Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    800d3a76496613ceb8ed1b7f9e5bfb2356ae8de8987b9a21a2fcaf8268df78a7.bin

  • Size

    4.5MB

  • Sample

    250307-13g4psx1fx

  • MD5

    304c78178c7b4e20afbb02f0230b12d9

  • SHA1

    2e4e5b85efd0a19a0a3d6ba8497ebf8264664de5

  • SHA256

    800d3a76496613ceb8ed1b7f9e5bfb2356ae8de8987b9a21a2fcaf8268df78a7

  • SHA512

    3e8ccab7e6eaa53cc1950c4ea4e29a3f2d786aba9725584ed61ac6efaa80dfd20ce83ecbe6db0dd5b1e4a2505c2db3e21963ee77556c967754366cc88205dc6f

  • SSDEEP

    98304:KUYIrNTZfK44F2ZhUf6lO7j0BTa3bjUwxcda0h+l5lxJfjsWa:KUXT5sF2ZhzlMjj3fTxKrh+5XsWa

Malware Config

Extracted

Family

hydra

C2

http://cansucanancaynes.top

Targets

    • Target

      800d3a76496613ceb8ed1b7f9e5bfb2356ae8de8987b9a21a2fcaf8268df78a7.bin

    • Size

      4.5MB

    • MD5

      304c78178c7b4e20afbb02f0230b12d9

    • SHA1

      2e4e5b85efd0a19a0a3d6ba8497ebf8264664de5

    • SHA256

      800d3a76496613ceb8ed1b7f9e5bfb2356ae8de8987b9a21a2fcaf8268df78a7

    • SHA512

      3e8ccab7e6eaa53cc1950c4ea4e29a3f2d786aba9725584ed61ac6efaa80dfd20ce83ecbe6db0dd5b1e4a2505c2db3e21963ee77556c967754366cc88205dc6f

    • SSDEEP

      98304:KUYIrNTZfK44F2ZhUf6lO7j0BTa3bjUwxcda0h+l5lxJfjsWa:KUXT5sF2ZhzlMjj3fTxKrh+5XsWa

    • Hydra

      Android banker and info stealer.

    • Hydra family

    • Hydra payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Reads the contacts stored on the device.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

    • Queries information about active data network

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks