Overview

overview

10

Static

static

6

97f1482339...94.apk

android-9-x86

10

97f1482339...94.apk

android-10-x64

10

97f1482339...94.apk

android-11-x64

10

Analysis

  • max time kernel
    75s
  • max time network
    67s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    05-08-2024 06:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    97f14823391ad297d0dfefd6dea3a594.apk

  • Size

    4.5MB

  • MD5

    97f14823391ad297d0dfefd6dea3a594

  • SHA1

    3d5295923a7dad2ce656192e96085ad230d24992

  • SHA256

    60d897552b97f3674000a6251cf3eea86cf37ff40a0d3a647a84e1bb1228eb36

  • SHA512

    122b13fe6e1ecdc8c674013435bfd3874be151fb651a4009e5d8e8e30e673075518eeb62ec521a2a6fa108a25109616b02fbc6735c086f567b7dfb00405f791d

  • SSDEEP

    98304:qpmvfdSo6MFilhnZMN20pJMaPVVyf8NIhnVYE6NMRL3Ne+LmUKNa:qpufeMFWZMN2Jaef8NMVeMRL9HmUK4

Score
10/10
hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencestealthtrojan

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence

Processes

  • fjucibysul.uqanrqredeyauczymgysadtadn.ame
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4256
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/fjucibysul.uqanrqredeyauczymgysadtadn.ame/app_DynamicOptDex/WhNHNd.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/fjucibysul.uqanrqredeyauczymgysadtadn.ame/app_DynamicOptDex/oat/x86/WhNHNd.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4282

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/fjucibysul.uqanrqredeyauczymgysadtadn.ame/app_DynamicOptDex/WhNHNd.json
    Filesize

    2.6MB

    MD5

    0d860a45f18c86ee3f280f38bd3b1240

    SHA1

    d5de2d96c2cd1fb1ba34661d3d4293ddbcc23454

    SHA256

    f09e9e88210fa56bcd8419fb83a41b06e982d379760c3eac04a149e532166f88

    SHA512

    281eb3cdd3ba6ba35b6169e0fbd7808b3ab7f8a83d26e4a7efef0af1b292f7022026b81c2d711a1a003354f447c2f4a83ae8aadbf87d0425a1605ea80d5c431f

    Download Submit

  • /data/data/fjucibysul.uqanrqredeyauczymgysadtadn.ame/app_DynamicOptDex/WhNHNd.json
    Filesize

    2.6MB

    MD5

    d08fcb5b69fc7943e2d5edec4b89a540

    SHA1

    f14ad38a138932b1e2069de20db1f3c98a85035a

    SHA256

    648a65588f8f385d3fc735fdf87bf3b6f2c7999e4dafef7a32c420bf009c18c2

    SHA512

    731c0a0580e4424e3b5d2c6fe674d70a62dbb985800ce6c910bef010f9450c9269129334ec5235f882f466da063954ceea3d7fb1e81f7a66beb9d0c3c84e38f5

    Download Submit

  • /data/data/fjucibysul.uqanrqredeyauczymgysadtadn.ame/app_DynamicOptDex/oat/WhNHNd.json.cur.prof
    Filesize

    1KB

    MD5

    b58655020ae4b35d19d82060bae0af92

    SHA1

    283c024a794da9d097cbb56b4c70eba0413a2940

    SHA256

    bdde88d028208420b71775855e1bdf59faebf3bc366064069d5f5963dcd29f1c

    SHA512

    7741007bdbf019324d3ff83e55398adf1eb7e394e70a59e6e856abfb400bf3ecdc56174fde8cdecb718697e55d1f1317f107659bb92a88cb90f4274abe445715

    Download Submit

  • /data/user/0/fjucibysul.uqanrqredeyauczymgysadtadn.ame/app_DynamicOptDex/WhNHNd.json
    Filesize

    2.6MB

    MD5

    e97a2e685c132a6b8f1d64e3f5de64e0

    SHA1

    b574847d19034d174ed0d82a31e9378cc1e0ae76

    SHA256

    a75f0ab3f700d263d836a6d4b014ae5d32c21724af555b6947b016d8fe5ef62b

    SHA512

    70148b40eeac3e34b2832dafb89fd09ce4e0d028620ab76ab2751ce2dfd061f7c67c8ecb959257f32e5cd9c99057f8d305c018f748c022bc6bfd662ab145bf9a

    Download Submit