Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
4005700s -
max time network
168s -
platform
android_x64 -
resource
android-x64-arm64-20231023-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231023-enlocale:en-usos:android-11-x64system -
submitted
20/11/2023, 22:00
Static task
static1
Behavioral task
behavioral1
Sample
15d9a5bdde36d5f214d6963bbf05e4cdcd20e86dcd539f771c972112c75dc4a5.apk
Resource
android-x86-arm-20231023-en
Behavioral task
behavioral2
Sample
15d9a5bdde36d5f214d6963bbf05e4cdcd20e86dcd539f771c972112c75dc4a5.apk
Resource
android-x64-20231023.1-en
Behavioral task
behavioral3
Sample
15d9a5bdde36d5f214d6963bbf05e4cdcd20e86dcd539f771c972112c75dc4a5.apk
Resource
android-x64-arm64-20231023-en
Behavioral task
behavioral4
Sample
libcrashyltics.so
Resource
ubuntu1804-amd64-20231026-en
Behavioral task
behavioral5
Sample
zoom_app_sdk.js
Resource
win7-20231020-en
Behavioral task
behavioral6
Sample
zoom_app_sdk.js
Resource
win10v2004-20231023-en
General
-
Target
15d9a5bdde36d5f214d6963bbf05e4cdcd20e86dcd539f771c972112c75dc4a5.apk
-
Size
3.1MB
-
MD5
dbab340d07d659ac69fe2ae7a7119ace
-
SHA1
b11519fd265fab67afe9e70edb661a52f413a187
-
SHA256
15d9a5bdde36d5f214d6963bbf05e4cdcd20e86dcd539f771c972112c75dc4a5
-
SHA512
1d05440aee275f350a956538890170030a0c28ad9f62691ca780c1570787065a0ef1290cfd7fd748bb1d772105f6b2621a870ca3ef32926b2303c44959f1c07c
-
SSDEEP
49152:+NNGa1n+JGiJjFCmwTkH+u5DO7PrRQWbMl9PriWcHJ3dC:qh+JGi3ATk95cruwm9WWcHJ3dC
Malware Config
Extracted
hydra
http://ciopuntinoapoldoaeuoererapol.com
Signatures
-
Hydra
Android banker and info stealer.
-
Hydra payload 2 IoCs
resource yara_rule behavioral3/memory/4594-0.dex family_hydra1 behavioral3/memory/4594-0.dex family_hydra2 -
Makes use of the framework's Accessibility service. 2 IoCs
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.interest.discover Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.interest.discover -
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.interest.discover/app_DynamicOptDex/EYRX.json 4594 com.interest.discover -
Requests enabling of the accessibility settings. 1 IoCs
description ioc Process Intent action android.settings.ACCESSIBILITY_SETTINGS com.interest.discover -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 22 ip-api.com -
Reads information about phone network operator.
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.6MB
MD5f64e228b05c35ab01516a7539c05b6b9
SHA1911ad6ebc61346202990b2f901e91a53f1368854
SHA256267c2101f2d1cdd1126d3565a5759aecca0d98833e7690369c7666c5644b8a65
SHA5129167e4efac4ddd7b69798714ac1d5cbcdf1860045bc77d1c100da54494a4a9629c263877081e62e192f310abf87b20c397302f5a870539f27584c3cb68e2ab1e
-
Filesize
1.6MB
MD53695bc4fa1869057d5c7ca5c96ec9edd
SHA1e32638ca29fe15f5d171f901ccb4ef9c7b574fa8
SHA2563e70f0277d6faae5abf401a49589a2e9f4c3658885349d4df94e0eff0f3c8eff
SHA51235b6b854fa407b6fd54c5318191a253bb9a8e546f0e1c1bf48ec2ca7aab9468d63f26fc0f619c9ec84039c5465a2be5a1b62f524d28f83bab9d145f10f09cbae
-
Filesize
1KB
MD56f6cd9f5837a67ab6ddaf6ecce174ec3
SHA1f3efdbe0bd701669503ac92a0f799a91df4916b6
SHA256f59d831d270b42da70cbc22d911b35e8b26b154f940552187da255c026adffbe
SHA5127a88c2ed3c7900193dfafd8cafe107d5604924e5c61593a4286f56846786fdc1f7164717b2478acffc67411765473df1d64e0ea7adfa6cf91f49bf5bb6960dc5
-
Filesize
4.4MB
MD5493732eae1ec6f43d7bf0692d774b317
SHA1a604ba4eb87d757cb6176799a7dd08859e25e97e
SHA256a1a648bf5c9b9dd66d24b06d6a4ae6aa11fd73611c2840b1da74d8239a38698e
SHA51275684bc7791042555babd50da4278984de8f0e9e50711da61784eed2fb8c2b10a064e094784d41adb3df511a40859177c1f0d70bc0d1740ed0556f7d850d9bb4