Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5e6ee98bdad3c9879ef56575c41c4b53e297fcad3a715995f71c9dab950d5ee9.bin

  • Size

    4.1MB

  • Sample

    250318-1w9v5sytay

  • MD5

    029afcf139402cb4e439691ed204cb3a

  • SHA1

    a53a8d4b6ee0db0012a3daccfa7f4fb68a69f325

  • SHA256

    5e6ee98bdad3c9879ef56575c41c4b53e297fcad3a715995f71c9dab950d5ee9

  • SHA512

    f6434e125504cbf077d9ee215c064d1eb49d445ee096dcfa2d1d6d0a766881a7a11acd9bcf01e6e7b956fec3e0ebdb21876ec8eff24ba9358e215ca868ea99b9

  • SSDEEP

    98304:WCSqVBWfnWMy3KiALMXGv5d6gGVbpz6vyFb8bLdR90voZulQaz9E:WCSq7WPWMy3TALM2ociN19E

Malware Config

Extracted

Family

hydra

C2

http://fajasdklfjds90932ldkfj920ldsfadsnfozvabozsnerdasa.cfd

Targets

    • Target

      5e6ee98bdad3c9879ef56575c41c4b53e297fcad3a715995f71c9dab950d5ee9.bin

    • Size

      4.1MB

    • MD5

      029afcf139402cb4e439691ed204cb3a

    • SHA1

      a53a8d4b6ee0db0012a3daccfa7f4fb68a69f325

    • SHA256

      5e6ee98bdad3c9879ef56575c41c4b53e297fcad3a715995f71c9dab950d5ee9

    • SHA512

      f6434e125504cbf077d9ee215c064d1eb49d445ee096dcfa2d1d6d0a766881a7a11acd9bcf01e6e7b956fec3e0ebdb21876ec8eff24ba9358e215ca868ea99b9

    • SSDEEP

      98304:WCSqVBWfnWMy3KiALMXGv5d6gGVbpz6vyFb8bLdR90voZulQaz9E:WCSq7WPWMy3TALM2ociN19E

    • Hydra

      Android banker and info stealer.

    • Hydra family

    • Hydra payload

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Reads the contacts stored on the device.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

    • Queries information about active data network

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks