Overview

overview

10

Static

static

6

60c52bd2d8...e8.apk

android-9-x86

60c52bd2d8...e8.apk

android-10-x64

10

60c52bd2d8...e8.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    19-01-2025 22:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    60c52bd2d8653b28dd0c5f182fd6da55214b8d190f82c4a5cf0eb1870ece4ce8.apk

  • Size

    4.5MB

  • MD5

    9100b1c97917abfa8853a2bc3133d715

  • SHA1

    b8d9cae0e845b39e82bee0f2fa2bc3320fb37e07

  • SHA256

    60c52bd2d8653b28dd0c5f182fd6da55214b8d190f82c4a5cf0eb1870ece4ce8

  • SHA512

    e18ab3fbe7b718755145f21a2fb5854732b0aaeec379909318f7c55902c221bac420f799dc79e832a62c55c0c412dc0512c517ed54b07c5a492031aed37a3a52

  • SSDEEP

    98304:o7d7DYba8bhSRy7Z9zQIx6KiJTt1ZL4bExHEJG8VXs/h:G0bL9z/xn4RjywHEJvJeh

Score
10/10
hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

hydra

C2

http://ayfilopconbeydolcaneydozpahped.com

DES_key

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra family
    hydra
  • Hydra payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery

Processes

  • com.phlkcuegw.plhaapglu
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Reads the contacts stored on the device.
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    PID:4770

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.phlkcuegw.plhaapglu/app_apk/payload.apk
    Filesize

    974KB

    MD5

    3baeaa766ea7f31a9147208efd957c75

    SHA1

    c701de3d0e55425394ccbf8e0967639e86f3c54e

    SHA256

    75e162dc291e15d13b0f3202a66e0c88ff2db09ec02922ee64818dbddcb78d6d

    SHA512

    9f3ccb1fc9a177524ba2d39f809be4851af385073463893bd4a8664308253fc0da2b9ab330c85675dbe9ce0c44b631a0d1ec7800491687c7b2540504b351295f

    Download Submit

  • /data/user/0/com.phlkcuegw.plhaapglu/app_dex/classes.dex
    Filesize

    2.7MB

    MD5

    9eb8aa3044db39953c7e17804be37d18

    SHA1

    955e8f8db4c09c6f6d45dce5c6ea78f27d0e4fad

    SHA256

    4e17620058b30a59ca30a55cbad977a959bac3121db7219199e5239b5af5d2b4

    SHA512

    b969fdf66cc4a2772281bb7504c7dbadad1b23346341e3c62c51a6c4781267a7dbe4170e3d1c3726eb99ff6033a1ac61003de811b62060dc467464ef605c47c7

    Download Submit

  • /data/user/0/com.phlkcuegw.plhaapglu/cache/Qg3adw2CpmSHwj59qrSgHGA9mVSkpmKkIJmNakGa.zip
    Filesize

    14.6MB

    MD5

    4db835dabc82a2191de74e21696f8aab

    SHA1

    9d5dcf5e4acffd542d1402b73a8253255f660e2f

    SHA256

    b9e8fd09760385b993e972a78d46cb90bfdef89d4c8587a6fc4b9a3ea6cda250

    SHA512

    84b37601f5730f8a5090ea8adced510dfe202d18278a07f29b22f8e7562c2067c469d16ad9db2119bb4a0a58578f4cb85ec9d0e173e630649dbe67b253ea27a0

    Download Submit

  • /data/user/0/com.phlkcuegw.plhaapglu/cache/classes.dex
    Filesize

    1.3MB

    MD5

    515a214906ea8239d2a835c63b3e3b56

    SHA1

    01f68ebdb1cfe20b25f9536c0c7dc42d7197181f

    SHA256

    e24ad63b11ef1a3f8727ad066a8766ab88e041d7eca90c95dde0be5a3367fba2

    SHA512

    14df3ba673a94fb787290a11adb5d0010746c435cb99748987a7aaac04d97627845f231d616d62a98bb4eecf218f5a2f7eb05d82ef5f775c478c8f094146af28

    Download Submit

  • /data/user/0/com.phlkcuegw.plhaapglu/cache/classes.zip
    Filesize

    1.3MB

    MD5

    906858f8a3cdf7e518117424800d4a4e

    SHA1

    add8d86ef2345a96913181d408adbe0fcc72a997

    SHA256

    7e46e01c28a07decfe522b96a326669ebb81bc46683d230ed2e264f29b034791

    SHA512

    ffc8cae9d655442fbab0bd22180387821e9db6ed70a0ab72e02fdbed723b7d2d7d8c859b6df9801b3a393763ddf29312ffd5d789a4ef8cf30c17ba4a4eb2a1bd

    Download Submit