Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

73fcd12578...75.apk

android-9-x86

10

73fcd12578...75.apk

android-10-x64

10

73fcd12578...75.apk

android-11-x64

10

Analysis

  • max time kernel
    2285791s
  • max time network
    155s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    20/12/2023, 00:23 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    73fcd12578ff36a3575898e5c2f6bf9bba7cfb40f936d2092c6f81ec7ebe8975.apk

  • Size

    6.4MB

  • MD5

    168b29ef92c0931eb31531fa049adc58

  • SHA1

    02813110ec1d35371b69613b4226246c4745aa95

  • SHA256

    73fcd12578ff36a3575898e5c2f6bf9bba7cfb40f936d2092c6f81ec7ebe8975

  • SHA512

    e5f3788607294a31ccf41a6fde470ac08916eccdaca57caeb8cf2acf3e710f011e245bf91422c60fdef1a6a58ba9456f8e47ae0cda8882b57710a8c0259b88ce

  • SSDEEP

    196608:UIOdjjuuxyUmCaK/fK/8K+t8qLpZ/7xceP77J:UIujjuukNKHk8VnH/FP7t

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 2 IoCs
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • com.dazgytun.vfohonn
    1⤵
    • Makes use of the framework's Accessibility service
    • Loads dropped Dex/Jar
    PID:4254
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dazgytun.vfohonn/uIU7G8gH8F/HfgU98qGygiuyuI/base.apk.gFg88py1.F8u --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.dazgytun.vfohonn/uIU7G8gH8F/HfgU98qGygiuyuI/oat/x86/base.apk.gFg88py1.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4283

Network

  • flag-us
    DNS
    raw.githubusercontent.com
    Remote address:
    1.1.1.1:53
    Request
    raw.githubusercontent.com
    IN A
    Response
    raw.githubusercontent.com
    IN A
    185.199.109.133
    raw.githubusercontent.com
    IN A
    185.199.108.133
    raw.githubusercontent.com
    IN A
    185.199.111.133
    raw.githubusercontent.com
    IN A
    185.199.110.133
  • flag-us
    GET
    https://raw.githubusercontent.com/dyd1y/tor-files/main/all_tor.zip
    Remote address:
    185.199.109.133:443
    Request
    GET /dyd1y/tor-files/main/all_tor.zip HTTP/1.1
    Range: bytes=0-
    Authorization: token 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
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
    Host: raw.githubusercontent.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 404 Not Found
    Connection: keep-alive
    Content-Length: 14
    Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
    Strict-Transport-Security: max-age=31536000
    X-Content-Type-Options: nosniff
    X-Frame-Options: deny
    X-XSS-Protection: 1; mode=block
    Content-Type: text/plain; charset=utf-8
    X-GitHub-Request-Id: C9A0:31BAAF:182A3BB:1926F92:658321B0
    Accept-Ranges: bytes
    Date: Wed, 20 Dec 2023 17:18:27 GMT
    Via: 1.1 varnish
    X-Served-By: cache-lhr7364-LHR
    X-Cache: HIT
    X-Cache-Hits: 0
    X-Timer: S1703092708.516111,VS0,VE1
    Vary: Authorization,Accept-Encoding,Origin
    Access-Control-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    X-Fastly-Request-ID: 844a29497c2042fb3194d8ec27c5a57bfd2ae5f7
    Expires: Wed, 20 Dec 2023 17:23:27 GMT
    Source-Age: 51
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.200.14
  • flag-us
    DNS
    ip-api.com
    Remote address:
    1.1.1.1:53
    Request
    ip-api.com
    IN A
    Response
    ip-api.com
    IN A
    208.95.112.1
  • flag-us
    GET
    http://ip-api.com/json
    Remote address:
    208.95.112.1:80
    Request
    GET /json HTTP/1.1
    Authorization: dc27634c4313b2a7
    Content-Type: application/json
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
    Host: ip-api.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Date: Wed, 20 Dec 2023 17:18:33 GMT
    Content-Type: application/json; charset=utf-8
    Content-Length: 313
    Access-Control-Allow-Origin: *
    X-Ttl: 1
    X-Rl: 40
  • flag-us
    GET
    https://raw.githubusercontent.com/dyd1y/tor-files/main/all_tor.zip
    Remote address:
    185.199.109.133:443
    Request
    GET /dyd1y/tor-files/main/all_tor.zip HTTP/1.1
    Range: bytes=0-
    Authorization: token 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
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
    Host: raw.githubusercontent.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 404 Not Found
    Connection: keep-alive
    Content-Length: 14
    Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
    Strict-Transport-Security: max-age=31536000
    X-Content-Type-Options: nosniff
    X-Frame-Options: deny
    X-XSS-Protection: 1; mode=block
    Content-Type: text/plain; charset=utf-8
    X-GitHub-Request-Id: 1C08:1602E9:178769A:188078A:658321DC
    Accept-Ranges: bytes
    Date: Wed, 20 Dec 2023 17:19:03 GMT
    Via: 1.1 varnish
    X-Served-By: cache-lon420147-LON
    X-Cache: HIT
    X-Cache-Hits: 0
    X-Timer: S1703092743.144714,VS0,VE1
    Vary: Authorization,Accept-Encoding,Origin
    Access-Control-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    X-Fastly-Request-ID: 4589f7032fb6bb6a78be5589d39586317130fdbd
    Expires: Wed, 20 Dec 2023 17:24:03 GMT
    Source-Age: 40
  • flag-us
    GET
    https://raw.githubusercontent.com/dyd1y/tor-files/main/all_tor.zip
    Remote address:
    185.199.109.133:443
    Request
    GET /dyd1y/tor-files/main/all_tor.zip HTTP/1.1
    Range: bytes=0-
    Authorization: token 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
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
    Host: raw.githubusercontent.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 404 Not Found
    Connection: keep-alive
    Content-Length: 14
    Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
    Strict-Transport-Security: max-age=31536000
    X-Content-Type-Options: nosniff
    X-Frame-Options: deny
    X-XSS-Protection: 1; mode=block
    Content-Type: text/plain; charset=utf-8
    X-GitHub-Request-Id: 5460:29FB50:1C7A8A0:1D9992C:6583221B
    Accept-Ranges: bytes
    Date: Wed, 20 Dec 2023 17:19:23 GMT
    Via: 1.1 varnish
    X-Served-By: cache-lon420104-LON
    X-Cache: MISS
    X-Cache-Hits: 0
    X-Timer: S1703092763.126838,VS0,VE175
    Vary: Authorization,Accept-Encoding,Origin
    Access-Control-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    X-Fastly-Request-ID: fd3f3b2cc26a972e37ca56e938c99f5b77ea67cf
    Expires: Wed, 20 Dec 2023 17:24:23 GMT
    Source-Age: 0
  • flag-us
    GET
    https://raw.githubusercontent.com/dyd1y/tor-files/main/all_tor.zip
    Remote address:
    185.199.109.133:443
    Request
