Overview

overview

10

Static

static

6

a6d27ba039...3d.apk

android-9-x86

10

a6d27ba039...3d.apk

android-10-x64

10

a6d27ba039...3d.apk

android-11-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    158s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    15/10/2024, 21:10

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a6d27ba039ac9cb0d5a6a3cffca2002feb9ecb8cfed54ce5c0a768064084d43d.apk

  • Size

    6.2MB

  • MD5

    e5445cda1bf1f82fc1fd4edb1317c41f

  • SHA1

    8b3d7122a94bb1694e1d3e33cbbd056e4350598b

  • SHA256

    a6d27ba039ac9cb0d5a6a3cffca2002feb9ecb8cfed54ce5c0a768064084d43d

  • SHA512

    84dcd079ac022faf2707c2cdb48bc656320307e0d03d58748de78a7fa73bfe8c071a491bdc4401e7b8d31e60024cae43c947307ffdc64d7c54e4f185076fe0bc

  • SSDEEP

    196608:m8+atol4aXiwsyOKu/EywCJ8Uvqjn1AzA3dU6Ecsk:m8+ayeNwsL3Nw7UvqjKQU69sk

Score
10/10
hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence

Processes

  • com.ombththz.ufqsuqx
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4941

Network

        MITRE ATT&CK Enterprise v15

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.ombththz.ufqsuqx/tyfkjfUjju/HjIgfhjyqutIhjf/tmp-base.apk.gjGyTF81200936452074205544.88g
          Filesize

          2.8MB

          MD5

          a7e99e760bc8421e85d52ed5c34a9e18

          SHA1

          604b27b7938c8318fbb5ed7822f87ef8499cb105

          SHA256

          f1d0c0fbcb6f8eb89f7fbf2b2415d7afc3ff077826ffb1edb13a1bb77f2b02a3

          SHA512

          e04b2e983a8733816981ae1c8d5d5fcf42444e68f89501e9e2ba7c8149e5ff9b2ea8d3ca78f18e5180d341629aa93701d63bc6192c401ca677f29efe3ed3db1b

          Download Submit

        • /data/user/0/com.ombththz.ufqsuqx/tyfkjfUjju/HjIgfhjyqutIhjf/base.apk.gjGyTF81.88g
          Filesize

          7.4MB

          MD5

          51e100964dbe5ee426745201f1f8b705

          SHA1

          936ce15dcb75bff6409e79dccfa5137691982159

          SHA256

          e2e6b1095041c1cdb89ed390e884de77f4c8aa8f2d820ecf1ccdd1faba2da427

          SHA512

          63c9e95a2e3923134177aa36e87deceb652d3ae5bd8bea1a4db57f5ecbba53fc9ded9f263e18e37bef57c6b47430adfd04aa7933fc523f29a6556121e0cd42e7

          Download Submit