Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

42910d5e9e...e0.apk

android-9-x86

10

42910d5e9e...e0.apk

android-10-x64

10

42910d5e9e...e0.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    42910d5e9e2af2e5f3faf8a378b7345617b2e95b314777a1fb2eab295104b1e0.bin

  • Size

    1.4MB

  • Sample

    241006-1zlmqasejb

  • MD5

    0d531d88715adf956a8fcce88a2d7f8d

  • SHA1

    0980f38e7acf36a4dd5f291cb1a48c4634f31335

  • SHA256

    42910d5e9e2af2e5f3faf8a378b7345617b2e95b314777a1fb2eab295104b1e0

  • SHA512

    6508a1c03f295d0b73a310584f2968199222c38093b19d6109b3b3c9ff2d685f7f22471709f62abfe054de50592ee90b21e8610568a1c5ab3c5d68a1d46e841b

  • SSDEEP

    24576:vgVnfEJ6PR94Z4/JecuIi8nhBCCI3vYOh2lv4TdFGHAr:vgVnIARGZTcRi8n/6wO7Tbp

Score
10/10
hydraandroidbankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

hydra

C2

http://vadafoneszos.com

Targets

    • Target

      42910d5e9e2af2e5f3faf8a378b7345617b2e95b314777a1fb2eab295104b1e0.bin

    • Size

      1.4MB

    • MD5

      0d531d88715adf956a8fcce88a2d7f8d

    • SHA1

      0980f38e7acf36a4dd5f291cb1a48c4634f31335

    • SHA256

      42910d5e9e2af2e5f3faf8a378b7345617b2e95b314777a1fb2eab295104b1e0

    • SHA512

      6508a1c03f295d0b73a310584f2968199222c38093b19d6109b3b3c9ff2d685f7f22471709f62abfe054de50592ee90b21e8610568a1c5ab3c5d68a1d46e841b

    • SSDEEP

      24576:vgVnfEJ6PR94Z4/JecuIi8nhBCCI3vYOh2lv4TdFGHAr:vgVnIARGZTcRi8n/6wO7Tbp

    Score
    10/10
    hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

    • Hydra

      Android banker and info stealer.

      bankertrojaninfostealerhydra

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Reads the contacts stored on the device.

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

      evasion

    • Queries information about active data network

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.