Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    8s
  • max time network
    37s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    07/11/2024, 15:34

General

  • Target

    736d8db012c57ba3112fe1f1f36179f8.apk

  • Size

    1.5MB

  • MD5

    736d8db012c57ba3112fe1f1f36179f8

  • SHA1

    463da75abac1fca2145b81e696ae4daadcbebf86

  • SHA256

    50bc07a96900cef9d191466ed5a9cdd5181df49621fad1cbbf296b8746d2969b

  • SHA512

    bb966be07a35c0eca816465e40e62f292c59b54fb1eed3b9b250f757e561743073faa44a8573559ddbda87de59ecf3563fc520a1b19b53180ea2682701ecfe3f

  • SSDEEP

    49152:jTvRcaIgrvZwJmI30fpSBk8A71b6zwS4qyEjy:v+a/JIawBkH5b6QEjy

Malware Config

Extracted

Family

hydra

AES_key

Signatures

  • Hydra

    Android banker and info stealer.

  • Hydra family
  • Hydra payload 4 IoCs
  • Loads dropped Dex/Jar 1 TTPs 6 IoCs

    Runs executable file dropped to the device during analysis.

  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.grand.technolite
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4261
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/obb/com.grand.technolite/dp/classes.dex --output-vdex-fd=43 --oat-fd=44 --oat-location=/storage/emulated/0/Android/obb/com.grand.technolite/dp/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4287
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Android/obb/com.grand.technolite/dp/a.a --output-vdex-fd=43 --oat-fd=44 --oat-location=/storage/emulated/0/Android/obb/com.grand.technolite/dp/oat/x86/a.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4310

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.grand.technolite/files/libdexload_arm.so

    Filesize

    157KB

    MD5

    7ddfe6a2bb4d6ad2b0482d6227e9c74a

    SHA1

    62633e333bb5e6604e8b8746a28bb5fe48ee5659

    SHA256

    246f931d655ac64027dded7bf485a96d9efa40712c02fe989ae61e4906d0ac7f

    SHA512

    83b75b2a963baa3b191a5fad47b27d1a7450a9527f84e63e74e33f842add224dbd8f5abf81e49df235fe79459940ab17cee87317456d008541b5c914dec75042

  • /storage/emulated/0/Android/obb/com.grand.technolite/dp/a.a

    Filesize

    2.2MB

    MD5

    b5f45eeb2b1e59223f4623df3d8e442f

    SHA1

    77856f51e4cc2110b4afc2169fbb791fdd4661e9

    SHA256

    00bbd8b24b9eb28ff854a2c56b79aa46fd757121b58328bc81504649d3e5a2ee

    SHA512

    28562204e37a7b6629a99721d856b44220e026866c66fa50d232829af2929dc22853e20b8c019b528abbbba026eba3a2ce10c95c6666efee764669747c617f49

  • /storage/emulated/0/Android/obb/com.grand.technolite/dp/a.a

    Filesize

    2.2MB

    MD5

    20cd5644ccff37e57fd2022ee3eddc13

    SHA1

    54a0c05d207de6ab9d0db80151f076810d498ba2

    SHA256

    8d1d97a0bafdba7fdd934fe5e0cdace356ca6b775331505b13f750264f08ec0a

    SHA512

    4b258689a0f59d02733d916f0915daf5385375be25ff23799e89a054f756e63b4ae14641d3928086295733f9e946055752a9c14370717fdc5691898210195048

  • /storage/emulated/0/Android/obb/com.grand.technolite/dp/classes.dex

    Filesize

    68KB

    MD5

    b4e08f78556c360ae1d7c6d838a5af12

    SHA1

    110c7b66187f7d277b50ebe5839982313d14e4c8

    SHA256

    4b15391f3dd8091a7a54a63125871d1a18458f27441c9fa04ec66e3f7d49dd7f

    SHA512

    b9fbdd5a0256e90925cd01efd84a14060c6024c788986fa54794cd8b2d35d5eefbc438387c419c48af0429994da975d3e777035081f1f0dcc72aad31bcc3fa2e

  • /storage/emulated/0/Android/obb/com.grand.technolite/dp/classes2.dex

    Filesize

    1005KB

    MD5

    c8bcd7111d7c4afe0142bc7092e693e6

    SHA1

    fddf9a40fd0b845884accb946ee73a2613ecec3c

    SHA256

    12973c19a4e5e8b173a761dc700615b01d7c2853a6c59318d393b25cc1e97954

    SHA512

    daa1b010360f221c76caf8516fc2ccbd2466baa725813237919f85fbd1e2ecfea667810cf0388a8c4a2e210eb1db89af08ff3cf45b01badc82b0993a01cdfdd9

  • /storage/emulated/0/Android/obb/com.grand.technolite/dp/monay

    Filesize

    963KB

    MD5

    9848d5c443cf567279f7331ed82b2b9f

    SHA1

    12586ecec8ee473922c149fa1d1aede78517b39d

    SHA256

    1278e1b8dddf0bc049a106a85a60fec6d7f5de6ed4887fe9092a334e10a07341

    SHA512

    5cb3e7168356f2a58d44a8efa30ec6f93dfb4e71f9ac7d4d9989e5b6ebbc735aa7caf25fdba045fd9581cb64e6d8b2620c5aa0c3d030adbae7af354afc7004e4