Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
166s -
platform
android-11_x64 -
resource
android-x64-arm64-20240910-en -
resource tags
arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system -
submitted
15/02/2025, 22:00
Static task
static1
Behavioral task
behavioral1
Sample
9ea7a3c46964675fcc4a62ebc75fb2fa9b6bc823b178ceb30de855d65b3fc851.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
9ea7a3c46964675fcc4a62ebc75fb2fa9b6bc823b178ceb30de855d65b3fc851.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
9ea7a3c46964675fcc4a62ebc75fb2fa9b6bc823b178ceb30de855d65b3fc851.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
9ea7a3c46964675fcc4a62ebc75fb2fa9b6bc823b178ceb30de855d65b3fc851.apk
-
Size
4.7MB
-
MD5
25fbb322f1a3741120d51148c0d8860a
-
SHA1
f17a8eb7e6061924ce6e89584ffd833637d3fd92
-
SHA256
9ea7a3c46964675fcc4a62ebc75fb2fa9b6bc823b178ceb30de855d65b3fc851
-
SHA512
d349c30dd0f80a9c22c47aa12fc8336601d594c10b9c4c35d36b4668e30f658c4af3c548e14e01b23135bc680e2d6c2a30addf227d5daa6e39f6d6988e077c6e
-
SSDEEP
98304:2Inf/Yu4kOkYyRQQICL58Uw5q+Ys7je3eUIukTTW:9f/eyiQICL5nwc+Y2jSvIukXW
Malware Config
Extracted
hydra
http://12123-123dcvmolded1235asd123sd-123dvas-we12c-21.org
Signatures
-
Hydra
Android banker and info stealer.
-
Hydra family
-
Hydra payload 2 IoCs
resource yara_rule behavioral3/files/fstream-3.dat family_hydra1 behavioral3/files/fstream-3.dat family_hydra2 -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.okxlqdryc.pxgkfiwph/app_dex/classes.dex 4613 com.okxlqdryc.pxgkfiwph /data/user/0/com.okxlqdryc.pxgkfiwph/app_dex/classes.dex 4613 com.okxlqdryc.pxgkfiwph -
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.okxlqdryc.pxgkfiwph Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.okxlqdryc.pxgkfiwph -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Reads the contacts stored on the device. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://com.android.contacts/contacts com.okxlqdryc.pxgkfiwph -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 30 ip-api.com -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.okxlqdryc.pxgkfiwph -
Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs
Application may abuse the accessibility service to prevent their removal.
ioc Process android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.okxlqdryc.pxgkfiwph -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.okxlqdryc.pxgkfiwph -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.okxlqdryc.pxgkfiwph -
Reads information about phone network operator. 1 TTPs
Processes
-
com.okxlqdryc.pxgkfiwph1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Reads the contacts stored on the device.
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Queries information about active data network
- Queries the mobile country code (MCC)
PID:4613
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Discovery
Software Discovery
1Security Software Discovery
1System Network Configuration Discovery
2System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
411KB
MD5c99bf3bdeac458c55ae272f78a36e65e
SHA1bd4b791c1fe7be0a416207f350796bfedda3c4b5
SHA25610fc29dcd650c6d5b3b65b5f986edb8c4faf20968642472a6a663cdcc57b6bb8
SHA512247226a1fe0c32f9857bfa4028fe1d32e5275f74c8e6908f65906c8239d48afe072337b8fb59f3a979ae9c9897a49131d602326e4a4fe13233f400923faf193d
-
Filesize
2.2MB
MD5b08d83e397785ca278e39165065fa192
SHA11590dfa3a6bf452c238f154770dbb8ba5d82c1f6
SHA2569c826c239e05f8de4a433358a489c2395b2a542f0e66f3935f19f07c61cc9f2d
SHA512eee30f46e77704779e3196213ac7c55fadec0dc0c9f37f07d4d862f52a146edc1b3b3379422ee9588fa3ca0192c91739e6a0d8effc9eaa8471771a9e34e479e0
-
Filesize
972KB
MD532a863157ad736551a4e114247853197
SHA13b747b452123e7abbfe496fd156d276d8b7564d1
SHA256a66e7ea86993a7fc91167aae224b6a761f4e6d3ad7045fcc9a3ceb36446f31d3
SHA51218c840b6c25baf6ae05e861d06d930b6b34beb496100edfcb9f053232ba7afd0d988981ce47d41eb046491bee1a9cbabc65e9a3328e81ea94e57e0e67250ebf9
-
Filesize
973KB
MD5e0e1ebb488ae613b086829ab340bcf07
SHA1b10a38a45ef07f3b93c54d950cb9657a22043ed8
SHA256c1bc7b83d5362ef1886eb365589ae408200edf679413cf48016a3954b4ad6de1
SHA51238e7cdbdc413b2b804af19798aa2463db0ff9ffc4828553409fa01899a003a96b2b177840c83141b259bb68b62cc181ee9710b172ca0a7a5d4c96968bfabb8b2
-
Filesize
1.7MB
MD56c9c97a710a3af87425a04a64b841239
SHA1af3cc8bfb395b7cd352aa1ab5dff90b454bc82d2
SHA2560ea38e865bf3012f1c8fa3ec95ce6a5f28e1e5cb18fd5f7db3780112bf409764
SHA512c63dd82fff69b06e9cfeff5fc595d095aedd97c6acc4284010ca91835af4940ff7e0a7091a06c030e4194b64236868861e75b986647720ba61068de8e14491d9
-
Filesize
399KB
MD539b6b2efe81a5e6d5ae1a5e4537f01c8
SHA1a58e8eeb37d2ef2ce93554a868160ed50912e27a
SHA25663c02bec31c81d06a86ec644a46edf0cb7dc4b35b0d72ca5a6843723728a4263
SHA512fa0dac6a476692684aa89a6d6c6ca55bb772f515e8940ad9cfc49486792a04953aa718fe2a33ed075fd483eee8d8352d2c93b40b6371fd45cdb4020649383bd9
-
Filesize
150KB
MD5810c5db9afe837cdfa2d213b3433897c
SHA1edcbb4d0af2fd2c18cb989a2fd7bdb3c1c8328b5
SHA2560daad25b5538b3489d6f2cf75676f53da20be88d2c93dcfa6502056a1bc85f53
SHA512bf653c1cab3842df463d58ec9686212457b8e1293d7ae896a29a9371ed07799c7d4621128f6a01df171d2b3c5ee57a607bf9ad23a1ff35d15f670099e2c9c8e8