Analysis
-
max time kernel
3s -
max time network
151s -
platform
android-9_x86 -
resource
android-x86-arm-20240910-en -
resource tags
-
submitted
31/12/2024, 22:02
General
-
Target
b74ff906b2d2b3fece254bcdbf1936894f2196eb447d6c83c380f281354d2a85.apk
-
Size
1.5MB
-
MD5
818d49b568784a0caecdb174d461d38d
-
SHA1
96a638e8b4b11a41d5b32e2a1026b39323eab6ad
-
SHA256
b74ff906b2d2b3fece254bcdbf1936894f2196eb447d6c83c380f281354d2a85
-
SHA512
a7ed45a862cefef4be41d8e4d6a614e243826a702f6aac04d2c00d99a9d6b193f6dbb0cc4b7f5ed42c5a4abc10d2e695f3e3817ff24f79e7c6d930fd040750ec
-
SSDEEP
49152:dGvRcaUfqKKeIw5cC6GiXgHTVgJ4FVQmfGYczwS4ovrEjY:O+aUqeIw5XgWSJ4FV2YczEjY
Malware Config
Extracted
hydra
Signatures
-
Hydra
Android banker and info stealer.
-
Hydra family
-
Hydra payload 4 IoCs
-
Loads dropped Dex/Jar 1 TTPs 6 IoCs
Runs executable file dropped to the device during analysis.
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes
-
com.grand.ftx1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/obb/com.grand.ftx/dp/classes.dex --output-vdex-fd=43 --oat-fd=44 --oat-location=/storage/emulated/0/Android/obb/com.grand.ftx/dp/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/obb/com.grand.ftx/dp/a.a --output-vdex-fd=43 --oat-fd=44 --oat-location=/storage/emulated/0/Android/obb/com.grand.ftx/dp/oat/x86/a.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
157KB
MD57ddfe6a2bb4d6ad2b0482d6227e9c74a
SHA162633e333bb5e6604e8b8746a28bb5fe48ee5659
SHA256246f931d655ac64027dded7bf485a96d9efa40712c02fe989ae61e4906d0ac7f
SHA51283b75b2a963baa3b191a5fad47b27d1a7450a9527f84e63e74e33f842add224dbd8f5abf81e49df235fe79459940ab17cee87317456d008541b5c914dec75042
-
Filesize
2.2MB
MD5e9ef45109360c3deb5ba1be878fc80dd
SHA1c40a8d97f9b1f3c8f73fe64bc441b0aeb6e289ee
SHA256826678b2c342d10e1f37f1fa4bef1a23f2a5e333a134eb9ee28bd87c4fcd622a
SHA512704b120d7224780b4de3e61bcc7398a9f73ff268233d5a86129741ff83187b5ba1825f4a86408a2ef6455cbbd5c0f33aee7484bc9c3528a3a6ea9a203f54905c
-
Filesize
2.2MB
MD5f3a021c07a88bbd1de6dfe1302ae175c
SHA1342c357b8623514d19e3b77105bfab1e4a782fa9
SHA256c0e94e7a9a5eadfe630a54c29513467f0274d9d3d4b93f3087d4456b73b4db4e
SHA512c598c755d8293e47c7e1cfdd589abf466b291188cbbddf3969aaf4474ea44fe690dc388fb1c2ea5937b15e429f57f71ed7116c251f4bfb1cb0656215756a6952
-
Filesize
68KB
MD596b05aa0c7699b30448a7d08cf119e17
SHA1d093a32e7e486b4dbadf9fc874a5ca01dcc0db46
SHA256868bc5a001941bf163c9221272b79c7e7d8405533e7f892a3fbba30ac63bf65f
SHA5120b262c31d4aa2e5d83c0fa6fcabf46aeaf93d3f2792450f0ff3acca5dc0634d61d5b80925b22ae08bd473e09c6b69336aa7e53013093b056af4c396606a04866
-
Filesize
1005KB
MD586a47e2193f808ae35d3addc8bcda134
SHA1c2562c5d5173db00d0da923ee9bef22fdf6c7507
SHA256732d77234b993d087c81fddf8c5da66703bbb67d00227100b39d12709d5dbfb0
SHA5127a0f0e9f443c054983a15c359b303591a564799ac7616ca1ccbf3aeefeb78104aeb2409d64e984dfea0bda97a97d27aa25ca2f59e8719917d8e1245d91476a1e
-
Filesize
963KB
MD5973f67c62dd08ab6baff8b0db3d56c16
SHA1ff4e61ca69c730f9aad76a9646014f63ce81ee60
SHA2569de6fa05cd33d5681d53ab9558ab8b697d1c4b13017b29b3e8f3aafbed9bfcd3
SHA512dfa5dc918d7700cae4ed463a83a022a91df5b55e6784e21c3649ea7b52fe6a1ecedc48a34871e3525c300c23707df63f19792dc8518dfd31b25ce02981e73196