General

  • Target

    d6fabd6517729b26751e23dfa4c9ec60.zip

  • Size

    8.3MB

  • Sample

    240831-hjdcas1bkh

  • MD5

    007cd582080a5dcad1b2a03437f10786

  • SHA1

    6d27f8d5340a9fb7c363339307fa299168de59b0

  • SHA256

    0b006e3c7fef4a508c71918096832fd8c5e2eb3d98cbc14b32d7527f2a831c07

  • SHA512

    10ae5c63c126014e2ddb7f06148ce51c289c1007a5ca136b3265911b5c0374d677992115951683eafcf08c34902dd88d33321c471a6c0906270172961da1b833

  • SSDEEP

    196608:0E2/CZ7OGOnV5Iswxu923fDKpNA3qKMPkecH4k7PYOWy:0JWybEy9xpNAbMP3cH4kPYO7

Malware Config

Targets

    • Target

      4e88ad99d9d23fec0a1e3dcb508639c637f44099dbf099fef563b0bdce3db12d

    • Size

      8.4MB

    • MD5

      d6fabd6517729b26751e23dfa4c9ec60

    • SHA1

      5b9025a269bb5131757ca5b6bb80410c0edc68d9

    • SHA256

      4e88ad99d9d23fec0a1e3dcb508639c637f44099dbf099fef563b0bdce3db12d

    • SHA512

      8182823c2a27c630f7fe64862abf8a436468250e8fb1d70a75199f11ecd47f60ef3330aba02e74d69b4db1c8606fcb58b9dde9949feb137dd89dfecdd41d080c

    • SSDEEP

      196608:mxoNyHUeAjc1CbFM/usyNYHmEDWx0RiQdyjynFAL91:m/0jjcAbFM/N2YHmwWabyj401

    • Hydra

      Android banker and info stealer.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Queries information about active data network

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks