Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f190b0887265d7e7fbef7ce328180aa11925295e0fe335efe526747acb64449e.bin

  • Size

    4.7MB

  • Sample

    250204-12razsvlfs

  • MD5

    97582d8e33578e7dd5f7667bde68f6c3

  • SHA1

    71356471f1fc8cccd4288deb577d63041e1faea1

  • SHA256

    f190b0887265d7e7fbef7ce328180aa11925295e0fe335efe526747acb64449e

  • SHA512

    e624188eeb55dc230a9bc32b60965331a3f60cf8a05eb5cadc25147ca672ea3a863617dc0dcc1fba0cb57c06b1fbadd1ebb6b87ece49cc57ad1982e2bbde9ab1

  • SSDEEP

    98304:/H7JYwx4LmDPN5WWs5s5GShHjq35Uf6X9HsgIFrBCbg+jccUr6Abk03LbUg+:/exw5WWsjH8Mg+k+

Malware Config

Extracted

Family

hydra

C2

http://chililiki0101.com

Targets

    • Target

      f190b0887265d7e7fbef7ce328180aa11925295e0fe335efe526747acb64449e.bin

    • Size

      4.7MB

    • MD5

      97582d8e33578e7dd5f7667bde68f6c3

    • SHA1

      71356471f1fc8cccd4288deb577d63041e1faea1

    • SHA256

      f190b0887265d7e7fbef7ce328180aa11925295e0fe335efe526747acb64449e

    • SHA512

      e624188eeb55dc230a9bc32b60965331a3f60cf8a05eb5cadc25147ca672ea3a863617dc0dcc1fba0cb57c06b1fbadd1ebb6b87ece49cc57ad1982e2bbde9ab1

    • SSDEEP

      98304:/H7JYwx4LmDPN5WWs5s5GShHjq35Uf6X9HsgIFrBCbg+jccUr6Abk03LbUg+:/exw5WWsjH8Mg+k+

    • Hydra

      Android banker and info stealer.

    • Hydra family

    • Hydra payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Reads the contacts stored on the device.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

    • Queries information about active data network

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks