Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

2ca13ea943...46.apk

android-9-x86

10

2ca13ea943...46.apk

android-10-x64

10

2ca13ea943...46.apk

android-11-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    05/01/2025, 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2ca13ea9430a2e26bf9e7ac93d1b9f23d348b47138a0af6432cacfb33f382046.apk

  • Size

    4.9MB

  • MD5

    43fc4202bcbbe33a87634c7ce60af179

  • SHA1

    2aaef5233aa24f1f6212ac4a50108368e54e1045

  • SHA256

    2ca13ea9430a2e26bf9e7ac93d1b9f23d348b47138a0af6432cacfb33f382046

  • SHA512

    31b0b2a3c2967f16295a94af4fbc22d16fd78be4ed06c59eeb4dc2ab3369f4cd8a8b6eb9b8f6b01a54b12b002dbcd758547f243074f3b78b49d71262caba9335

  • SSDEEP

    98304:v04M9Hr1sCchiKW/xP1SUo2wVYLRJKVy+47esmw:hM9HZEhqpAUCVmGyBqsmw

Score
10/10
hydrabankercollectioncredential_accessdiscoveryevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

hydra

C2

http://aygidolfaledkzodledaseasedfarkez.com

DES_key

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra family
    hydra
  • Hydra payload 2 IoCs
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence

Processes

  • com.mkrxhmteq.oghkdwuah
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Reads the contacts stored on the device.
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4263
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.mkrxhmteq.oghkdwuah/app_dex/classes.dex --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.mkrxhmteq.oghkdwuah/app_dex/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4325

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.mkrxhmteq.oghkdwuah/app_dex/classes.dex
    Filesize

    2.7MB

    MD5

    046b7e710d9b58d6de1b978951654fa5

    SHA1

    c8babefc3b5fd0f0e2ed2de8b697643dba191b7f

    SHA256

    d19541b9f1576691ad733a557f452ccd7e5c74e871584b7e1ca243675cbbb35a

    SHA512

    9af9023079143b2c338fdf0b8943a027a490d09bcf80b38c154481fed88ba4e44dd6e92864bc5a79c97b290a868f8bd3d7dae04f844784fbd43920689b0dfc59

    Download Submit

  • /data/data/com.mkrxhmteq.oghkdwuah/cache/classes.dex
    Filesize

    1.3MB

    MD5

    c9104f961982120ad9a2678a38c22a9f

    SHA1

    da89d96d219f4ae137ac35b000b13cfd7d5a7547

    SHA256

    fed20a74e54f13a9c9ef38279dd1173d236a821b08972599cb6802e0fb7cd13c

    SHA512

    58e29283068bc7510a61d56b36dfc48234901c941215c6f907213e77d513717c49bf92a8788c89610accc7bd542345a01b5970d92d2a2c21070bddcaac0fd481

    Download Submit

  • /data/data/com.mkrxhmteq.oghkdwuah/cache/classes.zip
    Filesize

    1.3MB

    MD5

    9d3a01ec99657b358486ad98baae443d

    SHA1

    a0c2a067084b8108a336ebe384ff6b9a859cb197

    SHA256

    9193314d20cdbfad787c8e3310b48bf5f49bc631a1b481a232bd75f0a9b81307

    SHA512

    45ea2375d5dc74f39a2b3b41e465279093719b716cdf7c082f000d9c8f893669a73ddb2f28b4b23d0e24027513957b7e9593264e6987bb88c2fe023e5f8eba82

    Download Submit

  • /data/user/0/com.mkrxhmteq.oghkdwuah/app_dex/classes.dex
    Filesize

    2.7MB

    MD5

    f1cc5b931ab519d1b8af545cea439e34

    SHA1

    7c74b17552ae8060d2ee96fa04e350a967155b65

    SHA256

    0cdd14419d3659b6cd7f46749126a8faed049f9c5ed10dc614c0f8144cdefe7f

    SHA512

    4fcadddb306a917ca58157fefe2e2478b82915e2dce136fba915fdedb270b280d3bbd1657afb64d2bb101ef2d4504be5a024d24f281c246ce52fe06fa3b4cba1

    Download Submit