Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

fda84cc484...12.apk

android-9-x86

10

fda84cc484...12.apk

android-10-x64

10

fda84cc484...12.apk

android-11-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    148s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    02/02/2025, 22:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fda84cc4843857a7177585b90e6fdbfc08b2285ce845de640fcb172e2e650912.apk

  • Size

    2.1MB

  • MD5

    172f3b1c92bf751c045edd590f4e8564

  • SHA1

    d3f4be4eec491edaa1c6e05c946b09ee9957affe

  • SHA256

    fda84cc4843857a7177585b90e6fdbfc08b2285ce845de640fcb172e2e650912

  • SHA512

    d575b91cce3fbef39439f346ffa023d1f284c4dae002b54555e74fcb1a4ee5bed6d4ef8c2a94deae643e3b4185f3d0605e0ac44ea1f97b7b796ca34bf97f3f20

  • SSDEEP

    49152:eyAhOXQLFHlMNIIaqDoCDedB5X2D6jSkrBLeeoq5im6BCWTalV4C/046:GhM5NI1qMXdB5s6+kVLeeo4i9Bk3Lj6

Score
10/10
hydrabankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealertrojan

Malware Config

Extracted

Family

hydra

C2

http://playstoresgooglese.net

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra family
    hydra
  • Hydra payload 2 IoCs
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Performs UI accessibility actions on behalf of the user 1 TTPs 10 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests enabling of the accessibility settings. 1 IoCs

Processes

  • com.year.jewel
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Requests enabling of the accessibility settings.
    PID:4466

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.year.jewel/app_DynamicOptDex/EXkfI.json
    Filesize

    1.3MB

    MD5

    53902b48cea4838b169471e5a0a5cb8d

    SHA1

    8e8037813a7399c80e95de8b94b960ddc60a1c3f

    SHA256

    12c66cd6b938fb1c6c2a0800ad194434ef244d0c985e2cd8720c9fa8e6f8eb15

    SHA512

    c8b1c7b21b3a67112c11c6e2641a95828a425b9c5e687954c73129b238f415d513b2ab7c23400cb35778bedf351ea41ea8d2759b6f2b87ddb8243e853b2499d1

    Download Submit

  • /data/user/0/com.year.jewel/app_DynamicOptDex/EXkfI.json
    Filesize

    1.3MB

    MD5

    5d57f3a945b554b93429f220b6a0963b

    SHA1

    2ec13a7c9083cd324c5b4de86180b50965a703fa

    SHA256

    2679b9b41e3867a5f7aee326290213adf8ea82fdd1203da626a288226e5c9f99

    SHA512

    f0a969a867c96d7bcdd5b025e498df8b8105f3e68de573537e5f625f3b69e298082b8505ee47cf341c2aacdc30102c85f669fb91b762a4c4930e5cd5de94f575

    Download Submit

  • /data/user/0/com.year.jewel/app_DynamicOptDex/EXkfI.json
    Filesize

    3.6MB

    MD5

    4e67e6ba9afa148a37a2666241bb4fa6

    SHA1

    8240bd6a3ca3194d04876086651146d10aab30a2

    SHA256

    ed265d37d571b39a131d33e9ee4540c457afeaa565611cb00879bc4880c08088

    SHA512

    d317371c192e305ceda5b3a36810089e40cfb8d174cfb1a544d160a905513f4e5883759165c97ae11a8b3dd7aca03d5db18e1cf9d0a3891d2d780b6eeede1472

    Download Submit