General
-
Target
a45099d395e853eb014419dd3ec55476c098cfb5873c83936e1e4a81141455bf.bin
-
Size
4.2MB
-
Sample
241015-11nhpstfnp
-
MD5
162d18015b17034fe1b4f25e8a0e5080
-
SHA1
87d1de42aaeb433ccce200ae65e2bc6559135365
-
SHA256
a45099d395e853eb014419dd3ec55476c098cfb5873c83936e1e4a81141455bf
-
SHA512
48d327cc8019878178c460f8ca147118bb41c297dbf8d47e982840f82d4613ba24d59a327a5cbc42d9ab31dfdbf4ea44133598b549f836f378db68992eaa608b
-
SSDEEP
98304:KByqZjqEBB5dWpGxjg1U/i1wdXBE5lZ0mOSlVvGQx9:2yqZjhBBbtg1Ei1wdX2jJgQf
Static task
static1
Behavioral task
behavioral1
Sample
a45099d395e853eb014419dd3ec55476c098cfb5873c83936e1e4a81141455bf.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
a45099d395e853eb014419dd3ec55476c098cfb5873c83936e1e4a81141455bf.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
a45099d395e853eb014419dd3ec55476c098cfb5873c83936e1e4a81141455bf.apk
Resource
android-x64-arm64-20240624-en
Malware Config
Extracted
hydra
http://aksd24j3232d32kd2j.xyz
Targets
-
-
Target
a45099d395e853eb014419dd3ec55476c098cfb5873c83936e1e4a81141455bf.bin
-
Size
4.2MB
-
MD5
162d18015b17034fe1b4f25e8a0e5080
-
SHA1
87d1de42aaeb433ccce200ae65e2bc6559135365
-
SHA256
a45099d395e853eb014419dd3ec55476c098cfb5873c83936e1e4a81141455bf
-
SHA512
48d327cc8019878178c460f8ca147118bb41c297dbf8d47e982840f82d4613ba24d59a327a5cbc42d9ab31dfdbf4ea44133598b549f836f378db68992eaa608b
-
SSDEEP
98304:KByqZjqEBB5dWpGxjg1U/i1wdXBE5lZ0mOSlVvGQx9:2yqZjhBBbtg1Ei1wdX2jJgQf
-
Hydra payload
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Reads the contacts stored on the device.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries information about active data network
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Impair Defenses
1Prevent Application Removal
1Input Injection
1