Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
156s -
platform
android-11_x64 -
resource
android-x64-arm64-20240910-en -
resource tags
arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system -
submitted
18/03/2025, 22:01
Static task
static1
Behavioral task
behavioral1
Sample
4902d53679849c227912f4b8ff5f9ca81fc1eac5640768bf486b007109c207f2.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
4902d53679849c227912f4b8ff5f9ca81fc1eac5640768bf486b007109c207f2.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
4902d53679849c227912f4b8ff5f9ca81fc1eac5640768bf486b007109c207f2.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
4902d53679849c227912f4b8ff5f9ca81fc1eac5640768bf486b007109c207f2.apk
-
Size
3.7MB
-
MD5
31b668aae3cefc0dade16a28d28573c7
-
SHA1
5b5a2b742e437afefdda5533f1ffc4a3a7f06321
-
SHA256
4902d53679849c227912f4b8ff5f9ca81fc1eac5640768bf486b007109c207f2
-
SHA512
f371abe68c7ce0569f1249934b99dc7c98a0cba6b5c6269ef0f97e6986394e815f761bddda100e65c2fef0db81b993701fadd60af18b10e8c0f98fdecc9bcc32
-
SSDEEP
98304:1BTUpsYPoUz3ao1vz2Q6bA0eSEhh18Qx8092Q9ep5sq4h:1pUWczIvhxQc6h
Malware Config
Extracted
hydra
http://vadkedloepasdlekdqwwe123edlwegbanbemnezdoemsded.com
Signatures
-
Hydra
Android banker and info stealer.
-
Hydra family
-
Hydra payload 2 IoCs
resource yara_rule behavioral3/memory/4834-0.dex family_hydra1 behavioral3/memory/4834-0.dex family_hydra2 -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.drink.pole/app_ice/EiTg.json 4834 com.drink.pole -
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.drink.pole Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.drink.pole -
Reads the contacts stored on the device. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://com.android.contacts/contacts com.drink.pole -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 27 ip-api.com -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.drink.pole -
Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs
Application may abuse the accessibility service to prevent their removal.
ioc Process android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.drink.pole -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.drink.pole -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.drink.pole -
Reads information about phone network operator. 1 TTPs
Processes
-
com.drink.pole1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Reads the contacts stored on the device.
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Queries information about active data network
- Queries the mobile country code (MCC)
PID:4834
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
969KB
MD57d6e151aea5e64de1b3d21b62dc68f8c
SHA1b21f100e16eabf6d096b6f461927ab85b088a78c
SHA2566def1fee8b7a28bf189d335a954dc92e9d57bdf1ee70192cfdeb331c4c990253
SHA512a9ca195086cff9cd66f1c8f76a3d0de12cb029e3e63acff06687188b98164f77c56ed4e26abf79852974209a7289480ea94c70ff3b0a764c7b3fb6c2ff032bcf
-
Filesize
969KB
MD54a369556256a317d5c4fc87ec019ca4f
SHA1d2303c6df95721d33bd0c57b2f59f0465d59e536
SHA25614b191cd06a67cbb8f4f1aa99e73debd434b50c348004ad5ad6fa673f319bd8d
SHA512529db678c66b06f6073a16fe79fe2b7daa6509767591224ead2664396b560eea0a2f6fb062631e27dc95c987042528f34739a6e19133b5f7f83cb75ba6917676
-
Filesize
2.2MB
MD503e6f036cf9c79c0390146b07de02a8a
SHA1518103de9468ea660b63d1e773bc397add211de1
SHA2564f8ae26496d1fbb51dada64620bcdd3e67c5812365e4148c98d00aa60ea046bc
SHA512a289d4a1fbe6147cc3f6d408fc622b14322caea3023c4070a736d8e4b9fa61b4652df7ee0e7a4ba4acb467eea1a45c5b2f24c5bfd13c8b976be3f7f7a3eec72d