General

  • Target

    cea98484826ce63b72d6efce2f692273

  • Size

    3.0MB

  • Sample

    240316-v9pjgafg9y

  • MD5

    cea98484826ce63b72d6efce2f692273

  • SHA1

    0630dfd3cd0bce10bbe3fd232592bba63a97c59b

  • SHA256

    c404340baa0e1322364c75898e7ffefcabb660bab01979c22ebd98a502bb2310

  • SHA512

    91b96d0c0c2f7ab6e298a7b48104f444e5617362a2155153545dc39e4ecda56f13d0f1709d8a6c541ee529cee6e6b82c362d25663603161521185cdee1071010

  • SSDEEP

    49152:6nn2yqlmunxjxIkdREbREIr7kN7TRcBWJ0D4MTzWdW/SQJbDB4y6+Xn565O4b4Y5:6n3LkNZdFJhRcQJWqW/pJbvXkbN

Malware Config

Targets

    • Target

      cea98484826ce63b72d6efce2f692273

    • Size

      3.0MB

    • MD5

      cea98484826ce63b72d6efce2f692273

    • SHA1

      0630dfd3cd0bce10bbe3fd232592bba63a97c59b

    • SHA256

      c404340baa0e1322364c75898e7ffefcabb660bab01979c22ebd98a502bb2310

    • SHA512

      91b96d0c0c2f7ab6e298a7b48104f444e5617362a2155153545dc39e4ecda56f13d0f1709d8a6c541ee529cee6e6b82c362d25663603161521185cdee1071010

    • SSDEEP

      49152:6nn2yqlmunxjxIkdREbREIr7kN7TRcBWJ0D4MTzWdW/SQJbDB4y6+Xn565O4b4Y5:6n3LkNZdFJhRcQJWqW/pJbvXkbN

    • Hydra

      Android banker and info stealer.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks