Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
152s -
platform
android-10_x64 -
resource
android-x64-20240910-en -
resource tags
arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system -
submitted
14/02/2025, 22:00
Static task
static1
Behavioral task
behavioral1
Sample
b458c9bf77acd946498ed188499473355209ed0933e8d4a5f19d7c96651dbd5e.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
b458c9bf77acd946498ed188499473355209ed0933e8d4a5f19d7c96651dbd5e.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
b458c9bf77acd946498ed188499473355209ed0933e8d4a5f19d7c96651dbd5e.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
b458c9bf77acd946498ed188499473355209ed0933e8d4a5f19d7c96651dbd5e.apk
-
Size
4.7MB
-
MD5
f04cc2ed9ab07ad51e12a1574b49e5d5
-
SHA1
7eca6f09c6a2add92f18ebfca0a076bae6196c82
-
SHA256
b458c9bf77acd946498ed188499473355209ed0933e8d4a5f19d7c96651dbd5e
-
SHA512
7b14d305e446097898cea430d3f1d1d9b9c4691ffe12301c9353340af3b0e21ad2c29df08f5d56174f9ae6cd6f7d29ca3a4963435a80a18384ef16d1ada256ba
-
SSDEEP
98304:t5n5fryzzBvv5eFiVoBmiaK7ByNbcCnWlxgE2wwFJNGApqzC:z5TyzNIsuBmihBy9cuwC
Malware Config
Extracted
hydra
http://das123sdvvb-23sd-123asd-123xcvb-asd123-sdad-ae123-e-ee.org
Signatures
-
Hydra
Android banker and info stealer.
-
Hydra family
-
Hydra payload 2 IoCs
resource yara_rule behavioral2/files/fstream-3.dat family_hydra1 behavioral2/files/fstream-3.dat family_hydra2 -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.hrkdpfkvq.ykwjixvpu/app_dex/classes.dex 5059 com.hrkdpfkvq.ykwjixvpu /data/user/0/com.hrkdpfkvq.ykwjixvpu/app_dex/classes.dex 5059 com.hrkdpfkvq.ykwjixvpu -
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.hrkdpfkvq.ykwjixvpu Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.hrkdpfkvq.ykwjixvpu -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Reads the contacts stored on the device. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://com.android.contacts/contacts com.hrkdpfkvq.ykwjixvpu -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 16 ip-api.com -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.hrkdpfkvq.ykwjixvpu -
Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs
Application may abuse the accessibility service to prevent their removal.
ioc Process android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.hrkdpfkvq.ykwjixvpu -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.hrkdpfkvq.ykwjixvpu -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.hrkdpfkvq.ykwjixvpu -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.hrkdpfkvq.ykwjixvpu
Processes
-
com.hrkdpfkvq.ykwjixvpu1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Reads the contacts stored on the device.
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5059
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Discovery
Software Discovery
1Security Software Discovery
1System Network Configuration Discovery
2System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
974KB
MD53baeaa766ea7f31a9147208efd957c75
SHA1c701de3d0e55425394ccbf8e0967639e86f3c54e
SHA25675e162dc291e15d13b0f3202a66e0c88ff2db09ec02922ee64818dbddcb78d6d
SHA5129f3ccb1fc9a177524ba2d39f809be4851af385073463893bd4a8664308253fc0da2b9ab330c85675dbe9ce0c44b631a0d1ec7800491687c7b2540504b351295f
-
Filesize
2.2MB
MD59589a90372269c261a04f38a87c2a89c
SHA10a1d5c84db447a8261912b267d6a43d796ba9af5
SHA256eb5ea280076d8ffe149c9d1ddd55f26a3e1dba6ca5c94550fbef6d6610a51cff
SHA512891e35ac035abaec81f2c9405a36073b76f8ef97d0f6143f164129324c03e89e7ec882b225f9ef0cbfce4befbe877c921c6a79406c45710fb2d9e13807326e74
-
Filesize
972KB
MD5827431ec70a0202a198d0c2b0ba94e6e
SHA1982df4740110c7232686b8004239744f21ab07bf
SHA2563ac11b193e59f0356b988c9c3fffe1137daef3c820cda0d7d8471b392e8d4847
SHA512c515f08d5824d0f33e3c783c7a8d3a403f30f75c56c270ad5bba3fcad41c02f89731bade2edf31176cf2648a4085e35ad24a823543f7c152de26cc0569861db0
-
Filesize
973KB
MD5c287b899a1edb4583234ba1c7c0cc73b
SHA1fe6029420402ad82c7eee6ac512f3ba10886f81c
SHA2560b7e3485c5e7f99315ff5a91d125b7d1621625b55b5ac20260f9b37db4a73b95
SHA512dd5d266098fa122f4dfeda5a5c7be05b9250a114a8994b71365fe5c89ce4408eed1e767fc68fa64f578b581effcc7717c45b3b3f16c5abb496d242967b4943e1
-
Filesize
2.6MB
MD5959ee961a175c7c3c17e4d46484c8aca
SHA1e954a6b626be596731a5224206587ba7fe9057d1
SHA256af520bf332b1ae1278012da968dcb4c441e80df58ce15ffeefd160bdbba4ae63
SHA512ab87ee07e89d07e2b80fdc7d6d97716f8eea10691ba6298ccaa9e5f1ce60bae5689779cd511a53ff22481f588081ef70a74912b414091c2b010ee7cdb80de104
-
Filesize
672KB
MD5354a26203cce89108acedf7e552437d1
SHA13b662e85bf676be65310acf6d5dd364d6a25a215
SHA2562acb1e4bb60b8fa650b1316b1f4233ad75ae6a67243a16c994ed75a013131d28
SHA512a2f0b4c3f0cc709a51e6a58d18bdb1395994aa2a61d39458554e7d1720887d74af5c86a31e6178432e4408718fdf99a2f465f54d5539cb7cfc8efc5075533de7