Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

b458c9bf77...5e.apk

android-9-x86

10

b458c9bf77...5e.apk

android-10-x64

10

b458c9bf77...5e.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    161s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    14/02/2025, 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b458c9bf77acd946498ed188499473355209ed0933e8d4a5f19d7c96651dbd5e.apk

  • Size

    4.7MB

  • MD5

    f04cc2ed9ab07ad51e12a1574b49e5d5

  • SHA1

    7eca6f09c6a2add92f18ebfca0a076bae6196c82

  • SHA256

    b458c9bf77acd946498ed188499473355209ed0933e8d4a5f19d7c96651dbd5e

  • SHA512

    7b14d305e446097898cea430d3f1d1d9b9c4691ffe12301c9353340af3b0e21ad2c29df08f5d56174f9ae6cd6f7d29ca3a4963435a80a18384ef16d1ada256ba

  • SSDEEP

    98304:t5n5fryzzBvv5eFiVoBmiaK7ByNbcCnWlxgE2wwFJNGApqzC:z5TyzNIsuBmihBy9cuwC

Score
10/10
hydrabankercollectioncredential_accessdefense_evasiondiscoveryevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

hydra

C2

http://das123sdvvb-23sd-123asd-123xcvb-asd123-sdad-ae123-e-ee.org

DES_key

Signatures

  • Hydra

    Android banker and info stealer.

    bankertrojaninfostealerhydra
  • Hydra family
    hydra
  • Hydra payload 2 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery

Processes

  • com.hrkdpfkvq.ykwjixvpu
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Reads the contacts stored on the device.
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    PID:4729

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.hrkdpfkvq.ykwjixvpu/app_apk/payload.apk
    Filesize

    974KB

    MD5

    3baeaa766ea7f31a9147208efd957c75

    SHA1

    c701de3d0e55425394ccbf8e0967639e86f3c54e

    SHA256

    75e162dc291e15d13b0f3202a66e0c88ff2db09ec02922ee64818dbddcb78d6d

    SHA512

    9f3ccb1fc9a177524ba2d39f809be4851af385073463893bd4a8664308253fc0da2b9ab330c85675dbe9ce0c44b631a0d1ec7800491687c7b2540504b351295f

    Download Submit

  • /data/user/0/com.hrkdpfkvq.ykwjixvpu/app_dex/classes.dex
    Filesize

    2.2MB

    MD5

    9589a90372269c261a04f38a87c2a89c

    SHA1

    0a1d5c84db447a8261912b267d6a43d796ba9af5

    SHA256

    eb5ea280076d8ffe149c9d1ddd55f26a3e1dba6ca5c94550fbef6d6610a51cff

    SHA512

    891e35ac035abaec81f2c9405a36073b76f8ef97d0f6143f164129324c03e89e7ec882b225f9ef0cbfce4befbe877c921c6a79406c45710fb2d9e13807326e74

    Download Submit

  • /data/user/0/com.hrkdpfkvq.ykwjixvpu/cache/classes.dex
    Filesize

    972KB

    MD5

    827431ec70a0202a198d0c2b0ba94e6e

    SHA1

    982df4740110c7232686b8004239744f21ab07bf

    SHA256

    3ac11b193e59f0356b988c9c3fffe1137daef3c820cda0d7d8471b392e8d4847

    SHA512

    c515f08d5824d0f33e3c783c7a8d3a403f30f75c56c270ad5bba3fcad41c02f89731bade2edf31176cf2648a4085e35ad24a823543f7c152de26cc0569861db0

    Download Submit

  • /data/user/0/com.hrkdpfkvq.ykwjixvpu/cache/classes.zip
    Filesize

    973KB

    MD5

    c287b899a1edb4583234ba1c7c0cc73b

    SHA1

    fe6029420402ad82c7eee6ac512f3ba10886f81c

    SHA256

    0b7e3485c5e7f99315ff5a91d125b7d1621625b55b5ac20260f9b37db4a73b95

    SHA512

    dd5d266098fa122f4dfeda5a5c7be05b9250a114a8994b71365fe5c89ce4408eed1e767fc68fa64f578b581effcc7717c45b3b3f16c5abb496d242967b4943e1

    Download Submit

  • /data/user/0/com.hrkdpfkvq.ykwjixvpu/cache/x41bisfTMKrsQCxvJgn9Dm64yPIElwD8H8NZGzsu.zip
    Filesize

    157KB

    MD5

    4761cf26b1044fa8f076282f8b0372ab

    SHA1

    24e8502a20ac0df01006ae2909a96a76af7038ab

    SHA256

    dc69b10ba56d1625006c1b142543c977dc59163072cf91cf5297330e2aa20de9

    SHA512

    08d92825f08713ce8ee28e751fac77f02e5eb33fe0dbf9a285f38a869a7f65cdb105611233820e3efe9508d67fb10519653d68bd55318fa826b8da947915df4b

    Download Submit

  • /data/user/0/com.hrkdpfkvq.ykwjixvpu/cache/x41bisfTMKrsQCxvJgn9Dm64yPIElwD8H8NZGzsu.zip
    Filesize

    10.3MB

    MD5

    047b734e18aee35498d857a7aa8b6b5a

    SHA1

    52b515d969666954b8101014598d2b02518d4c6b

    SHA256

    2e5b15d77e13bc049e18c34bbf7b922e2cb96bbd20beba486a882dd10771f639

    SHA512

    f543f57c71f3146497a2094cb3b3749b4efbc17d5d21cab6d8771121d32ad8c66ed3f393f28e1558109e0e633b044fd1ec8b1c2f778d327de5f541cdcea8b825

    Download Submit

  • /data/user/0/com.hrkdpfkvq.ykwjixvpu/cache/x41bisfTMKrsQCxvJgn9Dm64yPIElwD8H8NZGzsu.zip
    Filesize

    314KB

    MD5

    a70522795ba197c832938bd5b6c8eedf

    SHA1

    1e036021460acfa9e03ecc905307b088b1c134ec

    SHA256

    9e5ea7d054815cf13c3a8bd84189472504e2233d00a0724a75d239841ec64f2e

    SHA512

    6e972d271e1cde6b6db4223cc8ea3865519bee4f5ddf1d1fd17c7a792b4143f7a9c56d4bf644cc7a55c29949f5ebefb5635dc976d84fad52c8fb89d715f22696

    Download Submit