Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
2494855s -
max time network
48s -
platform
android_x64 -
resource
android-x64 -
submitted
30/08/2021, 01:35
Static task
static1
Behavioral task
behavioral1
Sample
54837_Video_Oynatıcı.apk
Resource
android-x64
0 signatures
0 seconds
General
-
Target
54837_Video_Oynatıcı.apk
-
Size
2.3MB
-
MD5
cc35c497b11ad865cd6e601847936d4f
-
SHA1
1041180f91a03e7b34cb13e0f582a88a43d5a02f
-
SHA256
c594e0edb7612d5ee07697951429851c9b5553e773add50697a4395227e5ce03
-
SHA512
4cfe56006e422e85fb224e4f12a081ee76c1296ee26245c92de4a2f0a0a43440a4ac395a3d58c4a9d1f7310d8e4871f0f7799b00db97315049376936615beb39
Score
10/10
Malware Config
Extracted
Family
hydra
C2
http://leannavelazquez6.xyz
Signatures
-
Hydra
Android banker and info stealer.
-
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.apborlcf.zjvczbg/code_cache/secondary-dexes/base.apk.classes1.zip 3643 com.apborlcf.zjvczbg -
Uses reflection 3 IoCs
description pid Process Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 3643 com.apborlcf.zjvczbg Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3643 com.apborlcf.zjvczbg Acesses field javax.security.auth.x500.X500Principal.thisX500Name 3643 com.apborlcf.zjvczbg