Overview

overview

10

Static

static

6

e80cb43578...87.apk

android-9-x86

10

e80cb43578...87.apk

android-10-x64

10

e80cb43578...87.apk

android-11-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    149s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    25/03/2025, 05:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e80cb43578f6a8b2ded95c8a2e86076f3661d60e2f18ebd1f094308e1d593c87.apk

  • Size

    7.4MB

  • MD5

    9326a01f58049dcd9947e91c71972fba

  • SHA1

    6686eec12836e010a929df0df3ca87b3d718d348

  • SHA256

    e80cb43578f6a8b2ded95c8a2e86076f3661d60e2f18ebd1f094308e1d593c87

  • SHA512

    7e1a4a26b384b5c611c6927ff5176fa9f75a6ce7488bfd080b7ea461dad7a54a4267f18d11d826de33fb85cde609824350b41ea59b730e116424397e4d7b3a70

  • SSDEEP

    98304:qKkDrOhNgdgC6j6DhdkFjVddWbRIdymNQn8ohd+rnR7Qw4Z2k7Aa3k4uHrLWOgud:kDahNBC6WCNZyZhd+tO7hDtMkuY6fnBv

Score
10/10
hydrabankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealerpersistencetrojan

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra family
    hydra
  • Hydra payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 28 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence

Processes

  • com.donor.festival
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:5237

Network

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.donor.festival/app_DynamicOptDex/mJDPd.json
    Filesize

    5.2MB

    MD5

    fbd922d641725f6eb36f149105c4e181

    SHA1

    96ec4a009bf356aba9cff46fee72f85b9b085ad0

    SHA256

    2bcf991578325442b0a24759ab70aa0aab5de540a7e4930efae72fcc936a4cc6

    SHA512

    bdc5f047fe4aec5c89e3d7cfa8a1fb09a8388442570042344055054f473601d3a85a20ff797ac030bf190ba99218e83c1494f9e5802e9e67112a1ec7fd650f89

    Download Submit

  • /data/data/com.donor.festival/app_DynamicOptDex/mJDPd.json
    Filesize

    5.2MB

    MD5

    99f6b6d85f85b8b6ce2d16a7f129699b

    SHA1

    1c3e3a79bc14b8ce3e4e97914406714a4e572d8e

    SHA256

    692a081dc59ead724bc04cb2d4f35b749de793b756bbcf34d9890aaedc59e51c

    SHA512

    4b1477f9d19215cc3dd245dfb4570120127ac08d286b1ef098202cae6a604eb433bfdf126487c66a7f59d9d2b8db272459abf0c728c31fb3dc0e217f7f3b778b

    Download Submit

  • /data/data/com.donor.festival/app_DynamicOptDex/oat/mJDPd.json.cur.prof
    Filesize

    1KB

    MD5

    9377079364dfcae7bd3246c029032573

    SHA1

    994f9204accc01f36c864023a812439e96109071

    SHA256

    a66f92fa3ef28e6832d4884a3f1185f63a8f4a2bdf78d14cb9b23e218521639f

    SHA512

    1e63d73d6196cbd78e91b1b0bf6b591dbc58d2d064a0099982414ce011f0ee528e5a195623e9230f9e42f7f6f47ef54838c7442387da9ab663d82f42f979ed18

    Download Submit