Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
800d3a76496613ceb8ed1b7f9e5bfb2356ae8de8987b9a21a2fcaf8268df78a7.bin
-
Size
4.5MB
-
Sample
250307-13g4psx1fx
-
MD5
304c78178c7b4e20afbb02f0230b12d9
-
SHA1
2e4e5b85efd0a19a0a3d6ba8497ebf8264664de5
-
SHA256
800d3a76496613ceb8ed1b7f9e5bfb2356ae8de8987b9a21a2fcaf8268df78a7
-
SHA512
3e8ccab7e6eaa53cc1950c4ea4e29a3f2d786aba9725584ed61ac6efaa80dfd20ce83ecbe6db0dd5b1e4a2505c2db3e21963ee77556c967754366cc88205dc6f
-
SSDEEP
98304:KUYIrNTZfK44F2ZhUf6lO7j0BTa3bjUwxcda0h+l5lxJfjsWa:KUXT5sF2ZhzlMjj3fTxKrh+5XsWa
Static task
static1
Behavioral task
behavioral1
Sample
800d3a76496613ceb8ed1b7f9e5bfb2356ae8de8987b9a21a2fcaf8268df78a7.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
800d3a76496613ceb8ed1b7f9e5bfb2356ae8de8987b9a21a2fcaf8268df78a7.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
800d3a76496613ceb8ed1b7f9e5bfb2356ae8de8987b9a21a2fcaf8268df78a7.apk
Resource
android-x64-arm64-20240910-en
Malware Config
Extracted
hydra
http://cansucanancaynes.top
Targets
-
-
Target
800d3a76496613ceb8ed1b7f9e5bfb2356ae8de8987b9a21a2fcaf8268df78a7.bin
-
Size
4.5MB
-
MD5
304c78178c7b4e20afbb02f0230b12d9
-
SHA1
2e4e5b85efd0a19a0a3d6ba8497ebf8264664de5
-
SHA256
800d3a76496613ceb8ed1b7f9e5bfb2356ae8de8987b9a21a2fcaf8268df78a7
-
SHA512
3e8ccab7e6eaa53cc1950c4ea4e29a3f2d786aba9725584ed61ac6efaa80dfd20ce83ecbe6db0dd5b1e4a2505c2db3e21963ee77556c967754366cc88205dc6f
-
SSDEEP
98304:KUYIrNTZfK44F2ZhUf6lO7j0BTa3bjUwxcda0h+l5lxJfjsWa:KUXT5sF2ZhzlMjj3fTxKrh+5XsWa
-
Hydra family
-
Hydra payload
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Reads the contacts stored on the device.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries information about active data network
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Impair Defenses
1Prevent Application Removal
1Input Injection
1