Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
5e6ee98bdad3c9879ef56575c41c4b53e297fcad3a715995f71c9dab950d5ee9.bin
-
Size
4.1MB
-
Sample
250318-1w9v5sytay
-
MD5
029afcf139402cb4e439691ed204cb3a
-
SHA1
a53a8d4b6ee0db0012a3daccfa7f4fb68a69f325
-
SHA256
5e6ee98bdad3c9879ef56575c41c4b53e297fcad3a715995f71c9dab950d5ee9
-
SHA512
f6434e125504cbf077d9ee215c064d1eb49d445ee096dcfa2d1d6d0a766881a7a11acd9bcf01e6e7b956fec3e0ebdb21876ec8eff24ba9358e215ca868ea99b9
-
SSDEEP
98304:WCSqVBWfnWMy3KiALMXGv5d6gGVbpz6vyFb8bLdR90voZulQaz9E:WCSq7WPWMy3TALM2ociN19E
Static task
static1
Behavioral task
behavioral1
Sample
5e6ee98bdad3c9879ef56575c41c4b53e297fcad3a715995f71c9dab950d5ee9.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
5e6ee98bdad3c9879ef56575c41c4b53e297fcad3a715995f71c9dab950d5ee9.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
5e6ee98bdad3c9879ef56575c41c4b53e297fcad3a715995f71c9dab950d5ee9.apk
Resource
android-x64-arm64-20240910-en
Malware Config
Extracted
hydra
http://fajasdklfjds90932ldkfj920ldsfadsnfozvabozsnerdasa.cfd
Targets
-
-
Target
5e6ee98bdad3c9879ef56575c41c4b53e297fcad3a715995f71c9dab950d5ee9.bin
-
Size
4.1MB
-
MD5
029afcf139402cb4e439691ed204cb3a
-
SHA1
a53a8d4b6ee0db0012a3daccfa7f4fb68a69f325
-
SHA256
5e6ee98bdad3c9879ef56575c41c4b53e297fcad3a715995f71c9dab950d5ee9
-
SHA512
f6434e125504cbf077d9ee215c064d1eb49d445ee096dcfa2d1d6d0a766881a7a11acd9bcf01e6e7b956fec3e0ebdb21876ec8eff24ba9358e215ca868ea99b9
-
SSDEEP
98304:WCSqVBWfnWMy3KiALMXGv5d6gGVbpz6vyFb8bLdR90voZulQaz9E:WCSq7WPWMy3TALM2ociN19E
-
Hydra family
-
Hydra payload
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Reads the contacts stored on the device.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries information about active data network
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Impair Defenses
1Prevent Application Removal
1Input Injection
1