Overview

overview

10

Static

static

6

4d070efa5b...bf.apk

android-9-x86

10

4d070efa5b...bf.apk

android-10-x64

10

4d070efa5b...bf.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4d070efa5ba86967726d4118eed59e73bff79f0b5eb37e4b7f8d5a5a425cb0bf.bin

  • Size

    2.9MB

  • Sample

    240801-1zdxwaycjq

  • MD5

    fe356ab62b074339cc1e5636f44b0419

  • SHA1

    6d8bd6810de1fbd7261328bdc85a4e1bd9c53f1d

  • SHA256

    4d070efa5ba86967726d4118eed59e73bff79f0b5eb37e4b7f8d5a5a425cb0bf

  • SHA512

    197bc4969f8cba22fe5a79268d191d59b108db1767218aff299fa5366285422cd3fef61b177347b92f0d291423e5b029835bb67eed0e48088ddff34cce6f6ecd

  • SSDEEP

    49152:3Edb/J2TvxJVWKNqt4R+j25AH+T3ch7g9d+VRl1qHiBUdDYXwUoT+C3T8:3siv1WsqiAiUgrKiHim2XdoT/A

Score
10/10
hydraandroidbankercollectioncredential_accessdiscoveryevasioninfostealerpersistencestealthtrojan

Malware Config

Targets

    • Target

      4d070efa5ba86967726d4118eed59e73bff79f0b5eb37e4b7f8d5a5a425cb0bf.bin

    • Size

      2.9MB

    • MD5

      fe356ab62b074339cc1e5636f44b0419

    • SHA1

      6d8bd6810de1fbd7261328bdc85a4e1bd9c53f1d

    • SHA256

      4d070efa5ba86967726d4118eed59e73bff79f0b5eb37e4b7f8d5a5a425cb0bf

    • SHA512

      197bc4969f8cba22fe5a79268d191d59b108db1767218aff299fa5366285422cd3fef61b177347b92f0d291423e5b029835bb67eed0e48088ddff34cce6f6ecd

    • SSDEEP

      49152:3Edb/J2TvxJVWKNqt4R+j25AH+T3ch7g9d+VRl1qHiBUdDYXwUoT+C3T8:3siv1WsqiAiUgrKiHim2XdoT/A

    Score
    10/10
    hydrabankerdiscoveryevasioninfostealerpersistencestealthtrojancollectioncredential_access

    • Hydra

      Android banker and info stealer.

      bankertrojaninfostealerhydra

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Queries information about active data network

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery

    • Requests enabling of the accessibility settings.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks