Overview

overview

10

Static

static

6

814cc255fb...18.apk

android-9-x86

10

814cc255fb...18.apk

android-10-x64

10

814cc255fb...18.apk

android-11-x64

10

Analysis

  • max time kernel
    178s
  • max time network
    133s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    01-08-2024 17:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    814cc255fb09aa69934a0bd6209e2cc2_JaffaCakes118.apk

  • Size

    5.1MB

  • MD5

    814cc255fb09aa69934a0bd6209e2cc2

  • SHA1

    ca78b55c86c329788806019c1eae1137ee48ee10

  • SHA256

    3529ee191fc7d8a351436adb058e1b3d4f1ab460638eb26eda1e0b5e98800dbb

  • SHA512

    9dfb359ea71622c0c33490d77c42912238398ce4e0a9ca5070329348b289c1bfd55ae4e165408d20ec6c9fccd4059701b7689c7ca2472212660a2f46be88805e

  • SSDEEP

    98304:yQEeqttwbjkiuBgocZ3MH/oZ7nfF1fiJYiQmwgJ/rtVqJabqZa1MdtyVsobh0:YAbgdgocGM1fi/QmvgJa2KMdpZ

Score
10/10
hydrabankercollectioncredential_accessdiscoveryevasioninfostealertrojan

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery

Processes

  • fqey.lyrcbotqgnnwolmxceln.lsaga
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    PID:4474

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/fqey.lyrcbotqgnnwolmxceln.lsaga/app_DynamicOptDex/fbSikw.json
    Filesize

    3.1MB

    MD5

    fa96d6100853806e22dbd72cf4539f1d

    SHA1

    2e4343ac254eaa7952802e0d5a31f60ed3f68bf0

    SHA256

    16b26a153b64156b279b866747990bfd029e637118805f8f29788c0a1da81b1f

    SHA512

    d25221e9f9ff90fd7da750bd8a94f6dcba62a7fd3245252d42f6af30f14c813ae5926d0eea9829d3d3ccf7a408bcb2ca54b2acda56ba0b921e02c26f794fd4e2

    Download Submit

  • /data/user/0/fqey.lyrcbotqgnnwolmxceln.lsaga/app_DynamicOptDex/fbSikw.json
    Filesize

    3.1MB

    MD5

    2220a66512924e0ced83a2df6a9d6cc9

    SHA1

    f839a63c6e4526f61be861b32bd3f336e1b5b7d3

    SHA256

    f30aed324101c4b87e153eb066e98722558bd1d2fc4fb80820e4978ff623a19c

    SHA512

    4b5c638ce74be2c38910e2b92852910afd194b12456d5836aed9e1472b25345a82aad0598728eeee7cdcd54e5be697a145e4802e7e900716cf18763672a4a9aa

    Download Submit