Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

0463719b17...18.apk

android-9-x86

10

0463719b17...18.apk

android-10-x64

10

0463719b17...18.apk

android-11-x64

10

Analysis

  • max time kernel
    178s
  • max time network
    134s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    28/07/2024, 01:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0463719b17d6d11d364aefe067669468_JaffaCakes118.apk

  • Size

    4.7MB

  • MD5

    0463719b17d6d11d364aefe067669468

  • SHA1

    e7dc170ecb885081a95c9ca6940bbb2b8c6d2ae9

  • SHA256

    afe9d5ea1d5b43b83c35ec40464a1dbe05ffeb563c059cba0b8e153a90d87e08

  • SHA512

    b97a43174028b3ded889f0f3c77947b847da2a45d81a8fd03b4057c7e1f3c3de91488c3c85beb99ecdca55ed55669e6418d05cc1b653676cd4a1afd1660aa8f7

  • SSDEEP

    98304:38iFw0+DXKG6sgZOkLQphj3vmw+v+wzQNqttVbvqZKfGgp4JI:3B+7KG6Z4hrRe+wzhFbS4f4O

Score
10/10
hydrabankercollectioncredential_accessdiscoveryevasioninfostealertrojan

Malware Config

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery

Processes

  • cxu.smnlgnhuqdihggdl.oxynkjgraxubptjtmitri
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    PID:4450

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/cxu.smnlgnhuqdihggdl.oxynkjgraxubptjtmitri/app_DynamicOptDex/yWmxt.json
    Filesize

    2.9MB

    MD5

    0cb066c7a2a1249ee30d8b90b238402a

    SHA1

    5cbb73cd307d5c0ee7103fdd999bad8a46ee7bd0

    SHA256

    2f6bd86c2b5b099e103dd4bce68a6381168252c2cc79877f6f98bc22c9ca452e

    SHA512

    0f322b15d2118a5956dee6996c8eeeba704595e04de3f7196a3f64f2204cb430f257bb0c46242d16e9d9a6b6cf3e36888849707bbceb89fe25f9269ee677eda5

    Download Submit

  • /data/user/0/cxu.smnlgnhuqdihggdl.oxynkjgraxubptjtmitri/app_DynamicOptDex/yWmxt.json
    Filesize

    2.9MB

    MD5

    af3ef3631ec1dfc409b5b6386931ea4a

    SHA1

    98bbfc27653cbef6dd710ca9bcb3d99c4f650993

    SHA256

    9016b8bd33393af5e6ae56386513afa0f67f6a664ad5f9f121895a76af963e80

    SHA512

    3af0794561a7bbd07629c3a59c3205465e7c74d90f352fd1f5eb259ac32f13111f9cef80960348ba11b705f75c0cdcc91edc80a83b46df19e2398c526a409e7a

    Download Submit