General
-
Target
738ec95889eed3395142bf0e3e554b6ca32baf09eabcffc9def60094dee1cd5b.bin
-
Size
4.6MB
-
Sample
240902-1yy7eszbnb
-
MD5
23f0a2179914207408b88895c336d5b2
-
SHA1
675ece114e7d0613c979e812beefdfe18c1d0ae0
-
SHA256
738ec95889eed3395142bf0e3e554b6ca32baf09eabcffc9def60094dee1cd5b
-
SHA512
d1ec24c10ec25a3d7905c38ff9e8158358f4225778257933fa2dc28938beb2b579a7984370029382b96debddf2888521328e312ebae0df5db33d3e43e46126c8
-
SSDEEP
98304:HkoQIrNDB9fSJ4bhxfimngmWR9XIocBkbes82yA2M3tqMsXH0i5:H5vD7fSsxqmngmS9XI0Suptm0i5
Static task
static1
Behavioral task
behavioral1
Sample
738ec95889eed3395142bf0e3e554b6ca32baf09eabcffc9def60094dee1cd5b.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
738ec95889eed3395142bf0e3e554b6ca32baf09eabcffc9def60094dee1cd5b.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
738ec95889eed3395142bf0e3e554b6ca32baf09eabcffc9def60094dee1cd5b.apk
Resource
android-x64-arm64-20240624-en
Malware Config
Extracted
hydra
http://gghfghfhfgccfhfxgdxffg7664.cfd
Targets
-
-
Target
738ec95889eed3395142bf0e3e554b6ca32baf09eabcffc9def60094dee1cd5b.bin
-
Size
4.6MB
-
MD5
23f0a2179914207408b88895c336d5b2
-
SHA1
675ece114e7d0613c979e812beefdfe18c1d0ae0
-
SHA256
738ec95889eed3395142bf0e3e554b6ca32baf09eabcffc9def60094dee1cd5b
-
SHA512
d1ec24c10ec25a3d7905c38ff9e8158358f4225778257933fa2dc28938beb2b579a7984370029382b96debddf2888521328e312ebae0df5db33d3e43e46126c8
-
SSDEEP
98304:HkoQIrNDB9fSJ4bhxfimngmWR9XIocBkbes82yA2M3tqMsXH0i5:H5vD7fSsxqmngmS9XI0Suptm0i5
-
Hydra payload
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Reads the contacts stored on the device.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries information about active data network
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Impair Defenses
1Prevent Application Removal
1Input Injection
1