Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
78548s -
max time network
132s -
platform
android_x64 -
resource
android-x64-arm64-20220823-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220823-enlocale:en-usos:android-11-x64system -
submitted
21/03/2023, 14:56
Static task
static1
Behavioral task
behavioral1
Sample
E74C08FD6AD250FA63E028CE7801ECA99A460562107CC40727B0FBCA80182196.apk
Resource
android-x86-arm-20220823-en
Behavioral task
behavioral2
Sample
E74C08FD6AD250FA63E028CE7801ECA99A460562107CC40727B0FBCA80182196.apk
Resource
android-x64-20220823-en
Behavioral task
behavioral3
Sample
E74C08FD6AD250FA63E028CE7801ECA99A460562107CC40727B0FBCA80182196.apk
Resource
android-x64-arm64-20220823-en
General
-
Target
E74C08FD6AD250FA63E028CE7801ECA99A460562107CC40727B0FBCA80182196.apk
-
Size
3.4MB
-
MD5
b61470b9b40cc8a08b3244ae70a187f2
-
SHA1
fb5458ab4445ca6fbc77a2197585e4f8a5af0e32
-
SHA256
e74c08fd6ad250fa63e028ce7801eca99a460562107cc40727b0fbca80182196
-
SHA512
678b66b4f17f8371a876579ad7e5741c2f0b673f668463a9b714d773231493fb39aaf7dd48eacf848e6483813fc557787dfa350e801605f05662e03a8da6d9f7
-
SSDEEP
98304:2ejRZZYQi4+v4UakNXRoZq8mrw/JhjH4Ta:XnizLakoX3JyG
Malware Config
Extracted
hydra
http://saygosesgoforesosne.net
Signatures
-
Hydra
Android banker and info stealer.
-
Hydra payload 1 IoCs
resource yara_rule behavioral3/memory/4534-0.dex family_hydra -
Makes use of the framework's Accessibility service. 2 IoCs
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.flee.rail Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.flee.rail -
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.flee.rail/app_DynamicOptDex/XfOkior.json 4534 com.flee.rail -
Requests enabling of the accessibility settings. 1 IoCs
description ioc Process Intent action android.settings.ACCESSIBILITY_SETTINGS com.flee.rail -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 67 ip-api.com -
Reads information about phone network operator.
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD5032e1a1b4b49c11d3eb7c3104a05f55d
SHA1fd43fa9f1a8e00e63f147a9337691114b31334c4
SHA256ec43b47a030fd2865e4a8f2524ee28c994b0e7095ce0274c9c79b39ff1b876ad
SHA512f9eedd13eb7578eaa68e6aee4ee45c0d49163dadcf371a1279e1bce1562cb02383a10ba3e5dd6dc1257aeb86d1a42aff0f8ab01da652f4433798ec637093e1ee
-
Filesize
3.6MB
MD57d66063b17e478007eaf7d8e13305e05
SHA1bb0360fe73fa8aa8be409114e7d84fbfb09e6d99
SHA256a7df9f982dbad9adce236859a1ae6c79206b27ebbd8e8730f09e9461dd595757
SHA51211adefd47732d652f535aa8f58d3a2cb13586b56dc21d4ff2c686d93a6d7bf9344c8c7b89535a3eb78506c2f86676c1f7cf79b6f8083caa410b383384e43a3ae
-
Filesize
131B
MD58c9aa9899e23c0e2a7b612be315a5ccd
SHA140ea686a7085abe22fbc3664358d85c35d2b9ca6
SHA256ac9992024a33e42eb08b667fc83ffab3cd21c656647c7374d8286aac930316a1
SHA512b8f9fbb8cd68e86e3724d9a773578d07710c0baa89f179e211fb27067b98f5bc964128fcaa00734e176bd5187277c3ade04c5fc00d633bbed7eb52a6a9def970