Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
165s -
platform
android-11_x64 -
resource
android-x64-arm64-20240910-en -
resource tags
arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system -
submitted
18/03/2025, 22:01
Static task
static1
Behavioral task
behavioral1
Sample
d4c73288263cc04c315398b770312619e3c862063c173949312382c33535259c.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
d4c73288263cc04c315398b770312619e3c862063c173949312382c33535259c.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
d4c73288263cc04c315398b770312619e3c862063c173949312382c33535259c.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
d4c73288263cc04c315398b770312619e3c862063c173949312382c33535259c.apk
-
Size
3.5MB
-
MD5
fb952210ad402fc0ebf5742ba8309d33
-
SHA1
e7fcafc16c9ba50f0caf8aede2f9ac47ce5a8949
-
SHA256
d4c73288263cc04c315398b770312619e3c862063c173949312382c33535259c
-
SHA512
6ce7fbda5794a3beae578729b0cf0c6a271705c0f728d7b15bc09534cd6b30b14a74cbd11b86200c10a29e583dfa5c0e2fa63c32471dcf079c92f310385d57b2
-
SSDEEP
98304:BN2e5I5Y6zseVcQlsvWVyNteAoNZDQ1u0tjbr7cG:Bd5w9VVsvZNxoNBAN/AG
Malware Config
Extracted
hydra
http://fajasdklfjds90932ldkfj920ldsfadsnfozvabozsnerdasa.cfd
Signatures
-
Hydra
Android banker and info stealer.
-
Hydra family
-
Hydra payload 2 IoCs
resource yara_rule behavioral3/memory/4728-0.dex family_hydra1 behavioral3/memory/4728-0.dex family_hydra2 -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.unaware.tissue/app_fitness/hg.json 4728 com.unaware.tissue -
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.unaware.tissue Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.unaware.tissue -
Reads the contacts stored on the device. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://com.android.contacts/contacts com.unaware.tissue -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 25 ip-api.com -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.unaware.tissue -
Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs
Application may abuse the accessibility service to prevent their removal.
ioc Process android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.unaware.tissue -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.unaware.tissue -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.unaware.tissue -
Reads information about phone network operator. 1 TTPs
Processes
-
com.unaware.tissue1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Reads the contacts stored on the device.
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Queries information about active data network
- Queries the mobile country code (MCC)
PID:4728
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
969KB
MD5a60fc1bd35302214b9dbbb9da21adb33
SHA10e3aae5b7146933ea127262daf2ef67b81cbb01b
SHA25603071c938dcd1f0b608f826abe05bccd425d45fbc52bcadfd7a1ecf40e3484cf
SHA5126a61b7eb2b5e9a0e4443bffe6eb87f9a0954c2fa18c448649a271fae5795230b34fd5c26902d63d04dfd7f5731350f8039f4a853dfdcfd0a767ebc5cc3a3a5b4
-
Filesize
969KB
MD514d430fae8584b962a06998be4ab0e62
SHA1a1b6486adabdee5cdfbb5ed4da8e64ced381f0ea
SHA256955dfa0778d7cc972396cd4e8bccfcd94cf9676c927e9978829d739519c0d4b1
SHA512880dd195272bbdcffb913c2dc91830a42c7e588ae6cc1ac26433e2342c365278cfe0216eefe7b4ec530a281fcc4c92b067e392796d810b66062ad2ab02c0410d
-
Filesize
2.2MB
MD5b86222b8b0c7cffc60dc06c443434bec
SHA1e91ccbe2573f198318236cf3845a355d529767bc
SHA256777c111d75b5c69dc915cf9d07401f96fce8997f37fe49773dfdda2e79521424
SHA512704412e2282f57142294741ec1dbfe26667e460029d34220ebfa2f3f795d46231501cc62813db6da1fcf9b1a45ed706ffccad8890b54aa1d9fca53e344239797