    GET /dyd1y/tor-files/main/all_tor.zip HTTP/1.1
    Range: bytes=0-
    Authorization: token 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
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
    Host: raw.githubusercontent.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 404 Not Found
    Connection: keep-alive
    Content-Length: 14
    Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
    Strict-Transport-Security: max-age=31536000
    X-Content-Type-Options: nosniff
    X-Frame-Options: deny
    X-XSS-Protection: 1; mode=block
    Content-Type: text/plain; charset=utf-8
    X-GitHub-Request-Id: CB06:3BB192:1D42CC4:1E61CD4:658321F7
    Accept-Ranges: bytes
    Date: Wed, 20 Dec 2023 17:19:43 GMT
    Via: 1.1 varnish
    X-Served-By: cache-lhr7364-LHR
    X-Cache: HIT
    X-Cache-Hits: 0
    X-Timer: S1703092783.142534,VS0,VE7
    Vary: Authorization,Accept-Encoding,Origin
    Access-Control-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    X-Fastly-Request-ID: f24b6ac4a674d5d8a6970b423ea66913449a82d7
    Expires: Wed, 20 Dec 2023 17:24:43 GMT
    Source-Age: 55
  • flag-us
    GET
    https://raw.githubusercontent.com/dyd1y/tor-files/main/all_tor.zip
    Remote address:
    185.199.109.133:443
    Request
    GET /dyd1y/tor-files/main/all_tor.zip HTTP/1.1
    Range: bytes=0-
    Authorization: token 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
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
    Host: raw.githubusercontent.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 404 Not Found
    Connection: keep-alive
    Content-Length: 14
    Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
    Strict-Transport-Security: max-age=31536000
    X-Content-Type-Options: nosniff
    X-Frame-Options: deny
    X-XSS-Protection: 1; mode=block
    Content-Type: text/plain; charset=utf-8
    X-GitHub-Request-Id: 0D8E:3BB192:1D464D8:1E656B4:65832243
    Accept-Ranges: bytes
    Date: Wed, 20 Dec 2023 17:20:03 GMT
    Via: 1.1 varnish
    X-Served-By: cache-lhr7343-LHR
    X-Cache: MISS
    X-Cache-Hits: 0
    X-Timer: S1703092803.169851,VS0,VE133
    Vary: Authorization,Accept-Encoding,Origin
    Access-Control-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    X-Fastly-Request-ID: 47917f5e0c2b0911c59a1941a99118fa1ff64348
    Expires: Wed, 20 Dec 2023 17:25:03 GMT
    Source-Age: 0
  • flag-us
    GET
    https://raw.githubusercontent.com/dyd1y/tor-files/main/all_tor.zip
    Remote address:
    185.199.109.133:443
    Request
    GET /dyd1y/tor-files/main/all_tor.zip HTTP/1.1
    Range: bytes=0-
    Authorization: token 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
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
    Host: raw.githubusercontent.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 404 Not Found
    Connection: keep-alive
    Content-Length: 14
    Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
    Strict-Transport-Security: max-age=31536000
    X-Content-Type-Options: nosniff
    X-Frame-Options: deny
    X-XSS-Protection: 1; mode=block
    Content-Type: text/plain; charset=utf-8
    X-GitHub-Request-Id: B436:391231:1C576CD:1D759CE:6583224C
    Accept-Ranges: bytes
    Date: Wed, 20 Dec 2023 17:20:23 GMT
    Via: 1.1 varnish
    X-Served-By: cache-lcy-eglc8600063-LCY
    X-Cache: HIT
    X-Cache-Hits: 0
    X-Timer: S1703092823.188218,VS0,VE1
    Vary: Authorization,Accept-Encoding,Origin
    Access-Control-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    X-Fastly-Request-ID: a841bd5fa1cf041033df9b4ffc0cc400a8e67f78
    Expires: Wed, 20 Dec 2023 17:25:23 GMT
    Source-Age: 10
  • flag-us
    GET
    https://raw.githubusercontent.com/dyd1y/tor-files/main/all_tor.zip
    Remote address:
    185.199.109.133:443
    Request
    GET /dyd1y/tor-files/main/all_tor.zip HTTP/1.1
    Range: bytes=0-
    Authorization: token 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
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
    Host: raw.githubusercontent.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 404 Not Found
    Connection: keep-alive
    Content-Length: 14
    Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
    Strict-Transport-Security: max-age=31536000
    X-Content-Type-Options: nosniff
    X-Frame-Options: deny
    X-XSS-Protection: 1; mode=block
    Content-Type: text/plain; charset=utf-8
    X-GitHub-Request-Id: 0D8E:3BB192:1D464D8:1E656B4:65832243
    Accept-Ranges: bytes
    Date: Wed, 20 Dec 2023 17:20:43 GMT
    Via: 1.1 varnish
    X-Served-By: cache-lhr7352-LHR
    X-Cache: HIT
    X-Cache-Hits: 0
    X-Timer: S1703092843.187704,VS0,VE1
    Vary: Authorization,Accept-Encoding,Origin
    Access-Control-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    X-Fastly-Request-ID: 0958cf028326282e450fcfa693737a496cf947b0
    Expires: Wed, 20 Dec 2023 17:25:43 GMT
    Source-Age: 40
  • 185.199.109.133:443
    https://raw.githubusercontent.com/dyd1y/tor-files/main/all_tor.zip
    tls, http
    1.1kB
     5.6kB
     9
    10

