General

  • Target

    a45099d395e853eb014419dd3ec55476c098cfb5873c83936e1e4a81141455bf.bin

  • Size

    4.2MB

  • Sample

    241015-11nhpstfnp

  • MD5

    162d18015b17034fe1b4f25e8a0e5080

  • SHA1

    87d1de42aaeb433ccce200ae65e2bc6559135365

  • SHA256

    a45099d395e853eb014419dd3ec55476c098cfb5873c83936e1e4a81141455bf

  • SHA512

    48d327cc8019878178c460f8ca147118bb41c297dbf8d47e982840f82d4613ba24d59a327a5cbc42d9ab31dfdbf4ea44133598b549f836f378db68992eaa608b

  • SSDEEP

    98304:KByqZjqEBB5dWpGxjg1U/i1wdXBE5lZ0mOSlVvGQx9:2yqZjhBBbtg1Ei1wdX2jJgQf

Malware Config

Extracted

Family

hydra

C2

http://aksd24j3232d32kd2j.xyz

DES_key

Targets

    • Target

      a45099d395e853eb014419dd3ec55476c098cfb5873c83936e1e4a81141455bf.bin

    • Size

      4.2MB

    • MD5

      162d18015b17034fe1b4f25e8a0e5080

    • SHA1

      87d1de42aaeb433ccce200ae65e2bc6559135365

    • SHA256

      a45099d395e853eb014419dd3ec55476c098cfb5873c83936e1e4a81141455bf

    • SHA512

      48d327cc8019878178c460f8ca147118bb41c297dbf8d47e982840f82d4613ba24d59a327a5cbc42d9ab31dfdbf4ea44133598b549f836f378db68992eaa608b

    • SSDEEP

      98304:KByqZjqEBB5dWpGxjg1U/i1wdXBE5lZ0mOSlVvGQx9:2yqZjhBBbtg1Ei1wdX2jJgQf

    • Hydra

      Android banker and info stealer.

    • Hydra payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Reads the contacts stored on the device.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

    • Queries information about active data network

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks