Overview

overview

10

Static

static

6

5e6ee98bda...e9.apk

android-9-x86

10

5e6ee98bda...e9.apk

android-10-x64

10

5e6ee98bda...e9.apk

android-11-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    160s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    18/03/2025, 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5e6ee98bdad3c9879ef56575c41c4b53e297fcad3a715995f71c9dab950d5ee9.apk

  • Size

    4.1MB

  • MD5

    029afcf139402cb4e439691ed204cb3a

  • SHA1

    a53a8d4b6ee0db0012a3daccfa7f4fb68a69f325

  • SHA256

    5e6ee98bdad3c9879ef56575c41c4b53e297fcad3a715995f71c9dab950d5ee9

  • SHA512

    f6434e125504cbf077d9ee215c064d1eb49d445ee096dcfa2d1d6d0a766881a7a11acd9bcf01e6e7b956fec3e0ebdb21876ec8eff24ba9358e215ca868ea99b9

  • SSDEEP

    98304:WCSqVBWfnWMy3KiALMXGv5d6gGVbpz6vyFb8bLdR90voZulQaz9E:WCSq7WPWMy3TALM2ociN19E

Score
10/10
hydrabankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

hydra

C2

http://fajasdklfjds90932ldkfj920ldsfadsnfozvabozsnerdasa.cfd

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra family
    hydra
  • Hydra payload 2 IoCs
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery

Processes

  • com.sort.minute
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Reads the contacts stored on the device.
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    PID:4840

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.sort.minute/app_satisfy/MOA.json
    Filesize

    969KB

    MD5

    e0f1f86fb0587b18f168d7f40cf51e0a

    SHA1

    138ea71dc78928a2443006c8e64b9900c07b593b

    SHA256

    77437ad3c1b1d48a66be3b53ec89b5bd924ab34384224bd0da72f959967462b2

    SHA512

    9169761d6b05d3feef9fc85288652ea836aa9ebe6150ad963bfc36ca24bdc8c8f14679e5c9b9f672c5d683420eb28d355828d2e73077e22baafb79c2b8d09d83

    Download Submit

  • /data/user/0/com.sort.minute/app_satisfy/MOA.json
    Filesize

    969KB

    MD5

    22f4c699bca5efa737506af5b348055b

    SHA1

    9d0b1e6257583a3bf3dafcce5722a10fdb7fd4eb

    SHA256

    6cc6a8a9ebdd8719b95e3f9fda9a7c26867bf0a7fe3241ec719e04f6a060af19

    SHA512

    d5a370b70410305a31184205cbaa3d2ff3e549b31eb4065b3257fe4c56da903a3f31064675a57ec7fcb2d36d17c44cdfe3124e6f56ba5279d67267e5b799a16e

    Download Submit

  • /data/user/0/com.sort.minute/app_satisfy/MOA.json
    Filesize

    2.2MB

    MD5

    596ece6d89b6e800cb108ff3bb2138bf

    SHA1

    7594af048fa5bb0b5385cb953e79c3fe46773114

    SHA256

    e5aa076fd71a1784ff54191a8ca2b8a58335601ac825936782650242221870ac

    SHA512

    aabb9b49cf442ba84aabff249b6022195a2a7ab3157cd1562ea20e19dd89bb3adb7e84faf078ab9fb96d9dbf6b4ce0ff5c7d92ef071d5a2cff3ff9c96249e931

    Download Submit