Overview

overview

10

Static

static

6

003d2fd8ef...82.apk

android-9-x86

10

003d2fd8ef...82.apk

android-10-x64

10

003d2fd8ef...82.apk

android-11-x64

10

Analysis

  • max time kernel
    178s
  • max time network
    133s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    15-08-2024 19:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    003d2fd8ef8fc9d4765e4bbc650ecd20ef339be94606486629c003f683cb5982.apk

  • Size

    4.6MB

  • MD5

    176d6ca459a33f3e2ac5bb9e5d30eb6c

  • SHA1

    035e484288cc983844a08f69231ddbc9d797b17c

  • SHA256

    003d2fd8ef8fc9d4765e4bbc650ecd20ef339be94606486629c003f683cb5982

  • SHA512

    1f3f932db0ae3b3344284dc6eb10ee143a83bc28ff2550aef8ef693f507545f0163d0bb992364c708d8f4e3d9696f917305df91776299fa992a6de6338fde764

  • SSDEEP

    98304:ymnJdoaleb5yyE0ABLryi1CWyHmPqQqfdf5vLMRB2PwO2vfX1kujDl:yixcNyyEprl1eGP2B5E2PwvdvXl

Score
10/10
hydrabankercollectioncredential_accessdiscoveryevasioninfostealertrojan

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery

Processes

  • kind.collect.action
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    PID:4482

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/kind.collect.action/app_DynamicOptDex/oat/xcN.json.cur.prof
    Filesize

    1KB

    MD5

    28e0e196466ba0ae4cc5ff79a714d3fa

    SHA1

    d14204e3c2970a605a8ef41f9a4e3b76c1ac7e4a

    SHA256

    344ff9211759be3b33a4a16ac6e4eca80d6cc254a001671de8340107d6d110e4

    SHA512

    1a631a95ab8f09249956f097dfe05167f7cab7f75654b7ab5c61329960f079032474df922a4baba96234acef0a14bda3fdf5a2d65e4d7d5add07af45c175237c

    Download Submit

  • /data/user/0/kind.collect.action/app_DynamicOptDex/xcN.json
    Filesize

    2.8MB

    MD5

    0cf5557cbf0383fd47f1c40d3a1da83c

    SHA1

    ff3596f068cb5afc6cf8c0c89618c2894306a11b

    SHA256

    b81fc2b74dc198f8dac12b56025512400ad3ab35702fd554e21e1f2752029395

    SHA512

    b943d9c70aa8f10c698531b398e45a98a5c6c5dea5d5e9e22f3e2658b1b59244e3f5240d535760ebba53ca7729317c50724acf1a554d2dfc21100349e9c5bc22

    Download Submit

  • /data/user/0/kind.collect.action/app_DynamicOptDex/xcN.json
    Filesize

    2.8MB

    MD5

    f07247ab92fac8e2a2bf4378351e6650

    SHA1

    cacf739c3fd37ec2f83c5ae7ec5f6de115f70467

    SHA256

    1c88a0718b8ddc9fd0de16629247306056580c41e6e6c958591c890c1bff84d9

    SHA512

    6f9ea9792b438d619ade10ea332f494d7274bc8e500cdb093e8599a2c46bb094843b0980eb807d153b8ee708ae7a67ee51455e15ba86497ef0e19a3eed990e51

    Download Submit