Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
896593s -
max time network
157s -
platform
android_x64 -
resource
android-x64-arm64 -
submitted
30/09/2021, 06:40
Static task
static1
Behavioral task
behavioral1
Sample
94270_Video_Oynatıcı.apk
Resource
android-x64-arm64
0 signatures
0 seconds
General
-
Target
94270_Video_Oynatıcı.apk
-
Size
3.8MB
-
MD5
9f61cbbc07215bdd03fdaf853844b911
-
SHA1
92150d3e1b04bff5e1d2872c52822d0b361edb84
-
SHA256
cfd3f39dacfe9d64b5925eb639d1a87246df01f85c9609caff48de170092f5e0
-
SHA512
64d70bc091c9136fd0d7bc5ee9dcd031d2dbb4cdbf5475ae7ab5eb5cde4878ecd5e51edf1e70e7f6a7fbacd5a488880fd07e167f91b7e6a560cc4fcb507d37fa
Score
10/10
Malware Config
Extracted
Family
hydra
C2
http://lolamaefarmer5823.online
Signatures
-
Hydra
Android banker and info stealer.
-
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.oouuegza.cxtopcv/bfajkkcgkf/gidkUcJyjnnabff/base.apk.ywafdfh1.vJg 4285 com.oouuegza.cxtopcv -
Reads name of network operator 1 IoCs
Uses Android APIs to discover system information.
description ioc Process Framework API call android.telephony.TelephonyManager.getNetworkOperatorName com.oouuegza.cxtopcv -
Uses reflection 3 IoCs
description pid Process Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 4285 com.oouuegza.cxtopcv Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4285 com.oouuegza.cxtopcv Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4285 com.oouuegza.cxtopcv