Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f190b0887265d7e7fbef7ce328180aa11925295e0fe335efe526747acb64449e.bin
-
Size
4.7MB
-
Sample
250204-12razsvlfs
-
MD5
97582d8e33578e7dd5f7667bde68f6c3
-
SHA1
71356471f1fc8cccd4288deb577d63041e1faea1
-
SHA256
f190b0887265d7e7fbef7ce328180aa11925295e0fe335efe526747acb64449e
-
SHA512
e624188eeb55dc230a9bc32b60965331a3f60cf8a05eb5cadc25147ca672ea3a863617dc0dcc1fba0cb57c06b1fbadd1ebb6b87ece49cc57ad1982e2bbde9ab1
-
SSDEEP
98304:/H7JYwx4LmDPN5WWs5s5GShHjq35Uf6X9HsgIFrBCbg+jccUr6Abk03LbUg+:/exw5WWsjH8Mg+k+
Static task
static1
Behavioral task
behavioral1
Sample
f190b0887265d7e7fbef7ce328180aa11925295e0fe335efe526747acb64449e.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
f190b0887265d7e7fbef7ce328180aa11925295e0fe335efe526747acb64449e.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
f190b0887265d7e7fbef7ce328180aa11925295e0fe335efe526747acb64449e.apk
Resource
android-x64-arm64-20240624-en
Malware Config
Extracted
hydra
http://chililiki0101.com
Targets
-
-
Target
f190b0887265d7e7fbef7ce328180aa11925295e0fe335efe526747acb64449e.bin
-
Size
4.7MB
-
MD5
97582d8e33578e7dd5f7667bde68f6c3
-
SHA1
71356471f1fc8cccd4288deb577d63041e1faea1
-
SHA256
f190b0887265d7e7fbef7ce328180aa11925295e0fe335efe526747acb64449e
-
SHA512
e624188eeb55dc230a9bc32b60965331a3f60cf8a05eb5cadc25147ca672ea3a863617dc0dcc1fba0cb57c06b1fbadd1ebb6b87ece49cc57ad1982e2bbde9ab1
-
SSDEEP
98304:/H7JYwx4LmDPN5WWs5s5GShHjq35Uf6X9HsgIFrBCbg+jccUr6Abk03LbUg+:/exw5WWsjH8Mg+k+
-
Hydra family
-
Hydra payload
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Reads the contacts stored on the device.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries information about active data network
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Impair Defenses
1Prevent Application Removal
1Input Injection
1