Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
3483406s -
max time network
160s -
platform
android_x64 -
resource
android-x64-arm64-20220823-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system -
submitted
20/01/2023, 14:37
Static task
static1
Behavioral task
behavioral1
Sample
481598d7c10e3dfd538e8c21141ab337c2074047227a58f8f639eb374e971cf4.apk
Resource
android-x86-arm-20220823-en
Behavioral task
behavioral2
Sample
481598d7c10e3dfd538e8c21141ab337c2074047227a58f8f639eb374e971cf4.apk
Resource
android-x64-20220823-en
Behavioral task
behavioral3
Sample
481598d7c10e3dfd538e8c21141ab337c2074047227a58f8f639eb374e971cf4.apk
Resource
android-x64-arm64-20220823-en
General
-
Target
481598d7c10e3dfd538e8c21141ab337c2074047227a58f8f639eb374e971cf4.apk
-
Size
2.0MB
-
MD5
9c493810258eeca47b5001fd0c968111
-
SHA1
9461d1a5f6ae935a1ba6bc2d05e76e55ac79f639
-
SHA256
481598d7c10e3dfd538e8c21141ab337c2074047227a58f8f639eb374e971cf4
-
SHA512
7cd767cacd064def4443f21b346b4a78b8573dc760714210eda5f4284a4a236b795e73cc0e2c50f7837693741416007bcf913034dc28dd21a5084099ca68a172
-
SSDEEP
49152:j/j9ArJ/vPFDdpfE/81ZRPRNdoIIVVYG2FrGJ:j/jOxvFz1rRNdobVVYREJ
Malware Config
Signatures
-
Hydra
Android banker and info stealer.
-
Hydra payload 1 IoCs
resource yara_rule behavioral3/memory/4418-0.dex family_hydra -
Makes use of the framework's Accessibility service. 2 IoCs
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.piano.length Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.piano.length -
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.piano.length/app_DynamicOptDex/uEEipJ.json 4418 com.piano.length -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 42 ip-api.com -
Reads information about phone network operator.
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
239KB
MD506c02ab9f5fbb12ec78c0f00b9cd144f
SHA192965fccde619291b2cd21a93d4a22d79b4b9094
SHA25696f1e4cd48ef797a8fc5e740dae6f3a527d0543788d18b967fd8996748241cda
SHA51280c2388fe41ad6791ab7282c396a0fa8414f96a84de0290751b57b87963f4b42f33c6f0e439369cebdc54f4f9fcb8c20ac1cc6b5b2a11b0931d67a2317080cd0
-
Filesize
574KB
MD54f7ca869e2a2aa71565ddd0213377ef4
SHA17d36e39122864983eefeae7acda4c5895571aefb
SHA256885da90d332750c7f2fef12a1fc61d9aae32a323b0bd13b2309bbc6ee3f221e5
SHA51270097ab3164541abeb0aa661c7d92a1d4fd1f1b5deb7b605a5e510d7bfd84622f143305846fc6b31be0e5d7015bb56eca7fbf6063e84d840b7cd3bd07a4f500f
-
Filesize
131B
MD599906591310ddc26748b3a604ccde036
SHA14826b28d3683a99e10132999778b1f650223a593
SHA256fb6c16987439db4666c0a1493c659ede60609e0413e1f079730368bddc812b97
SHA5125e9061a7485e8d7e196635818a0ce16ec1780f8940255a681492abaf60b7b35b88923a34a95b8c6ee652c3e3f72f8efdf7b7192b69813371980444eded09f82c