Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
android-11_x64 -
resource
android-x64-arm64-20240910-en -
resource tags
arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system -
submitted
18/03/2025, 22:01
Static task
static1
Behavioral task
behavioral1
Sample
00a251eca7976dc909866069f9f958dac997d104af97e426e8c83c978d6bf6b9.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
00a251eca7976dc909866069f9f958dac997d104af97e426e8c83c978d6bf6b9.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
00a251eca7976dc909866069f9f958dac997d104af97e426e8c83c978d6bf6b9.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
00a251eca7976dc909866069f9f958dac997d104af97e426e8c83c978d6bf6b9.apk
-
Size
2.8MB
-
MD5
14357e3f45504b432a77e079d35e6d2c
-
SHA1
5f2a9cc9fbfe092b8fd1718f5624dac2a044765d
-
SHA256
00a251eca7976dc909866069f9f958dac997d104af97e426e8c83c978d6bf6b9
-
SHA512
1065f8c0283f50faf37880cb71e821f0f3f372dd89b48bf78e6fffa6ce80d8aead0cc762d698d9188e79445f952a60218da92c96442f96144af435c7b0e4d530
-
SSDEEP
49152:Og94iDJWHokkWK+CP87kzKLvE3/5wH0bXQ58MGhrnHrAI+y1HDDz64uTMONK:zqG+aS6avEv5IBchrnHcaHv+xrNK
Malware Config
Extracted
hydra
http://vadkedloepasdlekdqwwe123edlwegbanbemnezdoemsded.com
Signatures
-
Hydra
Android banker and info stealer.
-
Hydra family
-
Hydra payload 2 IoCs
resource yara_rule behavioral3/memory/4810-0.dex family_hydra1 behavioral3/memory/4810-0.dex family_hydra2 -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.another.night/app_anchor/EjoDy.json 4810 com.another.night -
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.another.night Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.another.night -
Reads the contacts stored on the device. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://com.android.contacts/contacts com.another.night -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 27 ip-api.com -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.another.night -
Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs
Application may abuse the accessibility service to prevent their removal.
ioc Process android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.another.night -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.another.night -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.another.night -
Reads information about phone network operator. 1 TTPs
Processes
-
com.another.night1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Reads the contacts stored on the device.
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Queries information about active data network
- Queries the mobile country code (MCC)
PID:4810
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
969KB
MD5e73c797f3499e86aea6cdaf7606c2ea2
SHA1613b732863f31f23cae7311bb11d8b5ced68e3ad
SHA256a84ee9d45a9a7666ceef705f81fd24e05292cf456f648e3618532472bfd2da01
SHA51252a9e86b95f6ece00c7682514c8d9a66030c41bd88fa580cc528a19a4d6c06873732ad57383868c8e448c21412e8dd6df9401bf80f0d4c2b230906756e44174c
-
Filesize
969KB
MD55ff51cf7a288807ef4a0b91e30cfb67e
SHA1fa942c8203aab9ff5a37a13216293171b8f88702
SHA25657a84fa16906704b800cc621eebae1f75b5230b435c23f5381722e8bce03347c
SHA5128919e7f2450ad9315d829fbc3c1e862759e4cc891ae770d9476d78324fb076252c765bf708051097c5e2db4b68a40f1d9ef84a0cbbda1655242f473d2acc1bba
-
Filesize
2.2MB
MD5a902388018fbc88da24db97eb3999cd6
SHA196bdcb04d3e80b45776f946b912928cba7566b84
SHA25669e46e3c370d64ce58d947e892f04e91ba3ffcc7f5b1014f6b491e50376fdf16
SHA512f2351a232abbdad008f130c098f89057d1d064d28f095b1a791007246b4c344e9712a37226c5619aaadf7b15c7b4c0cb5ae16039664d11342c01fa39857a3a61