Overview

overview

10

Static

static

6

c4844236e8...a7.apk

android-9-x86

10

c4844236e8...a7.apk

android-10-x64

10

c4844236e8...a7.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a7a60168aaf5059e1fecaf79d56635f56f68f234e3ded68be1eac359b2d78146.zip

  • Size

    3.2MB

  • Sample

    250327-ak31caxlw5

  • MD5

    2f5ef73254099c03f8a2c8284b1b39bb

  • SHA1

    e45edd0221cfbaf03d57a59622796df81ed32c2c

  • SHA256

    a7a60168aaf5059e1fecaf79d56635f56f68f234e3ded68be1eac359b2d78146

  • SHA512

    ab20df00e32519790171c02dd8112b286350e9464c1bdc7e3631a0d0205d900cd250d01fcfda135d41b52dfcecfa2f3b54e60e36fedac1ee0b76fcedaf92ba6e

  • SSDEEP

    98304:sKGUmFurhB2s5chNKzLVTMIow3sMYciAH:eFur2sqAD5sMYoH

Score
10/10
hydraandroidbankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealerpersistencetrojan

Malware Config

Targets

    • Target

      c4844236e849260e5bd9d1a1d548c11667bc9f7c8c645c0a36180287a4fd48a7.apk

    • Size

      3.2MB

    • MD5

      9277a80e4e55c8d79db6f99406c792ec

    • SHA1

      728b32ec63f091909af9cc7c666f651767fa31ad

    • SHA256

      c4844236e849260e5bd9d1a1d548c11667bc9f7c8c645c0a36180287a4fd48a7

    • SHA512

      3b35896052c6b99c64915617c11c87fbda2c73220dfd6f54beae2432189873182a3b5a32df57e42946cd82da9124541ca515b2fd5eabc3f43e428dfbe22cf307

    • SSDEEP

      98304:v9lDx+hV/NkiLjTzUV1yLrXHWeVr7inm43W3w:v9xxFiLjTwc/B+nj3d

    Score
    10/10
    hydrabankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealerpersistencetrojan

    • Hydra

      Android banker and info stealer.

      bankertrojaninfostealerhydra

    • Hydra family

      hydra

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectiondefense_evasioncredential_access

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Queries information about active data network

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks