Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
296s -
max time network
301s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
19/02/2025, 12:43
Static task
static1
Behavioral task
behavioral1
Sample
9ec93f30a4d4c404687abd67f4aeb19d2f50b16c7662e41aba8f86a5407ba14d.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral2
Sample
9ec93f30a4d4c404687abd67f4aeb19d2f50b16c7662e41aba8f86a5407ba14d.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral3
Sample
9ec93f30a4d4c404687abd67f4aeb19d2f50b16c7662e41aba8f86a5407ba14d.apk
Resource
android-33-x64-arm64-20240624-en
General
-
Target
9ec93f30a4d4c404687abd67f4aeb19d2f50b16c7662e41aba8f86a5407ba14d.apk
-
Size
2.4MB
-
MD5
b11e72c94d810958df65d8716d853bc3
-
SHA1
606a5eaf439586fc316a3befc85431091bfa786e
-
SHA256
9ec93f30a4d4c404687abd67f4aeb19d2f50b16c7662e41aba8f86a5407ba14d
-
SHA512
c18853c87af0198a0d19d097e1f83e0044d32b3d676a23dd0cd132499d098a951d31777153e6c6e9f9710b3fc28e74129173fc90b6c7ab2711a34a84ff5b98c5
-
SSDEEP
49152:ZxkyYHERA1iUZXObVbVIrobX57/prbB5Wk4HMIyzNZ60/KrYvTD0iXXYMZ04YKx:ZxkyYke1iiYbe0L57/ZjWJHMIyxwQKs3
Malware Config
Extracted
hydra
https://gist.githubusercontent.com/ferrari458italy/4fe02ee186816abcfcca6eaaed44659d/raw/helloworld.json
Signatures
-
Hydra
Android banker and info stealer.
-
Hydra family
-
Hydra payload 1 IoCs
resource yara_rule behavioral1/files/fstream-2.dat family_hydra1 -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.scare.obscure/app_DynamicOptDex/Yy.json 4929 com.scare.obscure /data/user/0/com.scare.obscure/app_DynamicOptDex/Yy.json 4929 com.scare.obscure -
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.scare.obscure Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText com.scare.obscure Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.scare.obscure -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 4 ip-api.com -
Performs UI accessibility actions on behalf of the user 1 TTPs 2 IoCs
Application may abuse the accessibility service to prevent their removal.
ioc Process android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.scare.obscure android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.scare.obscure -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.scare.obscure -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.scare.obscure -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.scare.obscure
Processes
-
com.scare.obscure1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Performs UI accessibility actions on behalf of the user
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4929
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
573KB
MD5dbdafc6c18b0b6f9a9c0252ed395c740
SHA1d48bf669f240932e78fdb5f5d5696327af7dff72
SHA256598ac88704fe5dc9707c34228de82bf1ea7805cfc4ca81427958694835cbb19a
SHA51296fdec46f2c5cfae40fc636dbf0ae4ccf4b289d5b6aaaa194df287b9c52685dc56478bf9f3f7274873e06a6ee3e4ff6a67aaaef920f0f0d1f7f05010b7bf5ea9
-
Filesize
573KB
MD51e11861994b5b31e4c58c224eef13532
SHA11f283ac3c312401df111388d1c295a975adc37f8
SHA25675491e51cbe3aff4632b5ade80f77ce14b0ccdff422ff3c457dd5552e9693697
SHA5123543ab0858bc0ab478c35c28d419866d556c1e5cc081416ed03ceb8f601bc99f65a97c6c537cb501b26fa3bd09a3e3d813f926df46a3f886616e40d8683717c0
-
Filesize
1KB
MD51e2b7a17210d9edc8438b480002866f0
SHA13d4d3faebf83511e410ab431aef14d392a1bff45
SHA256d7c2d1eab31c35548e0a538b3d25eee2492eaf88c5be9a58459b8887ec67ab12
SHA512c229107e680a0e1ce6c4b9f4631f456421f948529e64e14279ca53bbab7461b566a2a6b232a7cc27934277296307106034211068eeeea94b93094af22c7f5f66