Overview

overview

10

Static

static

6

34d77868cb...f3.apk

android-9-x86

10

34d77868cb...f3.apk

android-10-x64

10

34d77868cb...f3.apk

android-11-x64

10

Analysis

  • max time kernel
    175s
  • max time network
    183s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    05-08-2024 06:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    34d77868cbf62fda6b88a5c7b037d3f3.apk

  • Size

    4.4MB

  • MD5

    34d77868cbf62fda6b88a5c7b037d3f3

  • SHA1

    00cdfeaa48544e5c6f0ba3d9329bb015e51e5972

  • SHA256

    4e20b8bf1a926e7d5b84e75c920457d9dc572ec78b9a23d1b08afcefe9b78e5c

  • SHA512

    c4e6e76c670d94062cedac1abfa814e2062087cc12626581c66754b642c17f5d296a5e37b546a9549f30a9a96e59daea8e2b7f86786f999b75124791f4bbcd8b

  • SSDEEP

    98304:LCVeYx5HKqvpDRG1DMlRiQQxX/sqS1zHOrBNI:LqXHNvwp5sjzau

Score
10/10
hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence

Processes

  • phwbin.meww.xojktruujg
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4976

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/phwbin.meww.xojktruujg/app_DynamicOptDex/OF.json
    Filesize

    2.6MB

    MD5

    a1fe9c54a7f9befa304187869fac76da

    SHA1

    53908c10ecc50d1235bf7f1b292323dfc1bd858d

    SHA256

    96c14703d56809246c5137cc9d361bb6fe7e6844bd97efe0378473c5e1fa6e3a

    SHA512

    44b870e299d303d86b3fd2196e8c77124a40d3ed0e3aec9e3909874951f98485fdabc2e9866cf4d424350dccaa6809fa6021c3c97a435182d7d55918de159b6b

    Download Submit

  • /data/data/phwbin.meww.xojktruujg/app_DynamicOptDex/OF.json
    Filesize

    2.6MB

    MD5

    db0f230a0e1a546f83769c613d986299

    SHA1

    50317405a49a3b257ad1b2cc5f854cafefedb80f

    SHA256

    8b42329687f8371c8a018fc98f0c3701670c891a7edf044b3478a0c9316818e4

    SHA512

    56e8f504c3e2da8a136a3db7316368325814e5fdcf09ab47442432583f5df47691bb36cb4a912f6a1bb78e0e2f61f21e805a297e6c9d591f6bb97881b0852713

    Download Submit

  • /data/data/phwbin.meww.xojktruujg/app_DynamicOptDex/oat/OF.json.cur.prof
    Filesize

    1KB

    MD5

    65c4b66d02728f231e612bd84622948a

    SHA1

    64fae3ac25f6b35dcb9cd8dcb8dcd1f9c35add64

    SHA256

    f9767be00aa272ab7be04cdafc0f7ca9d1b6e17e5dc055ec73706589df039843

    SHA512

    87baf2ec539f4f20eff083a81effe39f489f748470ac38d7c49a336867e860edf80f90bf9677443fe3a64adb554af718695a4ef85c3f54455a999e5d22ace528

    Download Submit