Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    148s
  • max time network
    166s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    15/02/2025, 22:00

General

  • Target

    9ea7a3c46964675fcc4a62ebc75fb2fa9b6bc823b178ceb30de855d65b3fc851.apk

  • Size

    4.7MB

  • MD5

    25fbb322f1a3741120d51148c0d8860a

  • SHA1

    f17a8eb7e6061924ce6e89584ffd833637d3fd92

  • SHA256

    9ea7a3c46964675fcc4a62ebc75fb2fa9b6bc823b178ceb30de855d65b3fc851

  • SHA512

    d349c30dd0f80a9c22c47aa12fc8336601d594c10b9c4c35d36b4668e30f658c4af3c548e14e01b23135bc680e2d6c2a30addf227d5daa6e39f6d6988e077c6e

  • SSDEEP

    98304:2Inf/Yu4kOkYyRQQICL58Uw5q+Ys7je3eUIukTTW:9f/eyiQICL5nwc+Y2jSvIukXW

Malware Config

Extracted

Family

hydra

C2

http://12123-123dcvmolded1235asd123sd-123dvas-we12c-21.org

DES_key

Signatures

  • Hydra

    Android banker and info stealer.

  • Hydra family
  • Hydra payload 2 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs

    Application may abuse the accessibility service to prevent their removal.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Reads information about phone network operator. 1 TTPs

Processes

  • com.okxlqdryc.pxgkfiwph
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Reads the contacts stored on the device.
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    PID:4613

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.okxlqdryc.pxgkfiwph/app_apk/payload.apk

    Filesize

    411KB

    MD5

    c99bf3bdeac458c55ae272f78a36e65e

    SHA1

    bd4b791c1fe7be0a416207f350796bfedda3c4b5

    SHA256

    10fc29dcd650c6d5b3b65b5f986edb8c4faf20968642472a6a663cdcc57b6bb8

    SHA512

    247226a1fe0c32f9857bfa4028fe1d32e5275f74c8e6908f65906c8239d48afe072337b8fb59f3a979ae9c9897a49131d602326e4a4fe13233f400923faf193d

  • /data/user/0/com.okxlqdryc.pxgkfiwph/app_dex/classes.dex

    Filesize

    2.2MB

    MD5

    b08d83e397785ca278e39165065fa192

    SHA1

    1590dfa3a6bf452c238f154770dbb8ba5d82c1f6

    SHA256

    9c826c239e05f8de4a433358a489c2395b2a542f0e66f3935f19f07c61cc9f2d

    SHA512

    eee30f46e77704779e3196213ac7c55fadec0dc0c9f37f07d4d862f52a146edc1b3b3379422ee9588fa3ca0192c91739e6a0d8effc9eaa8471771a9e34e479e0

  • /data/user/0/com.okxlqdryc.pxgkfiwph/cache/classes.dex

    Filesize

    972KB

    MD5

    32a863157ad736551a4e114247853197

    SHA1

    3b747b452123e7abbfe496fd156d276d8b7564d1

    SHA256

    a66e7ea86993a7fc91167aae224b6a761f4e6d3ad7045fcc9a3ceb36446f31d3

    SHA512

    18c840b6c25baf6ae05e861d06d930b6b34beb496100edfcb9f053232ba7afd0d988981ce47d41eb046491bee1a9cbabc65e9a3328e81ea94e57e0e67250ebf9

  • /data/user/0/com.okxlqdryc.pxgkfiwph/cache/classes.zip

    Filesize

    973KB

    MD5

    e0e1ebb488ae613b086829ab340bcf07

    SHA1

    b10a38a45ef07f3b93c54d950cb9657a22043ed8

    SHA256

    c1bc7b83d5362ef1886eb365589ae408200edf679413cf48016a3954b4ad6de1

    SHA512

    38e7cdbdc413b2b804af19798aa2463db0ff9ffc4828553409fa01899a003a96b2b177840c83141b259bb68b62cc181ee9710b172ca0a7a5d4c96968bfabb8b2

  • /data/user/0/com.okxlqdryc.pxgkfiwph/cache/x41bisfTMKrsQCxvJgn9Dm64yPIElwD8H8NZGzsu.zip

    Filesize

    1.7MB

    MD5

    6c9c97a710a3af87425a04a64b841239

    SHA1

    af3cc8bfb395b7cd352aa1ab5dff90b454bc82d2

    SHA256

    0ea38e865bf3012f1c8fa3ec95ce6a5f28e1e5cb18fd5f7db3780112bf409764

    SHA512

    c63dd82fff69b06e9cfeff5fc595d095aedd97c6acc4284010ca91835af4940ff7e0a7091a06c030e4194b64236868861e75b986647720ba61068de8e14491d9

  • /data/user/0/com.okxlqdryc.pxgkfiwph/cache/x41bisfTMKrsQCxvJgn9Dm64yPIElwD8H8NZGzsu.zip

    Filesize

    399KB

    MD5

    39b6b2efe81a5e6d5ae1a5e4537f01c8

    SHA1

    a58e8eeb37d2ef2ce93554a868160ed50912e27a

    SHA256

    63c02bec31c81d06a86ec644a46edf0cb7dc4b35b0d72ca5a6843723728a4263

    SHA512

    fa0dac6a476692684aa89a6d6c6ca55bb772f515e8940ad9cfc49486792a04953aa718fe2a33ed075fd483eee8d8352d2c93b40b6371fd45cdb4020649383bd9

  • /data/user/0/com.okxlqdryc.pxgkfiwph/cache/x41bisfTMKrsQCxvJgn9Dm64yPIElwD8H8NZGzsu.zip

    Filesize

    150KB

    MD5

    810c5db9afe837cdfa2d213b3433897c

    SHA1

    edcbb4d0af2fd2c18cb989a2fd7bdb3c1c8328b5

    SHA256

    0daad25b5538b3489d6f2cf75676f53da20be88d2c93dcfa6502056a1bc85f53

    SHA512

    bf653c1cab3842df463d58ec9686212457b8e1293d7ae896a29a9371ed07799c7d4621128f6a01df171d2b3c5ee57a607bf9ad23a1ff35d15f670099e2c9c8e8