Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
151s -
platform
android-10_x64 -
resource
android-x64-20240910-en -
resource tags
arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system -
submitted
18/03/2025, 22:01
Static task
static1
Behavioral task
behavioral1
Sample
00a251eca7976dc909866069f9f958dac997d104af97e426e8c83c978d6bf6b9.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
00a251eca7976dc909866069f9f958dac997d104af97e426e8c83c978d6bf6b9.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
00a251eca7976dc909866069f9f958dac997d104af97e426e8c83c978d6bf6b9.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
00a251eca7976dc909866069f9f958dac997d104af97e426e8c83c978d6bf6b9.apk
-
Size
2.8MB
-
MD5
14357e3f45504b432a77e079d35e6d2c
-
SHA1
5f2a9cc9fbfe092b8fd1718f5624dac2a044765d
-
SHA256
00a251eca7976dc909866069f9f958dac997d104af97e426e8c83c978d6bf6b9
-
SHA512
1065f8c0283f50faf37880cb71e821f0f3f372dd89b48bf78e6fffa6ce80d8aead0cc762d698d9188e79445f952a60218da92c96442f96144af435c7b0e4d530
-
SSDEEP
49152:Og94iDJWHokkWK+CP87kzKLvE3/5wH0bXQ58MGhrnHrAI+y1HDDz64uTMONK:zqG+aS6avEv5IBchrnHcaHv+xrNK
Malware Config
Extracted
hydra
http://vadkedloepasdlekdqwwe123edlwegbanbemnezdoemsded.com
Signatures
-
Hydra
Android banker and info stealer.
-
Hydra family
-
Hydra payload 2 IoCs
resource yara_rule behavioral2/memory/5241-0.dex family_hydra1 behavioral2/memory/5241-0.dex family_hydra2 -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.another.night/app_anchor/EjoDy.json 5241 com.another.night -
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.another.night Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.another.night -
Reads the contacts stored on the device. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://com.android.contacts/contacts com.another.night -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 15 ip-api.com -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.another.night -
Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs
Application may abuse the accessibility service to prevent their removal.
ioc Process android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.another.night -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.another.night -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.another.night -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.another.night
Processes
-
com.another.night1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Reads the contacts stored on the device.
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5241
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
969KB
MD5e73c797f3499e86aea6cdaf7606c2ea2
SHA1613b732863f31f23cae7311bb11d8b5ced68e3ad
SHA256a84ee9d45a9a7666ceef705f81fd24e05292cf456f648e3618532472bfd2da01
SHA51252a9e86b95f6ece00c7682514c8d9a66030c41bd88fa580cc528a19a4d6c06873732ad57383868c8e448c21412e8dd6df9401bf80f0d4c2b230906756e44174c
-
Filesize
969KB
MD55ff51cf7a288807ef4a0b91e30cfb67e
SHA1fa942c8203aab9ff5a37a13216293171b8f88702
SHA25657a84fa16906704b800cc621eebae1f75b5230b435c23f5381722e8bce03347c
SHA5128919e7f2450ad9315d829fbc3c1e862759e4cc891ae770d9476d78324fb076252c765bf708051097c5e2db4b68a40f1d9ef84a0cbbda1655242f473d2acc1bba
-
Filesize
1KB
MD53e6e1f3ce08c409d1e8ac907727a6e8d
SHA117ca9d931e8eff73d500cdb727beb3ea10e88bf1
SHA256930a8b5b805d1288a15b2620c827b23e8895e0b12ad94e831ad7c7087137952d
SHA5120020703190c9e68d472e57e5a4fa334a424223eb3f8edac834484c81d00f33e2f76451adee2c10f3fbd0fea0cfb122c210b9dc35eb8a6b16a92ee34926c64496
-
Filesize
2.2MB
MD5a902388018fbc88da24db97eb3999cd6
SHA196bdcb04d3e80b45776f946b912928cba7566b84
SHA25669e46e3c370d64ce58d947e892f04e91ba3ffcc7f5b1014f6b491e50376fdf16
SHA512f2351a232abbdad008f130c098f89057d1d064d28f095b1a791007246b4c344e9712a37226c5619aaadf7b15c7b4c0cb5ae16039664d11342c01fa39857a3a61