Overview

overview

10

Static

static

6

86b19d7e4f...18.apk

android-9-x86

10

86b19d7e4f...18.apk

android-10-x64

10

86b19d7e4f...18.apk

android-11-x64

10

Analysis

  • max time kernel
    177s
  • max time network
    132s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240514-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
  • submitted
    31-05-2024 10:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    86b19d7e4f8d950fb9e653824a4ce249_JaffaCakes118.apk

  • Size

    2.3MB

  • MD5

    86b19d7e4f8d950fb9e653824a4ce249

  • SHA1

    f3c0d3a704e452e519cdc4c454dab02341a6dba1

  • SHA256

    59538c4bc60dea085aec1ebb720059281a117fa5c64747efc16f3ba77b00dde3

  • SHA512

    c8d1555348f351a1101e4795e08fbe630ac753a776ad90037fcd11a394fb03fabc885edd3524493bca1228b89f8f1ef724995d907062e726f6db0b75d8dc2062

  • SSDEEP

    49152:f4/hJWSDii35rUCzDAfZKAWO3NyzvMtG9KJgbdbp72oeU7Pu0w:f4/hJdlUCfAfLh3NsUgbRwWPY

Score
10/10
hydrabankercollectioncredential_accessdiscoveryevasioninfostealerstealthtrojan

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Requests enabling of the accessibility settings. 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator. 1 TTPs
    discovery

Processes

  • com.zvcwpck.yokdabe
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Queries the mobile country code (MCC)
    • Requests enabling of the accessibility settings.
    • Checks if the internet connection is available
    PID:4617

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.zvcwpck.yokdabe/app_offline/lodktxu.jar
    Filesize

    252KB

    MD5

    c47bb77ab2c9e12333686698d509965c

    SHA1

    958e11732a0ef8d923331ae6d979d93a97a97aac

    SHA256

    7ba04aa8005e4184eb4895a7fa5e4ccce25a21257b49e4a468378c8d4a52305a

    SHA512

    8947eb566cb476264a204ef022e03ef29e58eca05086635219fcbdab86caa4dd89cc14c3609ffe5a220c9cd26b1c2e138328011bb53093e6dd4acd16f6adb62f

    Download Submit

  • /data/user/0/com.zvcwpck.yokdabe/app_offline/lodktxu.jar
    Filesize

    568KB

    MD5

    a6c6603668326ee21d3d17a7a69a384c

    SHA1

    adab47998421b481b10a8ae86d1956b6b448ecf9

    SHA256

    be5e854dd1af100a2b0c59abbddb83c8dd02c7f53d1a27688e2939d76ec4dd1f

    SHA512

    9f59cbfd850a9f182b5a60cdb8443dd821915d1f194f9c08a4c98956c1b37227694c950ca8a2947d470fa5fd4481d8a5771ec4db3672ed4927599c5babdc3585

    Download Submit