Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    158s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    16/02/2025, 22:05

General

  • Target

    836f868f699bd6a50a30b5bb844bb1319bf2517864156c08ece5573e20f9bba7.apk

  • Size

    4.7MB

  • MD5

    0bb155911c45abed867ffe361cb6a532

  • SHA1

    eee5da6abdaa1ad0b4317653a768f3b6ed0fa85c

  • SHA256

    836f868f699bd6a50a30b5bb844bb1319bf2517864156c08ece5573e20f9bba7

  • SHA512

    52fd8863366bbc0609a8bbee4d621c83f847faae5c2a096d9c1fac92a5d7c6aea0fa26fb354ae6c4f85fa37b93c3d1240e9c33dfa19992d296fc7e5f0e6212bf

  • SSDEEP

    98304:YODhMcJbpQJ3W7uhCXrB+d0BDwTphuBPM7fc6JphNwhYPsckiV/A9:rMcJuJGi0Xt+d+wTphAE7fc6JPShUsP7

Malware Config

Extracted

Family

hydra

C2

http://1231254123-123d34123-xzccv-1sasdqwe-123cvbe-dqwed.org

DES_key

Signatures

  • Hydra

    Android banker and info stealer.

  • Hydra family
  • Hydra payload 2 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs

    Application may abuse the accessibility service to prevent their removal.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Processes

  • com.slghlhrpc.cmkpzbrrb
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Reads the contacts stored on the device.
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4931

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.slghlhrpc.cmkpzbrrb/app_apk/payload.apk

    Filesize

    974KB

    MD5

    3baeaa766ea7f31a9147208efd957c75

    SHA1

    c701de3d0e55425394ccbf8e0967639e86f3c54e

    SHA256

    75e162dc291e15d13b0f3202a66e0c88ff2db09ec02922ee64818dbddcb78d6d

    SHA512

    9f3ccb1fc9a177524ba2d39f809be4851af385073463893bd4a8664308253fc0da2b9ab330c85675dbe9ce0c44b631a0d1ec7800491687c7b2540504b351295f

  • /data/data/com.slghlhrpc.cmkpzbrrb/app_dex/classes.dex

    Filesize

    2.2MB

    MD5

    fedce253449026c0a0a7939bc75e1dfa

    SHA1

    0ed258e4a2d472df79daab28304d044dd3f05f70

    SHA256

    5e0f51bbb9a2710b3d390039432d09dbead903f97235bb1b7da175d415bac58f

    SHA512

    f5c1f0c90b125d228cadee2f9a68cefff06cfcd1c8967b6652d285313a65e16f4551b6923a146cc2b9304d31f7ce851fd75cde0314cdd9dfd4324191092a31e8

  • /data/data/com.slghlhrpc.cmkpzbrrb/cache/classes.dex

    Filesize

    972KB

    MD5

    d78a540a95142b8f5e90a884e69d7ece

    SHA1

    fa39f09ec36fc44c7b54ab028dabd255726bdc14

    SHA256

    c0547d6e35514c01807a4479b8f013cb6767105c4ce71024bb5a9aa5e278fa7d

    SHA512

    1e811d7730d2cc59f0112e738951ce72267030586bf994b021126745e066814291ca4dd91cba3802100ca7236afd4692704c9e214ce9268a40368761f934dcd7

  • /data/data/com.slghlhrpc.cmkpzbrrb/cache/classes.zip

    Filesize

    973KB

    MD5

    eec9133041583c8e603c60374ab73703

    SHA1

    a8592d4b71ef3036fb30571c45c7eed4cfdeb83a

    SHA256

    e6498e08914e2e5d1e4b57cc88b8a01746ec22629cfc1f148ac962b53e5a7f33

    SHA512

    88e9c47f068b90b9a646bc5697c812caa86cccdbabea4c3f81da195922575274511f05c7bef912987819e0bfe5b4d06c69b0fd41505650f1c32cdfb8b8f4792f

  • /data/data/com.slghlhrpc.cmkpzbrrb/cache/x41bisfTMKrsQCxvJgn9Dm64yPIElwD8H8NZGzsu.zip

    Filesize

    16.1MB

    MD5

    2877545cd492ebfde7e1376681e60ea0

    SHA1

    0ff83bd09fc77a36a37f00986f36aeecd56ff3ce

    SHA256

    ea796437a51c3a002c65e51b04a5ae29dc90b3c7142b9234e9e4f08435daa927

    SHA512

    75a103b9ec8722cf76ae06b81bafa20d52dd0eb7173f0a9c37a6a8ab5a980fb61a6646ec7b4f189744e101186584d21cf0095e2b13f52e2c3f044c632e48770b