Overview

overview

10

Static

static

6

f2a59687a2...4c.apk

android-9-x86

10

f2a59687a2...4c.apk

android-10-x64

10

f2a59687a2...4c.apk

android-11-x64

10

Analysis

  • max time kernel
    179s
  • max time network
    149s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    16-08-2024 22:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f2a59687a2ddfab336d1bbea27de31134a412d3730e06220e51fbe16ede9964c.apk

  • Size

    4.9MB

  • MD5

    8c2a8923ea3d531a9b8d786256b1aaa8

  • SHA1

    cc8e07ac78ddf1ae756378cf0cf62daf3eb1d4d3

  • SHA256

    f2a59687a2ddfab336d1bbea27de31134a412d3730e06220e51fbe16ede9964c

  • SHA512

    900fd0475053a3eb64814294d7bcfc090ce016ce84393183e831770491cac29781d5a7f02a3bca04031c798576ba187991b60910310db6d484e9e0c3aa7a1928

  • SSDEEP

    98304:cKe8xQ2rBZGGKa8PpuYuqYFcnVBahRyheguPoVaHI/dwjpvfhQMly:cKeSNMxuHSH+U0g0YO9feMly

Score
10/10
hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

hydra

C2

http://wefjiwejfwjefjwefwjifwjfjwfjwjifji4432.cfd

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery

Processes

  • com.dcqjifsib.pipoeqmxr
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Reads the contacts stored on the device.
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    PID:4620

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.dcqjifsib.pipoeqmxr/app_app_dex/lknehhj.juh
    Filesize

    2.7MB

    MD5

    8f308dca289255f804d884e65fb9f2a2

    SHA1

    240b935c3299e529cff072f4255f0c0736a34aa1

    SHA256

    9500021946a004b7bde4f5ef8e9d78fd8c5d135b779a194bd976e3cbd0208d96

    SHA512

    629e71eeda9976d7b306b11a79618e1ee42eeb47b901972d30227b2b9f9f0f9c7bd94897624314b2299767dd4e5384d20e987967dfc29444f6288462ac060d91

    Download Submit