    HTTP Request

    GET https://raw.githubusercontent.com/dyd1y/tor-files/main/all_tor.zip

    HTTP Response

    404
  • 216.58.201.110:443
    tls, https
    858 B
     40 B
     1
    1
  • 142.250.200.14:443
    android.apis.google.com
    tls
    5.1kB
     8.7kB
     22
    23
  • 208.95.112.1:80
    http://ip-api.com/json
    http
    451 B
     661 B
     5
    4

    HTTP Request

    GET http://ip-api.com/json

    HTTP Response

    200
  • 185.199.109.133:443
    https://raw.githubusercontent.com/dyd1y/tor-files/main/all_tor.zip
    tls, http
    1.3kB
     1.4kB
     7
    6

    HTTP Request

    GET https://raw.githubusercontent.com/dyd1y/tor-files/main/all_tor.zip

    HTTP Response

    404
  • 185.199.109.133:443
    https://raw.githubusercontent.com/dyd1y/tor-files/main/all_tor.zip
    tls, http
    1.3kB
     1.4kB
     7
    6

    HTTP Request

    GET https://raw.githubusercontent.com/dyd1y/tor-files/main/all_tor.zip

    HTTP Response

    404
  • 185.199.109.133:443
    https://raw.githubusercontent.com/dyd1y/tor-files/main/all_tor.zip
    tls, http
    1.3kB
     1.4kB
     7
    6

    HTTP Request

    GET https://raw.githubusercontent.com/dyd1y/tor-files/main/all_tor.zip

    HTTP Response

    404
  • 185.199.109.133:443
    https://raw.githubusercontent.com/dyd1y/tor-files/main/all_tor.zip
    tls, http
    1.3kB
     1.4kB
     7
    6

    HTTP Request

    GET https://raw.githubusercontent.com/dyd1y/tor-files/main/all_tor.zip

    HTTP Response

    404
  • 185.199.109.133:443
    https://raw.githubusercontent.com/dyd1y/tor-files/main/all_tor.zip
    tls, http
    1.3kB
     1.4kB
     8
    7

    HTTP Request

    GET https://raw.githubusercontent.com/dyd1y/tor-files/main/all_tor.zip

    HTTP Response

    404
  • 185.199.109.133:443
    https://raw.githubusercontent.com/dyd1y/tor-files/main/all_tor.zip
    tls, http
    1.3kB
     1.4kB
     7
    6

    HTTP Request

    GET https://raw.githubusercontent.com/dyd1y/tor-files/main/all_tor.zip

    HTTP Response

    404
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    raw.githubusercontent.com
    dns
    71 B
     135 B
     1
    1

    DNS Request

    raw.githubusercontent.com

    DNS Response

    185.199.109.133
    185.199.108.133
    185.199.111.133
    185.199.110.133

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.200.14

  • 1.1.1.1:53
    ip-api.com
    dns
    56 B
     72 B
     1
    1

    DNS Request

    ip-api.com

    DNS Response

    208.95.112.1

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.dazgytun.vfohonn/uIU7G8gH8F/HfgU98qGygiuyuI/tmp-base.apk.gFg88py882639834246310533.F8u
    Filesize

    2.5MB

    MD5

    44e53de97db1542d9ab9a8da3da4a1ba

    SHA1

    3e4e002befe06f34bfbbdc97efd032eb7e731f68

    SHA256

    5d7891189f95ade89c65a5046e8cede2ba57e788f88fcb0da5cffe0dfdc83edc

    SHA512

    53c24e83010692f340850e062547f2a6c9b107f3b41dbda5dd05d72428069195620ef5285ef5cf94fa9542efe7c7b62510023c14c55a3d0aec0c85e8f619fb73

    Download Submit

  • /data/user/0/com.dazgytun.vfohonn/uIU7G8gH8F/HfgU98qGygiuyuI/base.apk.gFg88py1.F8u
    Filesize

    7.4MB

    MD5

    3420a89e97cc3827c4294fcd7c579897

    SHA1

    d89f9938b3f1b1f429e3c69ecfc7b319f9684065

    SHA256

    ab52f15ee05cbdfd9981e8c0650396e9af657e872491faa0c1442f1d933a4986

    SHA512

    47c369ad0298b5b96ae3a7dac9953771a9b8308ef225fbee26cd9c700ac50c9b5b56bd25ecd613aa9b27ccb70c5d403f41886c5edf72030ac503f263ac7e9970

    Download Submit

  • /data/user/0/com.dazgytun.vfohonn/uIU7G8gH8F/HfgU98qGygiuyuI/base.apk.gFg88py1.F8u
    Filesize

    7.4MB

    MD5

    596ea494f59e8bf2768ce30a98a6ce06

    SHA1

    bf7ef788bfbf671f23617d5322ad1a7db4a27123

    SHA256

    13e0b11f7733a44824d0fd56034fcf43e2b73b3709dac4e7dcc97260952f1518

    SHA512

    565b337eed6f8f476f91f41a94f9fa29042564be70570d81c10fb759b0a16db45db580d01ad642b95b3d686c40a53f27c1e0470f4007ec776ea75542169bac05

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.