Analysis
-
max time kernel
148s -
max time network
151s -
platform
android-9_x86 -
resource
android-x86-arm-20240910-en -
resource tags
-
submitted
25/03/2025, 05:53
General
-
Target
a0de1add961f3a9bf6e2e391489fdbac244932352421055f23f34c93c82b8856.apk
-
Size
2.8MB
-
MD5
ffce59f44fe794ceb53c215d9c8bd17f
-
SHA1
0782156341937276c0883946f91187e2e2c34c86
-
SHA256
a0de1add961f3a9bf6e2e391489fdbac244932352421055f23f34c93c82b8856
-
SHA512
8558f92dd5a7238c87277db05dd537b8ecb26a314dbc0483478bf1cf0a251a2d4cb044ee4347d766293d273ca89a05f6d7aa9bbfe5567aace682b3a0640b71b3
-
SSDEEP
49152:eiX2WbGBGsuh5+nNj2iKqJCLmTonXh6GpsS5Mt1dtX8COcfQ6EzwTL8D9IqtdYew:eiXTGB6wRkqJCLdXh6PSK7rX8qfQ6uqJ
Malware Config
Signatures
-
Hydra
Android banker and info stealer.
-
Hydra family
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Queries information about active data network 1 TTPs 1 IoCs
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes
-
com.njzbfugl.lzzhmzl1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
343KB
MD5d9a3145475e5a2beb2a42110177c9777
SHA1e7c3aca1393dea0a30e38852ea2e609d5476c0a6
SHA256a66ce7c9bc4c2546e9fcc2cf4c8b49e424943a8fa1f8e8ab08de5eaa5567d17c
SHA5126116180d70633315ebc50ea232a69826ebe475553adcaf985a19228c1b513e3e0edf1d84135d768a9215c633e26289013c95df686d503d540e67af399b15e7d7
-
Filesize
817KB
MD5a1327adc60921f6b8644d55372a9f160
SHA1f34f8da2a14e1dde904fb632343ccba8c2c5c627
SHA256b32025c87c94ad0ff3a42f51268cf54c78fc72f4a82036477c608e6a71978a35
SHA512022d5cc0168db596c66ec7fb7d3d32ec060c034601babfe7cb44099b002e1b98f96b344ade2a7de51facd297fb5082157309f9f005f713f32af8bdad8d53b6fe