Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2ca13ea9430a2e26bf9e7ac93d1b9f23d348b47138a0af6432cacfb33f382046.bin
-
Size
4.9MB
-
Sample
250105-1xx8qsxmb1
-
MD5
43fc4202bcbbe33a87634c7ce60af179
-
SHA1
2aaef5233aa24f1f6212ac4a50108368e54e1045
-
SHA256
2ca13ea9430a2e26bf9e7ac93d1b9f23d348b47138a0af6432cacfb33f382046
-
SHA512
31b0b2a3c2967f16295a94af4fbc22d16fd78be4ed06c59eeb4dc2ab3369f4cd8a8b6eb9b8f6b01a54b12b002dbcd758547f243074f3b78b49d71262caba9335
-
SSDEEP
98304:v04M9Hr1sCchiKW/xP1SUo2wVYLRJKVy+47esmw:hM9HZEhqpAUCVmGyBqsmw
Static task
static1
Behavioral task
behavioral1
Sample
2ca13ea9430a2e26bf9e7ac93d1b9f23d348b47138a0af6432cacfb33f382046.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
2ca13ea9430a2e26bf9e7ac93d1b9f23d348b47138a0af6432cacfb33f382046.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
2ca13ea9430a2e26bf9e7ac93d1b9f23d348b47138a0af6432cacfb33f382046.apk
Resource
android-x64-arm64-20240624-en
Malware Config
Extracted
hydra
http://aygidolfaledkzodledaseasedfarkez.com
Targets
-
-
Target
2ca13ea9430a2e26bf9e7ac93d1b9f23d348b47138a0af6432cacfb33f382046.bin
-
Size
4.9MB
-
MD5
43fc4202bcbbe33a87634c7ce60af179
-
SHA1
2aaef5233aa24f1f6212ac4a50108368e54e1045
-
SHA256
2ca13ea9430a2e26bf9e7ac93d1b9f23d348b47138a0af6432cacfb33f382046
-
SHA512
31b0b2a3c2967f16295a94af4fbc22d16fd78be4ed06c59eeb4dc2ab3369f4cd8a8b6eb9b8f6b01a54b12b002dbcd758547f243074f3b78b49d71262caba9335
-
SSDEEP
98304:v04M9Hr1sCchiKW/xP1SUo2wVYLRJKVy+47esmw:hM9HZEhqpAUCVmGyBqsmw
-
Hydra family
-
Hydra payload
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Reads the contacts stored on the device.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries information about active data network
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Impair Defenses
1Prevent Application Removal
1Input Injection
1