Analysis
-
max time kernel
177s -
max time network
167s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
-
submitted
04-08-2024 22:06
General
-
Target
60d897552b97f3674000a6251cf3eea86cf37ff40a0d3a647a84e1bb1228eb36.apk
-
Size
4.5MB
-
MD5
97f14823391ad297d0dfefd6dea3a594
-
SHA1
3d5295923a7dad2ce656192e96085ad230d24992
-
SHA256
60d897552b97f3674000a6251cf3eea86cf37ff40a0d3a647a84e1bb1228eb36
-
SHA512
122b13fe6e1ecdc8c674013435bfd3874be151fb651a4009e5d8e8e30e673075518eeb62ec521a2a6fa108a25109616b02fbc6735c086f567b7dfb00405f791d
-
SSDEEP
98304:qpmvfdSo6MFilhnZMN20pJMaPVVyf8NIhnVYE6NMRL3Ne+LmUKNa:qpufeMFWZMN2Jaef8NMVeMRL9HmUK4
Malware Config
Signatures
-
Hydra
Android banker and info stealer.
-
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries information about active data network 1 TTPs 1 IoCs
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes
-
fjucibysul.uqanrqredeyauczymgysadtadn.ame1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/fjucibysul.uqanrqredeyauczymgysadtadn.ame/app_DynamicOptDex/WhNHNd.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/fjucibysul.uqanrqredeyauczymgysadtadn.ame/app_DynamicOptDex/oat/x86/WhNHNd.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.6MB
MD50d860a45f18c86ee3f280f38bd3b1240
SHA1d5de2d96c2cd1fb1ba34661d3d4293ddbcc23454
SHA256f09e9e88210fa56bcd8419fb83a41b06e982d379760c3eac04a149e532166f88
SHA512281eb3cdd3ba6ba35b6169e0fbd7808b3ab7f8a83d26e4a7efef0af1b292f7022026b81c2d711a1a003354f447c2f4a83ae8aadbf87d0425a1605ea80d5c431f
-
Filesize
2.6MB
MD5d08fcb5b69fc7943e2d5edec4b89a540
SHA1f14ad38a138932b1e2069de20db1f3c98a85035a
SHA256648a65588f8f385d3fc735fdf87bf3b6f2c7999e4dafef7a32c420bf009c18c2
SHA512731c0a0580e4424e3b5d2c6fe674d70a62dbb985800ce6c910bef010f9450c9269129334ec5235f882f466da063954ceea3d7fb1e81f7a66beb9d0c3c84e38f5
-
Filesize
1KB
MD58a396ed08d9045ceed2170828b11683a
SHA143220c25e03374dec7d76412ee8cdf6babf912eb
SHA256a202b2ef3c82974dcc185f8a1f2c752181be7d6778284d6ccb87e24fbde1d150
SHA512b31c236fbd3c0bd23248cd10a150a1394d7d4827117542919b8e2d041774db6f412b7741a2d180e2d8ec0bcd376efecf84ed6185b6c65063d93d3fb58c140b8e
-
Filesize
2.6MB
MD5e97a2e685c132a6b8f1d64e3f5de64e0
SHA1b574847d19034d174ed0d82a31e9378cc1e0ae76
SHA256a75f0ab3f700d263d836a6d4b014ae5d32c21724af555b6947b016d8fe5ef62b
SHA51270148b40eeac3e34b2832dafb89fd09ce4e0d028620ab76ab2751ce2dfd061f7c67c8ecb959257f32e5cd9c99057f8d305c018f748c022bc6bfd662ab145bf9a