General

  • Target

    b68799e9202204e52c39aa134150caf16d4a28a73ef08cbe4bb373e8b8b80092.bin

  • Size

    3.3MB

  • Sample

    240322-1wyg4sca6z

  • MD5

    f350c08e3c688e6d140a374c34c0640a

  • SHA1

    fcead8bc0c122135b2f4aa07b8f58916418c3c0d

  • SHA256

    b68799e9202204e52c39aa134150caf16d4a28a73ef08cbe4bb373e8b8b80092

  • SHA512

    aad30d82800ec75332327405c71c563356c180c819862921e7b0f87bfa4b952a5bccb04fa1f6d5e3b78a9f0ed0ff652860e2464f14a02c31222300c50ec646d3

  • SSDEEP

    49152:XNNro/+KQdPm9pdGjC76XeSZgRztdHxS5K3m/e0dpfTZS2v4mUqzZ1fNjYs+ly:XNNM3Q09yj1Xe/ztdA5Wf4TZS2p99+0

Malware Config

Targets

    • Target

      b68799e9202204e52c39aa134150caf16d4a28a73ef08cbe4bb373e8b8b80092.bin

    • Size

      3.3MB

    • MD5

      f350c08e3c688e6d140a374c34c0640a

    • SHA1

      fcead8bc0c122135b2f4aa07b8f58916418c3c0d

    • SHA256

      b68799e9202204e52c39aa134150caf16d4a28a73ef08cbe4bb373e8b8b80092

    • SHA512

      aad30d82800ec75332327405c71c563356c180c819862921e7b0f87bfa4b952a5bccb04fa1f6d5e3b78a9f0ed0ff652860e2464f14a02c31222300c50ec646d3

    • SSDEEP

      49152:XNNro/+KQdPm9pdGjC76XeSZgRztdHxS5K3m/e0dpfTZS2v4mUqzZ1fNjYs+ly:XNNM3Q09yj1Xe/ztdA5Wf4TZS2p99+0

    • Hydra

      Android banker and info stealer.

    • Hydra payload

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Reads information about phone network operator.

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks