Overview

overview

10

Static

static

6

006b9c2bf6...ea.apk

android-9-x86

10

006b9c2bf6...ea.apk

android-10-x64

10

006b9c2bf6...ea.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    006b9c2bf6cc9d179b493be1385a5dc459ae8a7a4359faf0ecdab944c87081ea.bin

  • Size

    4.9MB

  • Sample

    241019-16bfbsscpc

  • MD5

    5c1061f97f9314a1cc90a0a1c05f9b7f

  • SHA1

    6587bb49678097bafbadd391ad437627c36b209a

  • SHA256

    006b9c2bf6cc9d179b493be1385a5dc459ae8a7a4359faf0ecdab944c87081ea

  • SHA512

    0e74e126efa8321cab855e3e4e0410d8b3990930277e774cb5372d56597f8ef9c58c64463c5ceb2ad69827e60d68ec183414b04a580698d3425c97ceeb235268

  • SSDEEP

    98304:RXDObW1Tnc7hgPhL2QZaCdHV7Xp+cAC9RGVNbbytz4jvRJVxWzbXdHaui:dybWhqQ0gHV7Xp+cTRaNTvR/AIui

Score
10/10
hydraandroidbankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

hydra

C2

http://darisamu.com

DES_key
1
69626f6e6a697a65

Targets

    • Target

      006b9c2bf6cc9d179b493be1385a5dc459ae8a7a4359faf0ecdab944c87081ea.bin

    • Size

      4.9MB

    • MD5

      5c1061f97f9314a1cc90a0a1c05f9b7f

    • SHA1

      6587bb49678097bafbadd391ad437627c36b209a

    • SHA256

      006b9c2bf6cc9d179b493be1385a5dc459ae8a7a4359faf0ecdab944c87081ea

    • SHA512

      0e74e126efa8321cab855e3e4e0410d8b3990930277e774cb5372d56597f8ef9c58c64463c5ceb2ad69827e60d68ec183414b04a580698d3425c97ceeb235268

    • SSDEEP

      98304:RXDObW1Tnc7hgPhL2QZaCdHV7Xp+cAC9RGVNbbytz4jvRJVxWzbXdHaui:dybWhqQ0gHV7Xp+cTRaNTvR/AIui

    Score
    10/10
    hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

    • Hydra

      Android banker and info stealer.

      bankertrojaninfostealerhydra

    • Hydra payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Reads the contacts stored on the device.

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

      evasion

    • Queries information about active data network

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.