Overview

overview

10

Static

static

6

80b3f01ac5...09.apk

android-9-x86

1

80b3f01ac5...09.apk

android-10-x64

10

80b3f01ac5...09.apk

android-11-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    161s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    18-01-2025 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    80b3f01ac51a6ec4f2d7e11cd72cb303b5ac9c98308cb3424cc1c9cfd0cc1d09.apk

  • Size

    4.5MB

  • MD5

    a13a0a82932d8b088aaeb396fb0dbff0

  • SHA1

    d2753b59c297536c432a12dbcf59bc9a32ee63dc

  • SHA256

    80b3f01ac51a6ec4f2d7e11cd72cb303b5ac9c98308cb3424cc1c9cfd0cc1d09

  • SHA512

    4bbc1ceb848703238a295576055126c1dede5096040a12edbe8749a0e1a8ad7afe699bf1fe2a214bdf2a7b9d6cdea356593e55215c94fdef2581954135303fc1

  • SSDEEP

    98304:KeYGGBavlNTNEGimhiRon9KqzTe7ifNj6LXBURxytvxVrwBY2Us:KeYGmavllNwkB9Ne7WNj6LXiRxyb1wBf

Score
10/10
hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

hydra

C2

http://waehwedbosntonz30facezconiboesd12312sergag.com

DES_key

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra family
    hydra
  • Hydra payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery

Processes

  • com.zqjtgzarm.jqrjbmbsj
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Reads the contacts stored on the device.
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    PID:4788

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.zqjtgzarm.jqrjbmbsj/app_apk/payload.apk
    Filesize

    974KB

    MD5

    3baeaa766ea7f31a9147208efd957c75

    SHA1

    c701de3d0e55425394ccbf8e0967639e86f3c54e

    SHA256

    75e162dc291e15d13b0f3202a66e0c88ff2db09ec02922ee64818dbddcb78d6d

    SHA512

    9f3ccb1fc9a177524ba2d39f809be4851af385073463893bd4a8664308253fc0da2b9ab330c85675dbe9ce0c44b631a0d1ec7800491687c7b2540504b351295f

    Download Submit

  • /data/user/0/com.zqjtgzarm.jqrjbmbsj/app_dex/classes.dex
    Filesize

    2.7MB

    MD5

    71e628d8f95c11e143e5b645fc74bce6

    SHA1

    0f100870f00f5684fe4beaaa1a0f128f2d441494

    SHA256

    6e014553faf9c0bb2ebd64633522ca04ea33531a5a4cd1a37b085e0cb3154800

    SHA512

    f991702c3a573843f6370b9e2934f7f0488915da23fe6a6b8e42d45cebf2f3b29c549abbbeed19970940efe85fa1f3fc589f557bbe247a4d25a1f5ec5ce5008a

    Download Submit

  • /data/user/0/com.zqjtgzarm.jqrjbmbsj/cache/Qg3adw2CpmSHwj59qrSgHGA9mVSkpmKkIJmNakGa.zip
    Filesize

    68.8MB

    MD5

    a3461053ca60edd770109fcdf392ebb6

    SHA1

    30769f693cf7c8658aa9b0e415eafd3c7928f014

    SHA256

    d95e9a009d64a3c0d9667c9e527256da3319904164ce28f360c0e3ee384f443f

    SHA512

    fa8137299a18a7237ae66288042e5ccf4d6ba9e786cae8f6a1ea8eeba60a1190e276cd9f667bfe7957177ebfd77729852fc5585f7d5451bec732b43be3b68bcf

    Download Submit

  • /data/user/0/com.zqjtgzarm.jqrjbmbsj/cache/classes.dex
    Filesize

    1.3MB

    MD5

    4cafe8c2c6dd74d036b2dcad6f878c43

    SHA1

    1eda52e9554f2ecb8f43df01521c5f0c0cb0a8fd

    SHA256

    c7d82d75d274536f86bbff879abd898d631127fe391ffcc534834a7ed6817fda

    SHA512

    95e1de73a3a7eb0f56cd2032aa009c92044c84e29ffe5b99395bc809410f9fb07d721061fe8cc3948d8b42eaae162297028a193249c8c0a300a00f52d74cc80a

    Download Submit

  • /data/user/0/com.zqjtgzarm.jqrjbmbsj/cache/classes.zip
    Filesize

    1.3MB

    MD5

    2cb70b31197da01f8e3add72b19a63a8

    SHA1

    2501038d369eb7fdccfa54b4f118f7ac29b6533e

    SHA256

    3afede23b5fa8faab1dc26d613b14a313fec38346344d92fc9d5b7321b704f5d

    SHA512

    f5988394dd5564b0686f7d30318aa2e8db9a17601a8fa2b0a21b5569e736388af1e6a7995232218d03f8546962903f2f6052c7cf1821c267515e451578116617

    Download Submit