Overview

overview

10

Static

static

6

1328b562a7...6d.apk

android-9-x86

10

1328b562a7...6d.apk

android-10-x64

10

1328b562a7...6d.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    21-10-2024 22:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1328b562a7fcc4619ceda3371ed0d621ae9eb93d9e9977bc0d2779c92d8f536d.apk

  • Size

    4.4MB

  • MD5

    d74186c6f179e74153a5463cc7ffe970

  • SHA1

    3902056e54d43c026809da137c86e47d0c08ceb9

  • SHA256

    1328b562a7fcc4619ceda3371ed0d621ae9eb93d9e9977bc0d2779c92d8f536d

  • SHA512

    e1d45831e959df431ef90e614de1c261efe566d8c670bf1d61eda6a8a96667dca318103d889e8052e5aa0e6da44e36c153b7c5494edcecbba91621f6ab4de270

  • SSDEEP

    98304:zqeqS/mh/Y4vcT0G3vsjMP4zpL/0CcRHDUwOQ8gdwuVO2:zqeqS0N36Rqpo3cGe6

Score
10/10
hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

hydra

C2

http://halukdari.com

DES_key

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence

Processes

  • com.afzrpnvnc.vhhhrvset
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Reads the contacts stored on the device.
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4312

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.afzrpnvnc.vhhhrvset/app_dex/classes.dex
    Filesize

    2.7MB

    MD5

    3dfe9e20bcb7ab3a89b6e648feaf4120

    SHA1

    f504a67e6babfc1eece7b69d7db2c8ff779ff229

    SHA256

    e364d7d97d4659b598ab7fcd3cdc244039eeb12b04e5481ca80f9c4c0394a8f6

    SHA512

    36434252c5a13d3827e9ebeaed004a710a545ae49f941df57c4e6b30dffb341d39b3e22fc833c0245ef7ec3abee39969dba88d542297861b770f02321ab4474f

    Download Submit

  • /data/data/com.afzrpnvnc.vhhhrvset/cache/classes.dex
    Filesize

    1.3MB

    MD5

    d614b007f1a41cd1f3963f9b816d0105

    SHA1

    07a66b80c38c9330ad0235a405e763396ceaf6df

    SHA256

    721b5121811f4af1002d9f8953368468e6a1b664cf3df559b90b10b489ff3d98

    SHA512

    4e0f40be2e6da33d3fa6e6fbc70acd6bb5fc0bd4124227fc9c7f75dbb26230211d730001948f48b760276dbffcf798c84a5329902a35f1a5e829eebc796e23cc

    Download Submit

  • /data/data/com.afzrpnvnc.vhhhrvset/cache/classes.zip
    Filesize

    1.3MB

    MD5

    3eb8aae01aedefe0094ec35808b434e8

    SHA1

    ce99029c30dadc325f12b75497bbc91833d200a9

    SHA256

    cf40578e7dc7337bf4dd134d30b921a70dd6081d114d7d9624d10f0056d4434b

    SHA512

    b886687ee3d97d35af47ec4ef5600c075dbe8db98cb279550e97dfaf45194c998cf5439eff85d7c3176fe4eadacb62b487790ce0cdf788bffe20babbb74ccca9

    Download Submit