Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

Google_Play_Store.apk

android-9-x86

10

Google_Play_Store.apk

android-10-x64

10

Google_Play_Store.apk

android-11-x64

10

Analysis

  • max time kernel
    2826612s
  • max time network
    154s
  • platform
    android_x86
  • resource
    android-x86-arm-20220823-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
  • submitted
    13/01/2023, 01:14 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Google_Play_Store.apk

  • Size

    3.1MB

  • MD5

    06cf10298c93ba089b7d6ff8dc83fdb1

  • SHA1

    75bfb5c86bed1e4fa431620163b1707e0645b083

  • SHA256

    75b693bb2da7c3c94ceb07b88ff9bee0dccaad15425e56344e415addbcf3737c

  • SHA512

    2d4508e8d563351ac1699f776b2e632cbfc5f6e967fa1a1a05b9d4098eb3a3b7e7d83400032bb44f0cc1144da1e0e1c1881e249bea9eda0ffece0d3edc7c1bb9

  • SSDEEP

    98304:UvLCmQAVcZff+/baymELAkyzjh4GwnO3WDWMgk:UumQ2cZfG/baymiAkyzj7wnOG5gk

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Extracted

Family

hydra

C2

http://aykomediki.net

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 2 IoCs
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • com.wagon.track
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    PID:4074
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.wagon.track/app_DynamicOptDex/OdyqAaN.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.wagon.track/app_DynamicOptDex/oat/x86/OdyqAaN.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4132

Network

  • flag-unknown
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    216.58.208.110
  • flag-unknown
    DNS
    infinitedata-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    infinitedata-pa.googleapis.com
    IN A
    Response
    infinitedata-pa.googleapis.com
    IN A
    142.250.179.138
    infinitedata-pa.googleapis.com
    IN A
    172.217.168.234
    infinitedata-pa.googleapis.com
    IN A
    142.251.36.42
    infinitedata-pa.googleapis.com
    IN A
    216.58.214.10
    infinitedata-pa.googleapis.com
    IN A
    142.250.179.202
    infinitedata-pa.googleapis.com
    IN A
    216.58.208.106
    infinitedata-pa.googleapis.com
    IN A
    142.251.39.106
    infinitedata-pa.googleapis.com
    IN A
    142.250.179.170
    infinitedata-pa.googleapis.com
    IN A
    142.251.36.10
  • flag-unknown
    DNS
    aykomediki.net
    Remote address:
    1.1.1.1:53
    Request
    aykomediki.net
    IN A
    Response
  • flag-unknown
    DNS
    semanticlocation-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    semanticlocation-pa.googleapis.com
    IN A
    Response
    semanticlocation-pa.googleapis.com
    IN A
    142.251.36.10
    semanticlocation-pa.googleapis.com
    IN A
    142.250.179.202
    semanticlocation-pa.googleapis.com
    IN A
    172.217.168.234
    semanticlocation-pa.googleapis.com
    IN A
    142.251.39.106
    semanticlocation-pa.googleapis.com
    IN A
    216.58.214.10
    semanticlocation-pa.googleapis.com
    IN A
    142.251.36.42
    semanticlocation-pa.googleapis.com
    IN A
    172.217.168.202
    semanticlocation-pa.googleapis.com
    IN A
    142.250.179.170
    semanticlocation-pa.googleapis.com
    IN A
    142.250.179.138
  • 216.58.208.110:443
    android.apis.google.com
    tls
    4.8kB
     8.7kB
     17
    17
  • 1.1.1.1:853
    tls
    832 B
     3.5kB
     9
    7
  • 1.1.1.1:853
    tls
    958 B
     4.0kB
     10
    8
  • 224.0.0.251:5353
    7.5kB
     24
  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    216.58.208.110

  • 1.1.1.1:53
    infinitedata-pa.googleapis.com
    dns
    76 B
     220 B
     1
    1

    DNS Request

    infinitedata-pa.googleapis.com

    DNS Response

    142.250.179.138
    172.217.168.234
    142.251.36.42
    216.58.214.10
    142.250.179.202
    216.58.208.106
    142.251.39.106
    142.250.179.170
    142.251.36.10

  • 1.1.1.1:53
    aykomediki.net
    dns
    60 B
     133 B
     1
    1

    DNS Request

    aykomediki.net

  • 1.1.1.1:53
    semanticlocation-pa.googleapis.com
    dns
    80 B
     224 B
     1
    1

    DNS Request

    semanticlocation-pa.googleapis.com

    DNS Response

    142.251.36.10
    142.250.179.202
    172.217.168.234
    142.251.39.106
    216.58.214.10
    142.251.36.42
    172.217.168.202
    142.250.179.170
    142.250.179.138

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.wagon.track/app_DynamicOptDex/OdyqAaN.json
    Filesize

    1.6MB

    MD5

    281bbe18016d45aa9798a7fd3d4700f6

    SHA1

    0b342c1a181b9acaa009b0ef8220396d4cef89f3

    SHA256

    1ad48872e0643b81541465070ee063aa115bf6fed538e252f745ae34f574b41b

    SHA512

    600e0a742b475b1ec93095e126befb920a490f90bce605114aea7c11d91a0c4b6a18dfe4a9fe83a5fb8da800bbfec0ca33732e9ce4a4dc5bb9718e57271049ba

    Download Submit

  • /data/user/0/com.wagon.track/app_DynamicOptDex/OdyqAaN.json
    Filesize

    4.4MB

    MD5

    e9613f4e53cd9ec40ef7558f3c2f8e34

    SHA1

    e950b1f9b4a1c83c1077a86a7323e7387a698b9e

    SHA256

    90e9f8565aa494b879b4d4f456271a6fe4950f8bd30a9aa59ee0f5b319680cd7

    SHA512

    94263d6ff74e86e87d828bfb44fae2e8923e09c3318120a69fbbd0b3ab7f9a09b6573d8f47f545096c1e97bbcccde504a73c9f9b686a8d0a460caa5a09e3e476

    Download Submit

  • /data/user/0/com.wagon.track/app_DynamicOptDex/OdyqAaN.json
    Filesize

    4.4MB

    MD5

    5e778fa1b19c3d2f83f4547f9eb1fe3c

    SHA1

    bbeef5360c21685137d05c1a3eadbdf6626eb75a

    SHA256

    cda6b26aa4a8bf4d97933d4cb7d1caf1b537ac2539ed399925927b467fcb29e5

    SHA512

    d5c703400e1d182f7c5a8f575a27b30ed0afdc8029d148700101dc890ea97b683471280f68e9b46462b48b28653486de8bd615cecf7cd67d81df2c8e605fca9f

    Download Submit

  • /data/user/0/com.wagon.track/shared_prefs/pref_name_setting.xml
    Filesize

    131B

    MD5

    7495a729dd859df0e635d52cb2dbff50

    SHA1

    d7c80a92296c998a69871c1529d9066ed3f1c8cd

    SHA256

    a9ba025492d919b5e5481121d3f7b105bd3020e9e8e79370aece253089f63ade

    SHA512

    9890d6d61cfdef3ecd9083bfe712d54683d350587959458ed1d7ddba9f60deff280dfb821d7ffbd76b9f3f087f8c6939b1ea363c978b890955a9f72d67475a0a

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.