Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
3483406s -
max time network
160s -
platform
android_x64 -
resource
android-x64-arm64-20220823-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system -
submitted
20/01/2023, 14:37 UTC
Static task
static1
Behavioral task
behavioral1
Sample
481598d7c10e3dfd538e8c21141ab337c2074047227a58f8f639eb374e971cf4.apk
Resource
android-x86-arm-20220823-en
Behavioral task
behavioral2
Sample
481598d7c10e3dfd538e8c21141ab337c2074047227a58f8f639eb374e971cf4.apk
Resource
android-x64-20220823-en
Behavioral task
behavioral3
Sample
481598d7c10e3dfd538e8c21141ab337c2074047227a58f8f639eb374e971cf4.apk
Resource
android-x64-arm64-20220823-en
General
-
Target
481598d7c10e3dfd538e8c21141ab337c2074047227a58f8f639eb374e971cf4.apk
-
Size
2.0MB
-
MD5
9c493810258eeca47b5001fd0c968111
-
SHA1
9461d1a5f6ae935a1ba6bc2d05e76e55ac79f639
-
SHA256
481598d7c10e3dfd538e8c21141ab337c2074047227a58f8f639eb374e971cf4
-
SHA512
7cd767cacd064def4443f21b346b4a78b8573dc760714210eda5f4284a4a236b795e73cc0e2c50f7837693741416007bcf913034dc28dd21a5084099ca68a172
-
SSDEEP
49152:j/j9ArJ/vPFDdpfE/81ZRPRNdoIIVVYG2FrGJ:j/jOxvFz1rRNdobVVYREJ
Malware Config
Signatures
-
Hydra
Android banker and info stealer.
-
Hydra payload 1 IoCs
resource yara_rule behavioral3/memory/4418-0.dex family_hydra -
Makes use of the framework's Accessibility service. 2 IoCs
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.piano.length Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.piano.length -
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.piano.length/app_DynamicOptDex/uEEipJ.json 4418 com.piano.length -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 42 ip-api.com -
Reads information about phone network operator.
Processes
Network
-
Remote address:1.1.1.1:53Requestandroid.apis.google.comIN AResponseandroid.apis.google.comIN CNAMEclients.l.google.comclients.l.google.comIN A142.251.36.14
-
Remote address:1.1.1.1:53Requestgrowth-pa.googleapis.comIN AResponsegrowth-pa.googleapis.comIN A142.251.36.10growth-pa.googleapis.comIN A142.250.179.202growth-pa.googleapis.comIN A142.251.39.106growth-pa.googleapis.comIN A216.58.208.106growth-pa.googleapis.comIN A142.251.36.42growth-pa.googleapis.comIN A142.250.179.138growth-pa.googleapis.comIN A142.250.179.170
-
Remote address:1.1.1.1:53Requestinfinitedata-pa.googleapis.comIN AResponseinfinitedata-pa.googleapis.comIN A142.251.36.42infinitedata-pa.googleapis.comIN A142.251.36.10infinitedata-pa.googleapis.comIN A142.250.179.202infinitedata-pa.googleapis.comIN A142.250.179.138infinitedata-pa.googleapis.comIN A142.250.179.170infinitedata-pa.googleapis.comIN A142.251.39.106infinitedata-pa.googleapis.comIN A216.58.208.106
-
Remote address:1.1.1.1:53Requestip-api.comIN A
-
Remote address:1.1.1.1:53Requestip-api.comIN A
-
Remote address:1.1.1.1:53Requestssl.google-analytics.comIN AResponsessl.google-analytics.comIN A142.251.39.104
-
Remote address:1.1.1.1:53Requestgist.githubusercontent.comIN A
-
Remote address:1.1.1.1:53Requestgist.githubusercontent.comIN A
-
Remote address:1.1.1.1:53Requestandroid.apis.google.comIN A
-
Remote address:1.1.1.1:53Requestandroid.apis.google.comIN A
-
Remote address:1.1.1.1:53Requestandroid.apis.google.comIN AResponseandroid.apis.google.comIN CNAMEclients.l.google.comclients.l.google.comIN A172.217.168.206
-
867 B 4.6kB 6 5
-
919 B 4.6kB 7 5
-
919 B 4.5kB 7 4
-
543 B 4.9kB 7 5
-
543 B 4.8kB 7 4
-
543 B 4.9kB 7 5
-
543 B 4.8kB 7 4
-
1.2kB 5.7kB 7 5
-
9.2kB 12.7kB 30 30
-
4.1kB 12
-
69 B 109 B 1 1
DNS Request
android.apis.google.com
DNS Response
142.251.36.14
-
70 B 182 B 1 1
DNS Request
growth-pa.googleapis.com
DNS Response
142.251.36.10142.250.179.202142.251.39.106216.58.208.106142.251.36.42142.250.179.138142.250.179.170
-
76 B 188 B 1 1
DNS Request
infinitedata-pa.googleapis.com
DNS Response
142.251.36.42142.251.36.10142.250.179.202142.250.179.138142.250.179.170142.251.39.106216.58.208.106
-
112 B 2
DNS Request
ip-api.com
DNS Request
ip-api.com
-
70 B 86 B 1 1
DNS Request
ssl.google-analytics.com
DNS Response
142.251.39.104
-
144 B 2
DNS Request
gist.githubusercontent.com
DNS Request
gist.githubusercontent.com
-
138 B 2
DNS Request
android.apis.google.com
DNS Request
android.apis.google.com
-
69 B 109 B 1 1
DNS Request
android.apis.google.com
DNS Response
172.217.168.206
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
239KB
MD506c02ab9f5fbb12ec78c0f00b9cd144f
SHA192965fccde619291b2cd21a93d4a22d79b4b9094
SHA25696f1e4cd48ef797a8fc5e740dae6f3a527d0543788d18b967fd8996748241cda
SHA51280c2388fe41ad6791ab7282c396a0fa8414f96a84de0290751b57b87963f4b42f33c6f0e439369cebdc54f4f9fcb8c20ac1cc6b5b2a11b0931d67a2317080cd0
-
Filesize
574KB
MD54f7ca869e2a2aa71565ddd0213377ef4
SHA17d36e39122864983eefeae7acda4c5895571aefb
SHA256885da90d332750c7f2fef12a1fc61d9aae32a323b0bd13b2309bbc6ee3f221e5
SHA51270097ab3164541abeb0aa661c7d92a1d4fd1f1b5deb7b605a5e510d7bfd84622f143305846fc6b31be0e5d7015bb56eca7fbf6063e84d840b7cd3bd07a4f500f
-
Filesize
131B
MD599906591310ddc26748b3a604ccde036
SHA14826b28d3683a99e10132999778b1f650223a593
SHA256fb6c16987439db4666c0a1493c659ede60609e0413e1f079730368bddc812b97
SHA5125e9061a7485e8d7e196635818a0ce16ec1780f8940255a681492abaf60b7b35b88923a34a95b8c6ee652c3e3f72f8efdf7b7192b69813371980444eded09f82c