Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
159s -
platform
android-11_x64 -
resource
android-x64-arm64-20240910-en -
resource tags
arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system -
submitted
06/01/2025, 22:02
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_3cff863140899a34e805a0b77636e66f.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
JaffaCakes118_3cff863140899a34e805a0b77636e66f.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
JaffaCakes118_3cff863140899a34e805a0b77636e66f.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
JaffaCakes118_3cff863140899a34e805a0b77636e66f.apk
-
Size
3.3MB
-
MD5
3cff863140899a34e805a0b77636e66f
-
SHA1
ffde6e6db81a2d0af4a10a2d5d7adaaa067b2f0b
-
SHA256
2d0b157e27359bc36c31e3c3ef891964bc98b2cb66c4f95c2ffc4af7d3477e30
-
SHA512
a2e624c1f4f8f3b02be21afc008788c8c8eaa7356d510c1087921a3e239ddc42ad74dd2e9a1e6e472ef940d9d0c246d3e918a1256801be537d75599bff301e30
-
SSDEEP
98304:fmMgNNnRoZUqIUwy/FpF/R8I8evrXvUvkjmrsb3W3x:fmMgN5Ro+qIny/j8IrirW3K
Malware Config
Signatures
-
Hydra
Android banker and info stealer.
-
Hydra family
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.zgadzxkc.xluvpje/nefdajhywg/8kygofrpfhsrgfp/base.apk.xogrhjf1.rgk 4794 com.zgadzxkc.xluvpje -
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.zgadzxkc.xluvpje Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.zgadzxkc.xluvpje -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 24 ip-api.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.zgadzxkc.xluvpje -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.zgadzxkc.xluvpje -
Reads information about phone network operator. 1 TTPs
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
885KB
MD5eb05482adde57bc554dc8b70bd4684e2
SHA1a84ec548277ba09413718d7219ebaa73deb67898
SHA2560b29d372ef138fe91a93f67b79de4e544100d6c3e97b990a32adaa9a41d3c96a
SHA512087f14a0c98b46b05d593ea23baa0f0469174c0f8a643dcfeafd8c6011b7830f76c0cd3d5dbcb7b290f0b879dd2bcd5982faaf79f6bf42de9915a049923ef3e2
-
/data/user/0/com.zgadzxkc.xluvpje/nefdajhywg/8kygofrpfhsrgfp/tmp-base.apk.xogrhjf5067796556048090594.rgk
Filesize370KB
MD5080c2b2bddb63c728449e73cda53b148
SHA1e26542320fac1b33cf415e9fab228be0141f71d4
SHA25613529f8d3cafbd7cbdeadc4b985612981a768a28d7ec7626f29c597a50c697b6
SHA512bb21272ee02bae287471c482d034eedfc526d438e9ca381397029ffbd3e064bb5d35a998387ab1527ddc1b940a2636f51b1c77b48d93b329580aae26948533ce