Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

34d77868cb...f3.apk

android-9-x86

10

34d77868cb...f3.apk

android-10-x64

10

34d77868cb...f3.apk

android-11-x64

10

Analysis

  • max time kernel
    175s
  • max time network
    183s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • submitted
    05/08/2024, 06:37 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    34d77868cbf62fda6b88a5c7b037d3f3.apk

  • Size

    4.4MB

  • MD5

    34d77868cbf62fda6b88a5c7b037d3f3

  • SHA1

    00cdfeaa48544e5c6f0ba3d9329bb015e51e5972

  • SHA256

    4e20b8bf1a926e7d5b84e75c920457d9dc572ec78b9a23d1b08afcefe9b78e5c

  • SHA512

    c4e6e76c670d94062cedac1abfa814e2062087cc12626581c66754b642c17f5d296a5e37b546a9549f30a9a96e59daea8e2b7f86786f999b75124791f4bbcd8b

  • SSDEEP

    98304:LCVeYx5HKqvpDRG1DMlRiQQxX/sqS1zHOrBNI:LqXHNvwp5sjzau

Score
10/10
hydrabankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

hydra

C2

https://germany99.com.de

Signatures

Processes

  • phwbin.meww.xojktruujg
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4976

Network

  • flag-au
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
    Response
    ssl.google-analytics.com
    IN A
    216.58.204.72
  • flag-au
    DNS
    germany99.com.de
    Remote address:
    1.1.1.1:53
    Request
    germany99.com.de
    IN A
    Response
    germany99.com.de
    IN CNAME
    com.de
    com.de
    IN A
    54.153.56.183
  • flag-au
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.187.206
  • 216.58.204.72:443
    ssl.google-analytics.com
    tls
    1.3kB
     5.9kB
     8
    9
  • 54.153.56.183:443
    germany99.com.de
    tls
    1.2kB
     4.2kB
     11
    8
  • 54.153.56.183:443
    germany99.com.de
    tls
    1.2kB
     4.2kB
     11
    8
  • 54.153.56.183:443
    germany99.com.de
    tls
    1.1kB
     4.1kB
     10
    7
  • 142.250.200.46:443
    tls, https
    857 B
     40 B
     1
    1
  • 142.250.187.206:443
    android.apis.google.com
    tls
    5.0kB
     8.7kB
     20
    21
  • 54.153.56.183:443
    germany99.com.de
    tls
    1.1kB
     4.2kB
     10
    9
  • 142.250.187.228:443
    tls, https
    454 B
     40 B
     2
    1
  • 142.250.187.228:443
    www.google.com
    tls
    8.4kB
     11.2kB
     26
    36
  • 54.153.56.183:443
    germany99.com.de
    tls
    1.1kB
     4.2kB
     10
    9
  • 54.153.56.183:443
    germany99.com.de
    tls
    1.1kB
     4.2kB
     10
    8
  • 216.58.213.14:443
    520 B
     10
  • 142.250.178.2:443
    520 B
     10
  • 54.153.56.183:443
    germany99.com.de
    tls
    1.1kB
     4.2kB
     10
    8
  • 54.153.56.183:443
    germany99.com.de
    tls
    1.1kB
     4.2kB
     10
    8
  • 54.153.56.183:443
    germany99.com.de
    tls
    1.1kB
     4.1kB
     10
    7
  • 54.153.56.183:443
    germany99.com.de
    tls
    1.1kB
     4.2kB
     10
    8
  • 54.153.56.183:443
    germany99.com.de
    tls
    1.1kB
     4.2kB
     10
    8
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    70 B
     86 B
     1
    1

    DNS Request

    ssl.google-analytics.com

    DNS Response

    216.58.204.72

  • 1.1.1.1:53
    germany99.com.de
    dns
    62 B
     92 B
     1
    1

    DNS Request

    germany99.com.de

    DNS Response

    54.153.56.183

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.187.206

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/phwbin.meww.xojktruujg/app_DynamicOptDex/OF.json
    Filesize

    2.6MB

    MD5

    a1fe9c54a7f9befa304187869fac76da

    SHA1

    53908c10ecc50d1235bf7f1b292323dfc1bd858d

    SHA256

    96c14703d56809246c5137cc9d361bb6fe7e6844bd97efe0378473c5e1fa6e3a

    SHA512

    44b870e299d303d86b3fd2196e8c77124a40d3ed0e3aec9e3909874951f98485fdabc2e9866cf4d424350dccaa6809fa6021c3c97a435182d7d55918de159b6b

    Download Submit

  • /data/data/phwbin.meww.xojktruujg/app_DynamicOptDex/OF.json
    Filesize

    2.6MB

    MD5

    db0f230a0e1a546f83769c613d986299

    SHA1

    50317405a49a3b257ad1b2cc5f854cafefedb80f

    SHA256

    8b42329687f8371c8a018fc98f0c3701670c891a7edf044b3478a0c9316818e4

    SHA512

    56e8f504c3e2da8a136a3db7316368325814e5fdcf09ab47442432583f5df47691bb36cb4a912f6a1bb78e0e2f61f21e805a297e6c9d591f6bb97881b0852713

    Download Submit

  • /data/data/phwbin.meww.xojktruujg/app_DynamicOptDex/oat/OF.json.cur.prof
    Filesize

    1KB

    MD5

    65c4b66d02728f231e612bd84622948a

    SHA1

    64fae3ac25f6b35dcb9cd8dcb8dcd1f9c35add64

    SHA256

    f9767be00aa272ab7be04cdafc0f7ca9d1b6e17e5dc055ec73706589df039843

    SHA512

    87baf2ec539f4f20eff083a81effe39f489f748470ac38d7c49a336867e860edf80f90bf9677443fe3a64adb554af718695a4ef85c3f54455a999e5d22ace528

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.