Overview

overview

10

Static

static

6

4902d53679...f2.apk

android-9-x86

10

4902d53679...f2.apk

android-10-x64

10

4902d53679...f2.apk

android-11-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    18/03/2025, 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4902d53679849c227912f4b8ff5f9ca81fc1eac5640768bf486b007109c207f2.apk

  • Size

    3.7MB

  • MD5

    31b668aae3cefc0dade16a28d28573c7

  • SHA1

    5b5a2b742e437afefdda5533f1ffc4a3a7f06321

  • SHA256

    4902d53679849c227912f4b8ff5f9ca81fc1eac5640768bf486b007109c207f2

  • SHA512

    f371abe68c7ce0569f1249934b99dc7c98a0cba6b5c6269ef0f97e6986394e815f761bddda100e65c2fef0db81b993701fadd60af18b10e8c0f98fdecc9bcc32

  • SSDEEP

    98304:1BTUpsYPoUz3ao1vz2Q6bA0eSEhh18Qx8092Q9ep5sq4h:1pUWczIvhxQc6h

Score
10/10
hydrabankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

hydra

C2

http://vadkedloepasdlekdqwwe123edlwegbanbemnezdoemsded.com

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra family
    hydra
  • Hydra payload 2 IoCs
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence

Processes

  • com.drink.pole
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Reads the contacts stored on the device.
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:5237

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.drink.pole/app_ice/EiTg.json
    Filesize

    969KB

    MD5

    7d6e151aea5e64de1b3d21b62dc68f8c

    SHA1

    b21f100e16eabf6d096b6f461927ab85b088a78c

    SHA256

    6def1fee8b7a28bf189d335a954dc92e9d57bdf1ee70192cfdeb331c4c990253

    SHA512

    a9ca195086cff9cd66f1c8f76a3d0de12cb029e3e63acff06687188b98164f77c56ed4e26abf79852974209a7289480ea94c70ff3b0a764c7b3fb6c2ff032bcf

    Download Submit

  • /data/data/com.drink.pole/app_ice/EiTg.json
    Filesize

    969KB

    MD5

    4a369556256a317d5c4fc87ec019ca4f

    SHA1

    d2303c6df95721d33bd0c57b2f59f0465d59e536

    SHA256

    14b191cd06a67cbb8f4f1aa99e73debd434b50c348004ad5ad6fa673f319bd8d

    SHA512

    529db678c66b06f6073a16fe79fe2b7daa6509767591224ead2664396b560eea0a2f6fb062631e27dc95c987042528f34739a6e19133b5f7f83cb75ba6917676

    Download Submit

  • /data/data/com.drink.pole/app_ice/oat/EiTg.json.cur.prof
    Filesize

    1KB

    MD5

    8b7e1854eb70214b9bfa06b2be24a0d9

    SHA1

    32ffc345a5e1eda88b6f6a66da9951c6dc570f8d

    SHA256

    5173b0eabbc1420b2757caa41df44b5fb8f7c5e42c6aa9432881303fa821bcec

    SHA512

    5bff962c275f25c6be6ea10f9e3212901600e60a08ef04148d3bce28b302fd23695e1e0379d7f79b30ca7b33d0260efbf06c9f7d10faace46600e2e562932acc

    Download Submit

  • /data/user/0/com.drink.pole/app_ice/EiTg.json
    Filesize

    2.2MB

    MD5

    03e6f036cf9c79c0390146b07de02a8a

    SHA1

    518103de9468ea660b63d1e773bc397add211de1

    SHA256

    4f8ae26496d1fbb51dada64620bcdd3e67c5812365e4148c98d00aa60ea046bc

    SHA512

    a289d4a1fbe6147cc3f6d408fc622b14322caea3023c4070a736d8e4b9fa61b4652df7ee0e7a4ba4acb467eea1a45c5b2f24c5bfd13c8b976be3f7f7a3eec72d

    Download Submit