Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
150s -
platform
android-10_x64 -
resource
android-x64-20240910-en -
resource tags
arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system -
submitted
18/03/2025, 22:01
Static task
static1
Behavioral task
behavioral1
Sample
4902d53679849c227912f4b8ff5f9ca81fc1eac5640768bf486b007109c207f2.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
4902d53679849c227912f4b8ff5f9ca81fc1eac5640768bf486b007109c207f2.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
4902d53679849c227912f4b8ff5f9ca81fc1eac5640768bf486b007109c207f2.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
4902d53679849c227912f4b8ff5f9ca81fc1eac5640768bf486b007109c207f2.apk
-
Size
3.7MB
-
MD5
31b668aae3cefc0dade16a28d28573c7
-
SHA1
5b5a2b742e437afefdda5533f1ffc4a3a7f06321
-
SHA256
4902d53679849c227912f4b8ff5f9ca81fc1eac5640768bf486b007109c207f2
-
SHA512
f371abe68c7ce0569f1249934b99dc7c98a0cba6b5c6269ef0f97e6986394e815f761bddda100e65c2fef0db81b993701fadd60af18b10e8c0f98fdecc9bcc32
-
SSDEEP
98304:1BTUpsYPoUz3ao1vz2Q6bA0eSEhh18Qx8092Q9ep5sq4h:1pUWczIvhxQc6h
Malware Config
Extracted
hydra
http://vadkedloepasdlekdqwwe123edlwegbanbemnezdoemsded.com
Signatures
-
Hydra
Android banker and info stealer.
-
Hydra family
-
Hydra payload 2 IoCs
resource yara_rule behavioral2/memory/5237-0.dex family_hydra1 behavioral2/memory/5237-0.dex family_hydra2 -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.drink.pole/app_ice/EiTg.json 5237 com.drink.pole -
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.drink.pole Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.drink.pole -
Reads the contacts stored on the device. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://com.android.contacts/contacts com.drink.pole -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 16 ip-api.com -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.drink.pole -
Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs
Application may abuse the accessibility service to prevent their removal.
ioc Process android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.drink.pole -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.drink.pole -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.drink.pole -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.drink.pole
Processes
-
com.drink.pole1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Reads the contacts stored on the device.
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5237
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
969KB
MD57d6e151aea5e64de1b3d21b62dc68f8c
SHA1b21f100e16eabf6d096b6f461927ab85b088a78c
SHA2566def1fee8b7a28bf189d335a954dc92e9d57bdf1ee70192cfdeb331c4c990253
SHA512a9ca195086cff9cd66f1c8f76a3d0de12cb029e3e63acff06687188b98164f77c56ed4e26abf79852974209a7289480ea94c70ff3b0a764c7b3fb6c2ff032bcf
-
Filesize
969KB
MD54a369556256a317d5c4fc87ec019ca4f
SHA1d2303c6df95721d33bd0c57b2f59f0465d59e536
SHA25614b191cd06a67cbb8f4f1aa99e73debd434b50c348004ad5ad6fa673f319bd8d
SHA512529db678c66b06f6073a16fe79fe2b7daa6509767591224ead2664396b560eea0a2f6fb062631e27dc95c987042528f34739a6e19133b5f7f83cb75ba6917676
-
Filesize
1KB
MD58b7e1854eb70214b9bfa06b2be24a0d9
SHA132ffc345a5e1eda88b6f6a66da9951c6dc570f8d
SHA2565173b0eabbc1420b2757caa41df44b5fb8f7c5e42c6aa9432881303fa821bcec
SHA5125bff962c275f25c6be6ea10f9e3212901600e60a08ef04148d3bce28b302fd23695e1e0379d7f79b30ca7b33d0260efbf06c9f7d10faace46600e2e562932acc
-
Filesize
2.2MB
MD503e6f036cf9c79c0390146b07de02a8a
SHA1518103de9468ea660b63d1e773bc397add211de1
SHA2564f8ae26496d1fbb51dada64620bcdd3e67c5812365e4148c98d00aa60ea046bc
SHA512a289d4a1fbe6147cc3f6d408fc622b14322caea3023c4070a736d8e4b9fa61b4652df7ee0e7a4ba4acb467eea1a45c5b2f24c5bfd13c8b976be3f7f7a3eec72d