Overview

overview

10

Static

static

6

3bd89198a4...82.apk

android-9-x86

10

3bd89198a4...82.apk

android-10-x64

10

3bd89198a4...82.apk

android-11-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    154s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    15-11-2024 22:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3bd89198a415abc6de842e82a422a3819dc26ed84e570c98910dc6705efba682.apk

  • Size

    2.9MB

  • MD5

    fb1d3d89bfa11dfd4017f28fca3a26e3

  • SHA1

    a17278137e64b9b376a52d8ef9f42c2990364a7c

  • SHA256

    3bd89198a415abc6de842e82a422a3819dc26ed84e570c98910dc6705efba682

  • SHA512

    b0b5a02f5381ab4ea2d0f2fe8997b05c41fc97a11fa585f41f78ab01cc790140365998bb3571c2ab3d62c187abb910b8a8f46dbba3a75f52bb94baee5359704b

  • SSDEEP

    49152:Ey7JQ6guM1JGiurriuDxkHd1jdMfgwcILqp5+fL7NCOmOLVfSmQ40LDeqVOpN2:37JQ6gf1JGiuBDxkvizdIMBCYLxQ40/f

Score
10/10
hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

hydra

C2

http://cioroapapoldoapolawe.org

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra family
    hydra
  • Hydra payload 2 IoCs
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 15 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence

Processes

  • com.test.despair
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Reads the contacts stored on the device.
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4999

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.test.despair/app_DynamicOptDex/XM.json
    Filesize

    1.6MB

    MD5

    2be958ccef8fb2a7082075fe10c76c20

    SHA1

    0c12a61d32d4f9b5ea996b08dc790875683d3e37

    SHA256

    fe589a7ed53d6f0befefda2bc439409789ebd8b67d7208d6eb8cb433955bd870

    SHA512

    9f211e1affd37dcbdba59d6da7b5745207c230aca099cce12cc288a8585eb9fa1c80e2d98cf3da6330ac33747c7c35dc4f5fda96f95af9a156a95c3b885e47cc

    Download Submit

  • /data/data/com.test.despair/app_DynamicOptDex/XM.json
    Filesize

    1.6MB

    MD5

    f94417b1a5c34abcfca9edb4bb7cf2d2

    SHA1

    6abf11e0e8771bd1cdaa2c90f2adab7817e391a3

    SHA256

    05335a6c6ddb8289adac9661d9f5848fb737de1231cc4f6ce32f0d39fbca408c

    SHA512

    3c094a0aacf62d85fee2bac8c25eb933f334c60e4f16ff86ffb7cb42399b62a8c0cb358d60b6209b5902495db58474a16501c995e9ee73c594cce759484b789c

    Download Submit

  • /data/data/com.test.despair/app_DynamicOptDex/oat/XM.json.cur.prof
    Filesize

    1KB

    MD5

    603c0bf8044e5abf1e6efb09c970ad63

    SHA1

    600a6a5008044c4a55d424a81a3c24010c3e3c43

    SHA256

    1f9457ff462d08b99328dcc369f7e095faad7876b4150725ba61a399a7ac5544

    SHA512

    cad12e9405a32d59abfd1415f29d45fe68d2d9ef0896d9bf63e41a63c09ab71b47cd719d807df48547828fbf3dbf43cce871fc60b75fbf48d08ff314408d83c6

    Download Submit

  • /data/user/0/com.test.despair/app_DynamicOptDex/XM.json
    Filesize

    4.4MB

    MD5

    d3d49b07b35aaf5daf2c9ee5624604f7

    SHA1

    8aeecfc8e17dfb725de8eae50ec6f8fe2d9b32e6

    SHA256

    2bdb4588932674b78f9ccf5d4540cc04a71524dc7061f4ff5a37e11097ee0e76

    SHA512

    99bd23a52249f35b38c18aad5b9f4f9a3b924c4d66bbdc00409831943917b77910d253b6447a054ff89b901b719cd3c561f72ac16e3c4cc970ef872acf08cb89

    Download Submit