Overview

overview

10

Static

static

6

b458c9bf77...5e.apk

android-9-x86

10

b458c9bf77...5e.apk

android-10-x64

10

b458c9bf77...5e.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    14/02/2025, 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b458c9bf77acd946498ed188499473355209ed0933e8d4a5f19d7c96651dbd5e.apk

  • Size

    4.7MB

  • MD5

    f04cc2ed9ab07ad51e12a1574b49e5d5

  • SHA1

    7eca6f09c6a2add92f18ebfca0a076bae6196c82

  • SHA256

    b458c9bf77acd946498ed188499473355209ed0933e8d4a5f19d7c96651dbd5e

  • SHA512

    7b14d305e446097898cea430d3f1d1d9b9c4691ffe12301c9353340af3b0e21ad2c29df08f5d56174f9ae6cd6f7d29ca3a4963435a80a18384ef16d1ada256ba

  • SSDEEP

    98304:t5n5fryzzBvv5eFiVoBmiaK7ByNbcCnWlxgE2wwFJNGApqzC:z5TyzNIsuBmihBy9cuwC

Score
10/10
hydrabankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

hydra

C2

http://das123sdvvb-23sd-123asd-123xcvb-asd123-sdad-ae123-e-ee.org

DES_key

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra family
    hydra
  • Hydra payload 2 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence

Processes

  • com.hrkdpfkvq.ykwjixvpu
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Reads the contacts stored on the device.
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:5059

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Credential Access

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Network Configuration Discovery

2
T1422

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Protected User Data

1
T1636

Contact List

1
T1636.003

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.hrkdpfkvq.ykwjixvpu/app_apk/payload.apk
    Filesize

    974KB

    MD5

    3baeaa766ea7f31a9147208efd957c75

    SHA1

    c701de3d0e55425394ccbf8e0967639e86f3c54e

    SHA256

    75e162dc291e15d13b0f3202a66e0c88ff2db09ec02922ee64818dbddcb78d6d

    SHA512

    9f3ccb1fc9a177524ba2d39f809be4851af385073463893bd4a8664308253fc0da2b9ab330c85675dbe9ce0c44b631a0d1ec7800491687c7b2540504b351295f

    Download Submit

  • /data/data/com.hrkdpfkvq.ykwjixvpu/app_dex/classes.dex
    Filesize

    2.2MB

    MD5

    9589a90372269c261a04f38a87c2a89c

    SHA1

    0a1d5c84db447a8261912b267d6a43d796ba9af5

    SHA256

    eb5ea280076d8ffe149c9d1ddd55f26a3e1dba6ca5c94550fbef6d6610a51cff

    SHA512

    891e35ac035abaec81f2c9405a36073b76f8ef97d0f6143f164129324c03e89e7ec882b225f9ef0cbfce4befbe877c921c6a79406c45710fb2d9e13807326e74

    Download Submit

  • /data/data/com.hrkdpfkvq.ykwjixvpu/cache/classes.dex
    Filesize

    972KB

    MD5

    827431ec70a0202a198d0c2b0ba94e6e

    SHA1

    982df4740110c7232686b8004239744f21ab07bf

    SHA256

    3ac11b193e59f0356b988c9c3fffe1137daef3c820cda0d7d8471b392e8d4847

    SHA512

    c515f08d5824d0f33e3c783c7a8d3a403f30f75c56c270ad5bba3fcad41c02f89731bade2edf31176cf2648a4085e35ad24a823543f7c152de26cc0569861db0

    Download Submit

  • /data/data/com.hrkdpfkvq.ykwjixvpu/cache/classes.zip
    Filesize

    973KB

    MD5

    c287b899a1edb4583234ba1c7c0cc73b

    SHA1

    fe6029420402ad82c7eee6ac512f3ba10886f81c

    SHA256

    0b7e3485c5e7f99315ff5a91d125b7d1621625b55b5ac20260f9b37db4a73b95

    SHA512

    dd5d266098fa122f4dfeda5a5c7be05b9250a114a8994b71365fe5c89ce4408eed1e767fc68fa64f578b581effcc7717c45b3b3f16c5abb496d242967b4943e1

    Download Submit

  • /data/data/com.hrkdpfkvq.ykwjixvpu/cache/x41bisfTMKrsQCxvJgn9Dm64yPIElwD8H8NZGzsu.zip
    Filesize

    2.6MB

    MD5

    959ee961a175c7c3c17e4d46484c8aca

    SHA1

    e954a6b626be596731a5224206587ba7fe9057d1

    SHA256

    af520bf332b1ae1278012da968dcb4c441e80df58ce15ffeefd160bdbba4ae63

    SHA512

    ab87ee07e89d07e2b80fdc7d6d97716f8eea10691ba6298ccaa9e5f1ce60bae5689779cd511a53ff22481f588081ef70a74912b414091c2b010ee7cdb80de104

    Download Submit

  • /data/data/com.hrkdpfkvq.ykwjixvpu/cache/x41bisfTMKrsQCxvJgn9Dm64yPIElwD8H8NZGzsu.zip
    Filesize

    672KB

    MD5

    354a26203cce89108acedf7e552437d1

    SHA1

    3b662e85bf676be65310acf6d5dd364d6a25a215

    SHA256

    2acb1e4bb60b8fa650b1316b1f4233ad75ae6a67243a16c994ed75a013131d28

    SHA512

    a2f0b4c3f0cc709a51e6a58d18bdb1395994aa2a61d39458554e7d1720887d74af5c86a31e6178432e4408718fdf99a2f465f54d5539cb7cfc8efc5075533de7

    Download Submit