General

  • Target

    629b2f7b99521ec7bff2a3ef88a7affa9016bac07472f33af6c2d7568291322f

  • Size

    4.5MB

  • Sample

    240815-yh1n7sveln

  • MD5

    3db50875438e5fa092d392ae0e73e7a1

  • SHA1

    e26698ae51559e2c04f361935b1a62cd141138d1

  • SHA256

    629b2f7b99521ec7bff2a3ef88a7affa9016bac07472f33af6c2d7568291322f

  • SHA512

    111ef10d8554d369814bfc7021835b6c7f1fa834d67bcf9d809ef184b4dcd1ed7e4e1ab0a56268b3bc6bf87379b7d2366bf9fb184cce47a9549fa8e1f2ddd1a0

  • SSDEEP

    98304:0VpoSSInDbSqSLF75CjRkEDrQ9sXCqh9A7jKenZ7AtoBMQKiaQYcCvkaYhQ:UoSnnDmqah5CLDGsha7TZ7X+QKBQov5

Malware Config

Targets

    • Target

      003d2fd8ef8fc9d4765e4bbc650ecd20ef339be94606486629c003f683cb5982.apk

    • Size

      4.6MB

    • MD5

      176d6ca459a33f3e2ac5bb9e5d30eb6c

    • SHA1

      035e484288cc983844a08f69231ddbc9d797b17c

    • SHA256

      003d2fd8ef8fc9d4765e4bbc650ecd20ef339be94606486629c003f683cb5982

    • SHA512

      1f3f932db0ae3b3344284dc6eb10ee143a83bc28ff2550aef8ef693f507545f0163d0bb992364c708d8f4e3d9696f917305df91776299fa992a6de6338fde764

    • SSDEEP

      98304:ymnJdoaleb5yyE0ABLryi1CWyHmPqQqfdf5vLMRB2PwO2vfX1kujDl:yixcNyyEprl1eGP2B5E2PwvdvXl

    • Hydra

      Android banker and info stealer.

    • Hydra payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Queries information about active data network

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks