Overview

overview

10

Static

static

6

006b9c2bf6...ea.apk

android-9-x86

10

006b9c2bf6...ea.apk

android-10-x64

10

006b9c2bf6...ea.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    19-10-2024 22:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    006b9c2bf6cc9d179b493be1385a5dc459ae8a7a4359faf0ecdab944c87081ea.apk

  • Size

    4.9MB

  • MD5

    5c1061f97f9314a1cc90a0a1c05f9b7f

  • SHA1

    6587bb49678097bafbadd391ad437627c36b209a

  • SHA256

    006b9c2bf6cc9d179b493be1385a5dc459ae8a7a4359faf0ecdab944c87081ea

  • SHA512

    0e74e126efa8321cab855e3e4e0410d8b3990930277e774cb5372d56597f8ef9c58c64463c5ceb2ad69827e60d68ec183414b04a580698d3425c97ceeb235268

  • SSDEEP

    98304:RXDObW1Tnc7hgPhL2QZaCdHV7Xp+cAC9RGVNbbytz4jvRJVxWzbXdHaui:dybWhqQ0gHV7Xp+cTRaNTvR/AIui

Score
10/10
hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

hydra

C2

http://darisamu.com

DES_key

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery

Processes

  • com.wgtyctcrz.jmnormrsi
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Reads the contacts stored on the device.
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    PID:4734

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.wgtyctcrz.jmnormrsi/app_dex/classes.dex
    Filesize

    2.7MB

    MD5

    2c787965bd0bb3b11eeca88534edb067

    SHA1

    eb7abc73e32d16b7ac90ff49ee41bfd393d20343

    SHA256

    5555e50681fa470bd24d5967a38c57fdd5bf8a30c166158099aaf507f2381076

    SHA512

    5262aba324cdc1f63f9fe844f4b543905ac1b32328f4a9a2600ba05838ed70c03fade5a39f70c1e4cffed7cd825ed87702aef6f3ff6111cfbd8ce9eb50a9cb45

    Download Submit

  • /data/data/com.wgtyctcrz.jmnormrsi/cache/classes.dex
    Filesize

    1.3MB

    MD5

    a795a5b296d76c86b9eecb893ea1cd02

    SHA1

    aab575bf888cb626ecec8ad2edddb39a552507b3

    SHA256

    afd997571ef21a5783cc3666b79b850051b0bc8519d219d97ef0601b40a9f1ea

    SHA512

    c92252a1fc53b4e18d4e294fc17898ad3eb58d8646d7ab844f9f1492e197e257db509fe48a4dd8e2f975404e29eb043b3b6c311f55a24f628c51ec78f0e26565

    Download Submit

  • /data/data/com.wgtyctcrz.jmnormrsi/cache/classes.zip
    Filesize

    1.3MB

    MD5

    22729086b6dba708a7cef178ece2f2b7

    SHA1

    8aacfb5fcb9b5ab118c1f5142e9e8ae4e57d89d9

    SHA256

    638c3b2e9b423debf6b654223f335ecbf1d0eff2e41673d32391267a40eef0bd

    SHA512

    df9422375eae334d55ade562f919e291e420def9aef5e981a16b908a7d8c5ee8b65a15dd2e963f3a9dde8005b42a0541b909661a918862f5a8e5559f800a5a16

    Download Submit