Overview

overview

10

Static

static

6

a45099d395...bf.apk

android-9-x86

10

a45099d395...bf.apk

android-10-x64

10

a45099d395...bf.apk

android-11-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    155s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    15-10-2024 22:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a45099d395e853eb014419dd3ec55476c098cfb5873c83936e1e4a81141455bf.apk

  • Size

    4.2MB

  • MD5

    162d18015b17034fe1b4f25e8a0e5080

  • SHA1

    87d1de42aaeb433ccce200ae65e2bc6559135365

  • SHA256

    a45099d395e853eb014419dd3ec55476c098cfb5873c83936e1e4a81141455bf

  • SHA512

    48d327cc8019878178c460f8ca147118bb41c297dbf8d47e982840f82d4613ba24d59a327a5cbc42d9ab31dfdbf4ea44133598b549f836f378db68992eaa608b

  • SSDEEP

    98304:KByqZjqEBB5dWpGxjg1U/i1wdXBE5lZ0mOSlVvGQx9:2yqZjhBBbtg1Ei1wdX2jJgQf

Score
10/10
hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

hydra

C2

http://aksd24j3232d32kd2j.xyz

DES_key

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence

Processes

  • com.sihyovopf.mlzohibgc
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Reads the contacts stored on the device.
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:5003

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.sihyovopf.mlzohibgc/app_dex/classes.dex
    Filesize

    2.7MB

    MD5

    1345d33c3c96e15974e98d20b24a70c9

    SHA1

    81de4e1096403e00334da7227bef772b7ae86cf0

    SHA256

    021151dcbee31db0589e7703d30830c43855c065814531f7504d991ccc65cdec

    SHA512

    78e506df1df77e2ac931c3b03f47ba921594edab72fb0d7f940eaf84ee7985c53d2672428d2473fee8af3dd963303f5495985ecae981b1d28b602bc6abee3617

    Download Submit

  • /data/data/com.sihyovopf.mlzohibgc/cache/classes.dex
    Filesize

    1.3MB

    MD5

    4950a1a3af989c956c4e580b8cf43eb8

    SHA1

    dce58a6dc10fe4e8e7c1d5df661654ad6a866a47

    SHA256

    82f97405192510f32061190c3875c30b92f5ac5e0ef9ac76b3ad9b4577cbfa47

    SHA512

    c5a186f133461dcb6dee55ac83d85b9ec81c1922d139a8d0ed17367bbe51eb9b597d9d8c7910dbd10c001d3752c01e33695ae853cf4dc332139c01e0a4e282db

    Download Submit

  • /data/data/com.sihyovopf.mlzohibgc/cache/classes.zip
    Filesize

    1.3MB

    MD5

    57548c24c3d8f604d4c61bdc67a2af27

    SHA1

    0247207ead6601560f97d00e5e13f98aa9c059c0

    SHA256

    61c61159d145337065e7ab1ee4ec7cd7a0c2d3766761482b5ee8f5673cad41d4

    SHA512

    5ba48e32b059477b0b289487cf5d427ac459d6a5af75883d78dbd23cdb36174f810e8112e4cdc83a9b4161d2db711b47d280b33975dc70dac187c491cc3608d7

    Download Submit