Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
149s -
platform
android-10_x64 -
resource
android-x64-20240910-en -
resource tags
arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system -
submitted
25/03/2025, 05:02
Static task
static1
Behavioral task
behavioral1
Sample
e80cb43578f6a8b2ded95c8a2e86076f3661d60e2f18ebd1f094308e1d593c87.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
e80cb43578f6a8b2ded95c8a2e86076f3661d60e2f18ebd1f094308e1d593c87.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
e80cb43578f6a8b2ded95c8a2e86076f3661d60e2f18ebd1f094308e1d593c87.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
e80cb43578f6a8b2ded95c8a2e86076f3661d60e2f18ebd1f094308e1d593c87.apk
-
Size
7.4MB
-
MD5
9326a01f58049dcd9947e91c71972fba
-
SHA1
6686eec12836e010a929df0df3ca87b3d718d348
-
SHA256
e80cb43578f6a8b2ded95c8a2e86076f3661d60e2f18ebd1f094308e1d593c87
-
SHA512
7e1a4a26b384b5c611c6927ff5176fa9f75a6ce7488bfd080b7ea461dad7a54a4267f18d11d826de33fb85cde609824350b41ea59b730e116424397e4d7b3a70
-
SSDEEP
98304:qKkDrOhNgdgC6j6DhdkFjVddWbRIdymNQn8ohd+rnR7Qw4Z2k7Aa3k4uHrLWOgud:kDahNBC6WCNZyZhd+tO7hDtMkuY6fnBv
Malware Config
Signatures
-
Hydra
Android banker and info stealer.
-
Hydra family
-
Hydra payload 1 IoCs
resource yara_rule behavioral2/files/fstream-2.dat family_hydra1 -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.donor.festival/app_DynamicOptDex/mJDPd.json 5237 com.donor.festival /data/user/0/com.donor.festival/app_DynamicOptDex/mJDPd.json 5237 com.donor.festival -
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.donor.festival Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.donor.festival -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 28 IoCs
flow ioc 36 raw.githubusercontent.com 37 raw.githubusercontent.com 49 raw.githubusercontent.com 50 raw.githubusercontent.com 13 raw.githubusercontent.com 27 raw.githubusercontent.com 31 raw.githubusercontent.com 33 raw.githubusercontent.com 35 raw.githubusercontent.com 41 raw.githubusercontent.com 42 raw.githubusercontent.com 45 raw.githubusercontent.com 14 raw.githubusercontent.com 20 raw.githubusercontent.com 21 raw.githubusercontent.com 26 raw.githubusercontent.com 32 raw.githubusercontent.com 38 raw.githubusercontent.com 43 raw.githubusercontent.com 46 raw.githubusercontent.com 29 raw.githubusercontent.com 40 raw.githubusercontent.com 44 raw.githubusercontent.com 47 raw.githubusercontent.com 48 raw.githubusercontent.com 52 raw.githubusercontent.com 28 raw.githubusercontent.com 30 raw.githubusercontent.com -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 17 ip-api.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.donor.festival -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.donor.festival -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.donor.festival
Processes
Network
MITRE ATT&CK Enterprise v15
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.2MB
MD5fbd922d641725f6eb36f149105c4e181
SHA196ec4a009bf356aba9cff46fee72f85b9b085ad0
SHA2562bcf991578325442b0a24759ab70aa0aab5de540a7e4930efae72fcc936a4cc6
SHA512bdc5f047fe4aec5c89e3d7cfa8a1fb09a8388442570042344055054f473601d3a85a20ff797ac030bf190ba99218e83c1494f9e5802e9e67112a1ec7fd650f89
-
Filesize
5.2MB
MD599f6b6d85f85b8b6ce2d16a7f129699b
SHA11c3e3a79bc14b8ce3e4e97914406714a4e572d8e
SHA256692a081dc59ead724bc04cb2d4f35b749de793b756bbcf34d9890aaedc59e51c
SHA5124b1477f9d19215cc3dd245dfb4570120127ac08d286b1ef098202cae6a604eb433bfdf126487c66a7f59d9d2b8db272459abf0c728c31fb3dc0e217f7f3b778b
-
Filesize
1KB
MD59377079364dfcae7bd3246c029032573
SHA1994f9204accc01f36c864023a812439e96109071
SHA256a66f92fa3ef28e6832d4884a3f1185f63a8f4a2bdf78d14cb9b23e218521639f
SHA5121e63d73d6196cbd78e91b1b0bf6b591dbc58d2d064a0099982414ce011f0ee528e5a195623e9230f9e42f7f6f47ef54838c7442387da9ab663d82f42f979ed18