU6qZhw2rgrpCjQavyOgA28eiEKhJqVoqKX:0EmweBjzqQRRU6qZh73v728eiE7Vot

    • Hydra

      Android banker and info stealer.

    • Hydra payload

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks