Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
178s -
max time network
134s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
-
submitted
28/07/2024, 01:03 UTC
General
-
Target
0463719b17d6d11d364aefe067669468_JaffaCakes118.apk
-
Size
4.7MB
-
MD5
0463719b17d6d11d364aefe067669468
-
SHA1
e7dc170ecb885081a95c9ca6940bbb2b8c6d2ae9
-
SHA256
afe9d5ea1d5b43b83c35ec40464a1dbe05ffeb563c059cba0b8e153a90d87e08
-
SHA512
b97a43174028b3ded889f0f3c77947b847da2a45d81a8fd03b4057c7e1f3c3de91488c3c85beb99ecdca55ed55669e6418d05cc1b653676cd4a1afd1660aa8f7
-
SSDEEP
98304:38iFw0+DXKG6sgZOkLQphj3vmw+v+wzQNqttVbvqZKfGgp4JI:3B+7KG6Z4hrRe+wzhFbS4f4O
Malware Config
Signatures
-
Hydra
Android banker and info stealer.
-
Hydra payload 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Queries information about active data network 1 TTPs 1 IoCs
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Reads information about phone network operator. 1 TTPs
Processes
-
cxu.smnlgnhuqdihggdl.oxynkjgraxubptjtmitri1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Queries information about active data network
- Queries the mobile country code (MCC)
Network
-
DNSandroid.apis.google.comRemote address:1.1.1.1:53Requestandroid.apis.google.comIN AResponseandroid.apis.google.comIN CNAMEclients.l.google.comclients.l.google.comIN A142.250.178.14 -
DNSip-api.comRemote address:1.1.1.1:53Requestip-api.comIN AResponseip-api.comIN A208.95.112.1
-
GEThttp://ip-api.com/jsonRemote address:208.95.112.1:80RequestGET /json HTTP/1.1
Authorization: 26a1b1020753576f
Content-Type: application/json
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: ip-api.com
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 200 OK
Date: Sun, 28 Jul 2024 01:03:58 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 311
Access-Control-Allow-Origin: *
X-Ttl: 60
X-Rl: 44
-
DNSgist.githubusercontent.comRemote address:1.1.1.1:53Requestgist.githubusercontent.comIN AResponsegist.githubusercontent.comIN A185.199.111.133gist.githubusercontent.comIN A185.199.109.133gist.githubusercontent.comIN A185.199.108.133gist.githubusercontent.comIN A185.199.110.133
-
GEThttps://gist.githubusercontent.com/freel4nc3r/c10c58f61cd0a4e1ad5e1b7a3c31fb77/raw/gistfile1.jsonRemote address:185.199.111.133:443RequestGET /freel4nc3r/c10c58f61cd0a4e1ad5e1b7a3c31fb77/raw/gistfile1.json HTTP/1.1
Authorization: 26a1b1020753576f
Content-Type: application/json
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: gist.githubusercontent.com
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 404 Not Found
Connection: keep-alive
Content-Length: 14
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
Content-Type: text/plain; charset=utf-8
X-GitHub-Request-Id: 31D2:1F6895:DC4B2:11AE32:66A598FF
Accept-Ranges: bytes
Date: Sun, 28 Jul 2024 01:03:59 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600035-LCY
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1722128639.045704,VS0,VE125
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: f45e7e30c1581509eb252fea9e8be6d3a70b244a
Expires: Sun, 28 Jul 2024 01:08:59 GMT
Source-Age: 0
-
DNSssl.google-analytics.comRemote address:1.1.1.1:53Requestssl.google-analytics.comIN AResponsessl.google-analytics.comIN A216.58.204.72
-
172.217.16.238:443tls, https -
142.250.178.14:443android.apis.google.comtls
-
142.250.178.14:443android.apis.google.comtls
-
208.95.112.1:80http://ip-api.com/jsonhttp
HTTP Request
GET http://ip-api.com/jsonHTTP Response
200 -
185.199.111.133:443https://gist.githubusercontent.com/freel4nc3r/c10c58f61cd0a4e1ad5e1b7a3c31fb77/raw/gistfile1.jsontls, http
HTTP Request
GET https://gist.githubusercontent.com/freel4nc3r/c10c58f61cd0a4e1ad5e1b7a3c31fb77/raw/gistfile1.jsonHTTP Response
404 -
216.58.204.72:443ssl.google-analytics.comtls
-
142.250.187.196:443tls, https
-
142.250.187.196:443www.google.comtls
-
224.0.0.251:5353 -
1.1.1.1:53android.apis.google.comdns
DNS Request
android.apis.google.com
DNS Response
142.250.178.14
-
1.1.1.1:53ip-api.comdns
DNS Request
ip-api.com
DNS Response
208.95.112.1
-
1.1.1.1:53gist.githubusercontent.comdns
DNS Request
gist.githubusercontent.com
DNS Response
185.199.111.133185.199.109.133185.199.108.133185.199.110.133
-
1.1.1.1:53ssl.google-analytics.comdns
DNS Request
ssl.google-analytics.com
DNS Response
216.58.204.72
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.9MB
MD50cb066c7a2a1249ee30d8b90b238402a
SHA15cbb73cd307d5c0ee7103fdd999bad8a46ee7bd0
SHA2562f6bd86c2b5b099e103dd4bce68a6381168252c2cc79877f6f98bc22c9ca452e
SHA5120f322b15d2118a5956dee6996c8eeeba704595e04de3f7196a3f64f2204cb430f257bb0c46242d16e9d9a6b6cf3e36888849707bbceb89fe25f9269ee677eda5
-
Filesize
2.9MB
MD5af3ef3631ec1dfc409b5b6386931ea4a
SHA198bbfc27653cbef6dd710ca9bcb3d99c4f650993
SHA2569016b8bd33393af5e6ae56386513afa0f67f6a664ad5f9f121895a76af963e80
SHA5123af0794561a7bbd07629c3a59c3205465e7c74d90f352fd1f5eb259ac32f13111f9cef80960348ba11b705f75c0cdcc91edc80a83b46df19e2398c526a409e7a