Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
8s -
max time network
37s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
07/11/2024, 15:34
Static task
static1
Behavioral task
behavioral1
Sample
736d8db012c57ba3112fe1f1f36179f8.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
736d8db012c57ba3112fe1f1f36179f8.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
736d8db012c57ba3112fe1f1f36179f8.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
736d8db012c57ba3112fe1f1f36179f8.apk
-
Size
1.5MB
-
MD5
736d8db012c57ba3112fe1f1f36179f8
-
SHA1
463da75abac1fca2145b81e696ae4daadcbebf86
-
SHA256
50bc07a96900cef9d191466ed5a9cdd5181df49621fad1cbbf296b8746d2969b
-
SHA512
bb966be07a35c0eca816465e40e62f292c59b54fb1eed3b9b250f757e561743073faa44a8573559ddbda87de59ecf3563fc520a1b19b53180ea2682701ecfe3f
-
SSDEEP
49152:jTvRcaIgrvZwJmI30fpSBk8A71b6zwS4qyEjy:v+a/JIawBkH5b6QEjy
Malware Config
Extracted
hydra
Signatures
-
Hydra
Android banker and info stealer.
-
Hydra family
-
Hydra payload 4 IoCs
resource yara_rule behavioral1/files/fstream-4.dat family_hydra1 behavioral1/files/fstream-4.dat family_hydra2 behavioral1/memory/4261-3.dex family_hydra1 behavioral1/memory/4261-3.dex family_hydra2 -
Loads dropped Dex/Jar 1 TTPs 6 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /storage/emulated/0/Android/obb/com.grand.technolite/dp/classes.dex 4261 com.grand.technolite /storage/emulated/0/Android/obb/com.grand.technolite/dp/classes.dex 4287 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/obb/com.grand.technolite/dp/classes.dex --output-vdex-fd=43 --oat-fd=44 --oat-location=/storage/emulated/0/Android/obb/com.grand.technolite/dp/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=& /storage/emulated/0/Android/obb/com.grand.technolite/dp/classes.dex 4261 com.grand.technolite /storage/emulated/0/Android/obb/com.grand.technolite/dp/a.a 4261 com.grand.technolite /storage/emulated/0/Android/obb/com.grand.technolite/dp/a.a 4310 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/obb/com.grand.technolite/dp/a.a --output-vdex-fd=43 --oat-fd=44 --oat-location=/storage/emulated/0/Android/obb/com.grand.technolite/dp/oat/x86/a.odex --compiler-filter=quicken --class-loader-context=& /storage/emulated/0/Android/obb/com.grand.technolite/dp/a.a 4261 com.grand.technolite -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.grand.technolite
Processes
-
com.grand.technolite1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4261 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/obb/com.grand.technolite/dp/classes.dex --output-vdex-fd=43 --oat-fd=44 --oat-location=/storage/emulated/0/Android/obb/com.grand.technolite/dp/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4287
-
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/obb/com.grand.technolite/dp/a.a --output-vdex-fd=43 --oat-fd=44 --oat-location=/storage/emulated/0/Android/obb/com.grand.technolite/dp/oat/x86/a.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4310
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
157KB
MD57ddfe6a2bb4d6ad2b0482d6227e9c74a
SHA162633e333bb5e6604e8b8746a28bb5fe48ee5659
SHA256246f931d655ac64027dded7bf485a96d9efa40712c02fe989ae61e4906d0ac7f
SHA51283b75b2a963baa3b191a5fad47b27d1a7450a9527f84e63e74e33f842add224dbd8f5abf81e49df235fe79459940ab17cee87317456d008541b5c914dec75042
-
Filesize
2.2MB
MD5b5f45eeb2b1e59223f4623df3d8e442f
SHA177856f51e4cc2110b4afc2169fbb791fdd4661e9
SHA25600bbd8b24b9eb28ff854a2c56b79aa46fd757121b58328bc81504649d3e5a2ee
SHA51228562204e37a7b6629a99721d856b44220e026866c66fa50d232829af2929dc22853e20b8c019b528abbbba026eba3a2ce10c95c6666efee764669747c617f49
-
Filesize
2.2MB
MD520cd5644ccff37e57fd2022ee3eddc13
SHA154a0c05d207de6ab9d0db80151f076810d498ba2
SHA2568d1d97a0bafdba7fdd934fe5e0cdace356ca6b775331505b13f750264f08ec0a
SHA5124b258689a0f59d02733d916f0915daf5385375be25ff23799e89a054f756e63b4ae14641d3928086295733f9e946055752a9c14370717fdc5691898210195048
-
Filesize
68KB
MD5b4e08f78556c360ae1d7c6d838a5af12
SHA1110c7b66187f7d277b50ebe5839982313d14e4c8
SHA2564b15391f3dd8091a7a54a63125871d1a18458f27441c9fa04ec66e3f7d49dd7f
SHA512b9fbdd5a0256e90925cd01efd84a14060c6024c788986fa54794cd8b2d35d5eefbc438387c419c48af0429994da975d3e777035081f1f0dcc72aad31bcc3fa2e
-
Filesize
1005KB
MD5c8bcd7111d7c4afe0142bc7092e693e6
SHA1fddf9a40fd0b845884accb946ee73a2613ecec3c
SHA25612973c19a4e5e8b173a761dc700615b01d7c2853a6c59318d393b25cc1e97954
SHA512daa1b010360f221c76caf8516fc2ccbd2466baa725813237919f85fbd1e2ecfea667810cf0388a8c4a2e210eb1db89af08ff3cf45b01badc82b0993a01cdfdd9
-
Filesize
963KB
MD59848d5c443cf567279f7331ed82b2b9f
SHA112586ecec8ee473922c149fa1d1aede78517b39d
SHA2561278e1b8dddf0bc049a106a85a60fec6d7f5de6ed4887fe9092a334e10a07341
SHA5125cb3e7168356f2a58d44a8efa30ec6f93dfb4e71f9ac7d4d9989e5b6ebbc735aa7caf25fdba045fd9581cb64e6d8b2620c5aa0c3d030adbae7af354afc7004e4