Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

8421a95ea4...8b.apk

android-9-x86

10

8421a95ea4...8b.apk

android-10-x64

10

8421a95ea4...8b.apk

android-11-x64

10

Analysis

  • max time kernel
    154s
  • max time network
    149s
  • platform
    android_x64
  • resource
    android-x64-20231215-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
  • submitted
    31/01/2024, 10:08 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8421a95ea4edfe3a06cb6c78db58848b.apk

  • Size

    3.0MB

  • MD5

    8421a95ea4edfe3a06cb6c78db58848b

  • SHA1

    7b31ba4b4b2b5971ddbc812689c8ac28f28bd2a8

  • SHA256

    77b51738442f4d1b388db76db05388bd358b19f21c1f663e7993f9e32a7d6278

  • SHA512

    aaccf4c3343a3c0218b62e8545baeb8f2c3ebc1401001844303bb4f3d75b45538c7a99dc01482ee79990bbfe5bedd9edc27c614931d30f5a244488acbc409bb1

  • SSDEEP

    49152:v+afhiOsnVv0VdZNg6ieo3jGkIuFMEh4X64AKdA90Y3xnb5n5UgQCVSHn:vdf9aVv0Vd7rmXIWRj90WFusV0n

Score
10/10
hydrabankerinfostealertrojan

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Makes use of the framework's Accessibility service 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Reads information about phone network operator.

Processes

  • com.whbjegzv.oxvzbms
    1⤵
    • Makes use of the framework's Accessibility service
    • Loads dropped Dex/Jar
    PID:4958

Network

  • flag-us
    DNS
    gist.githubusercontent.com
    Remote address:
    1.1.1.1:53
    Request
    gist.githubusercontent.com
    IN A
    Response
    gist.githubusercontent.com
    IN A
    185.199.108.133
    gist.githubusercontent.com
    IN A
    185.199.110.133
    gist.githubusercontent.com
    IN A
    185.199.109.133
    gist.githubusercontent.com
    IN A
    185.199.111.133
  • flag-us
    GET
    https://gist.githubusercontent.com/raheemsterling444/ab254eca6a406ca073747b7b40e0c5fd/raw/helloworld.json
    Remote address:
    185.199.108.133:443
    Request
    GET /raheemsterling444/ab254eca6a406ca073747b7b40e0c5fd/raw/helloworld.json HTTP/1.1
    Authorization: 6c9b136cb10f696a
    Content-Type: application/json
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Pixel 2 Build/QSR1.210802.001)
    Host: gist.githubusercontent.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 404 Not Found
    Connection: keep-alive
    Content-Length: 14
    Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
    Strict-Transport-Security: max-age=31536000
    X-Content-Type-Options: nosniff
    X-Frame-Options: deny
    X-XSS-Protection: 1; mode=block
    Content-Type: text/plain; charset=utf-8
    X-GitHub-Request-Id: 6E26:2EE9DE:6BCB5F:70E140:65BA1C1B
    Accept-Ranges: bytes
    Date: Wed, 31 Jan 2024 10:08:27 GMT
    Via: 1.1 varnish
    X-Served-By: cache-lhr7383-LHR
    X-Cache: MISS
    X-Cache-Hits: 0
    X-Timer: S1706695708.819742,VS0,VE136
    Vary: Authorization,Accept-Encoding,Origin
    Access-Control-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    X-Fastly-Request-ID: 78d36d61182878b8b8e842cdf30a981c6e62a689
    Expires: Wed, 31 Jan 2024 10:13:27 GMT
    Source-Age: 0
  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
    Response
    ssl.google-analytics.com
    IN A
    142.250.187.200
  • flag-us
    DNS
    ip-api.com
    Remote address:
    1.1.1.1:53
    Request
    ip-api.com
    IN A
    Response
    ip-api.com
    IN A
    208.95.112.1
  • flag-us
    GET
    http://ip-api.com/json
    Remote address:
    208.95.112.1:80
    Request
    GET /json HTTP/1.1
    Authorization: 6c9b136cb10f696a
    Content-Type: application/json
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Pixel 2 Build/QSR1.210802.001)
    Host: ip-api.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Date: Wed, 31 Jan 2024 10:08:37 GMT
    Content-Type: application/json; charset=utf-8
    Content-Length: 313
    Access-Control-Allow-Origin: *
    X-Ttl: 58
    X-Rl: 43
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    216.58.204.78
  • 185.199.108.133:443
    https://gist.githubusercontent.com/raheemsterling444/ab254eca6a406ca073747b7b40e0c5fd/raw/helloworld.json
    tls, http
    1.4kB
     5.6kB
     9
    9

    HTTP Request

    GET https://gist.githubusercontent.com/raheemsterling444/ab254eca6a406ca073747b7b40e0c5fd/raw/helloworld.json

    HTTP Response

    404
  • 142.250.187.200:443
    ssl.google-analytics.com
    tls
    1.4kB
     6.6kB
     9
    9
  • 208.95.112.1:80
    http://ip-api.com/json
    http
    452 B
     662 B
     5
    4

    HTTP Request

    GET http://ip-api.com/json

    HTTP Response

    200
  • 172.217.16.238:443
    tls, https
    857 B
     40 B
     1
    1
  • 216.58.204.78:443
    android.apis.google.com
    tls
    4.7kB
     8.8kB
     14
    22
  • 216.58.212.228:443
    tls, https
    456 B
     40 B
     2
    1
  • 216.58.212.228:443
    www.google.com
    tls
    8.5kB
     8.9kB
     25
    36
  • 172.217.16.238:443
    520 B
     10
  • 172.217.169.66:443
    520 B
     10
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    gist.githubusercontent.com
    dns
    72 B
     136 B
     1
    1

    DNS Request

    gist.githubusercontent.com

    DNS Response

    185.199.108.133
    185.199.110.133
    185.199.109.133
    185.199.111.133

  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    70 B
     86 B
     1
    1

    DNS Request

    ssl.google-analytics.com

    DNS Response

    142.250.187.200

  • 1.1.1.1:53
    ip-api.com
    dns
    56 B
     72 B
     1
    1

    DNS Request

    ip-api.com

    DNS Response

    208.95.112.1

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    216.58.204.78

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.whbjegzv.oxvzbms/code_cache/secondary-dexes/tmp-base.apk.classes5059821289223562117.zip
    Filesize

    378KB

    MD5

    a5ded51395a12d262442d786b2489d3f

    SHA1

    e584d450b9fbee2a6b6febd8986c21290c309a17

    SHA256

    f2a379e750e2a0934b919d32a612e653c03b722d133956f0145dbd2f20cad37e

    SHA512

    827a76b1dda74135824b3774054785e3d8081c52ae91011d5667aa42c7d2c61c863069e7dd19b11873d5887a31aacfed9e153d42c838acf041631d888ba8f755

    Download Submit

  • /data/user/0/com.whbjegzv.oxvzbms/code_cache/secondary-dexes/base.apk.classes1.zip
    Filesize

    902KB

    MD5

    0513aa66ad0c5dbb6fb8a683718c95a0

    SHA1

    3a88fafe95ff98b03ed7135eba6e72ed621e8e8d

    SHA256

    b7ee7aabc058d6662c43d349c3768ea0952547b9b23962e1730aa434687e1f66

    SHA512

    b34ff787b9b5ac8e06e8985be95e1662b9c98f664af50355bb4fbd14a0f643d21ecef240d8e3a8fa169d9832b02acfbc53087953470a1b4a84576e272445f5f5

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.