Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
2031835s -
max time network
136s -
platform
android_x64 -
resource
android-x64-arm64 -
submitted
24/08/2021, 16:58
Static task
static1
Behavioral task
behavioral1
Sample
85106_Video_Oynatıcı.apk
Resource
android-x64-arm64
0 signatures
0 seconds
General
-
Target
85106_Video_Oynatıcı.apk
-
Size
3.2MB
-
MD5
a69b063e1e864e17a29a9d28b3e41531
-
SHA1
67aeb5e5033516434d2c111e35104130d834953e
-
SHA256
182252ae86aae33b4b13b824357bc02218e94ae8daaadb69b85101c08e74773b
-
SHA512
7d14318dbd9f5ad3ebe35e51e83f223b4455cdd379847c7f9dcf4a3045bb420fb41cbe67f51a111ce27e33af362a0a07603804d37356977f4e9c3cf4716f42c2
Score
10/10
Malware Config
Extracted
Family
hydra
C2
http://maddisonmill35.xyz
Signatures
-
Hydra
Android banker and info stealer.
-
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.uqmzacie.uodnfwy/code_cache/secondary-dexes/base.apk.classes1.zip 4509 com.uqmzacie.uodnfwy -
Uses reflection 3 IoCs
description pid Process Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 4509 com.uqmzacie.uodnfwy Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4509 com.uqmzacie.uodnfwy Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4509 com.uqmzacie.uodnfwy