Overview

overview

10

Static

static

6

fd66ce40e7...18.apk

android-9-x86

10

fd66ce40e7...18.apk

android-10-x64

10

fd66ce40e7...18.apk

android-11-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    149s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    28-09-2024 23:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fd66ce40e73dbfe2a1f6a718c5ca30da_JaffaCakes118.apk

  • Size

    4.7MB

  • MD5

    fd66ce40e73dbfe2a1f6a718c5ca30da

  • SHA1

    696431ac145a50da1b1060639d7908c682f134c8

  • SHA256

    b0ac55805196efd6af8d21642c3dd81ea0900847c2544404292b4bfd1ce84fa3

  • SHA512

    371c38332a1ba8e1ea8224c1d2f47f14df4e8c9f78c981aacb7fa36496e7dbe0ea06e369f9236fa61b1588f0ef5b9784be1583872df4ef6b7c9504d338c00fe3

  • SSDEEP

    98304:hN23CGCNT1OO6CuFJaylF8ZCCfxOk13C3cFR+ARW5yYbsae+P7Wv/2TrJ1ebpFA:hI3C/NTt6HVlCZCQxERARW5galPi2TFP

Score
10/10
hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence

Processes

  • army.custom.bridge
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:5003

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/army.custom.bridge/app_DynamicOptDex/nONUI.json
    Filesize

    2.9MB

    MD5

    ce7a6326e03a012353382c57c7003cca

    SHA1

    cc387b5a1acd3d6ca37be33a334b8853321ada39

    SHA256

    89b2027db7f4979061ab23bba5f0255d65ab4831d40996609091cee6993bdb17

    SHA512

    810676b55874324fa44d1f45f06a7fcfe667ef73eecc48fc1295b3c1010b7899fa14ae049da10c549cb572eac29990c1381719fca6e9bea436492d63c480d3bb

    Download Submit

  • /data/data/army.custom.bridge/app_DynamicOptDex/nONUI.json
    Filesize

    2.9MB

    MD5

    e88baf55960ac7227c804a0b02fdd5a3

    SHA1

    cc577285ad57737e7f1dd29638f1319876b68d3e

    SHA256

    12e54bd019c6d386c786cc33b8365036ab47aa2af1f9c43c40a0632cd76e38c5

    SHA512

    317d858abb6b531e86ae7a60fe1e69402e5d86afd8b7332168d6afd8aa4f213efc2bf7fddbc3b3efe92f0ff5029de580d53ef09fd537d95e76d9cc9f66c83779

    Download Submit

  • /data/data/army.custom.bridge/app_DynamicOptDex/oat/nONUI.json.cur.prof
    Filesize

    1KB

    MD5

    447d0038b6915eac51298408e5a30368

    SHA1

    58e5816c05b1bb91d5038d4a45fbf09b238f5ac2

    SHA256

    28019053314507cae9a9ebdee19ad7bed784ce93404268c8f68e0aeb9a0ab670

    SHA512

    1e3b38dab310f4a20e4868b4a6cf02686f1a0afd3002ba79d3721951adb8a5d3a3e9c322bb4ab77e567820ca246780b0fd6cf934688b9a4bdea4a91262713966

    Download Submit