Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
295802s -
max time network
164s -
platform
android_x64 -
resource
android-x64-arm64 -
submitted
15/06/2021, 21:40
Static task
static1
Behavioral task
behavioral1
Sample
install.apk
Resource
android-x86-arm
android_x86
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
install.apk
Resource
android-x64-arm64
android_x64
0 signatures
0 seconds
General
-
Target
install.apk
-
Size
2.4MB
-
MD5
81e5d4cb43893bd79d26fb589bb9d178
-
SHA1
9f2278233e96766ea536d781c4bce7ba719ffb73
-
SHA256
417c5edf9255d9320904204efaf804ddd9be754dcccc2e5f136a32c5a940f28a
-
SHA512
0e6349c16fe35e3b9c7b47dec1f2f1719bdc7bb71688ec90f6422214ee6ca251538ae8ba79f21a46a8738e687b344e690793887ef2b1bfb45876d6db28724b3c
Malware Config
Signatures
-
BlackRock
BlackRock is an android banker based on Xerxes banking Trojan.
-
BlackRock Payload 4 IoCs
resource yara_rule behavioral2/memory/4026-0.dex family_blackrock behavioral2/memory/4026-1.dex family_blackrock behavioral2/memory/6259-0.dex family_blackrock behavioral2/memory/6259-1.dex family_blackrock -
Loads dropped Dex/Jar 4 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/world.cool.excuse/app_DynamicOptDex/fqZNHw.json 4026 world.cool.excuse /data/user/0/world.cool.excuse/app_DynamicOptDex/fqZNHw.json 4026 world.cool.excuse /data/user/0/world.cool.excuse/app_DynamicOptDex/fqZNHw.json 6259 world.cool.excuse:cproc /data/user/0/world.cool.excuse/app_DynamicOptDex/fqZNHw.json 6259 world.cool.excuse:cproc -
Requests enabling of the accessibility settings. 1 IoCs
description ioc Process Intent action android.settings.ACCESSIBILITY_SETTINGS world.cool.excuse:cproc -
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal world.cool.excuse:cproc -
Uses reflection 54 IoCs
description pid Process Invokes method java.lang.Object.getClass 4026 world.cool.excuse Invokes method android.content.res.AssetManager.addAssetPath 4026 world.cool.excuse Invokes method android.app.ContextImpl.getAssets 4026 world.cool.excuse Invokes method java.lang.Object.getClass 4026 world.cool.excuse Invokes method android.content.res.AssetManager.open 4026 world.cool.excuse Invokes method java.io.FilterInputStream.read 4026 world.cool.excuse Invokes method java.io.FilterInputStream.read 4026 world.cool.excuse Invokes method java.io.BufferedInputStream.read 4026 world.cool.excuse Invokes method java.lang.Object.getClass 4026 world.cool.excuse Invokes method java.io.BufferedInputStream.close 4026 world.cool.excuse Invokes method java.lang.Object.getClass 4026 world.cool.excuse Invokes method java.lang.String.getBytes 4026 world.cool.excuse Invokes method java.lang.Object.getClass 4026 world.cool.excuse Invokes method java.io.FileOutputStream.write 4026 world.cool.excuse Invokes method java.lang.Object.getClass 4026 world.cool.excuse Invokes method java.io.BufferedInputStream.close 4026 world.cool.excuse Invokes method java.lang.Object.getClass 4026 world.cool.excuse Invokes method java.io.FilterOutputStream.close 4026 world.cool.excuse Invokes method android.app.ActivityThread.currentActivityThread 4026 world.cool.excuse Acesses field android.app.ActivityThread.mPackages 4026 world.cool.excuse Invokes method java.lang.reflect.Field.get 4026 world.cool.excuse Invokes method java.lang.Object.getClass 4026 world.cool.excuse Invokes method java.lang.ref.Reference.get 4026 world.cool.excuse Invokes method java.lang.ref.Reference.get 4026 world.cool.excuse Acesses field android.app.LoadedApk.mClassLoader 4026 world.cool.excuse Invokes method java.lang.reflect.Field.get 4026 world.cool.excuse Acesses field android.app.LoadedApk.mClassLoader 4026 world.cool.excuse Invokes method java.lang.Object.getClass 6259 world.cool.excuse:cproc Invokes method android.content.res.AssetManager.addAssetPath 6259 world.cool.excuse:cproc Invokes method android.app.ContextImpl.getAssets 6259 world.cool.excuse:cproc Invokes method java.lang.Object.getClass 6259 world.cool.excuse:cproc Invokes method android.content.res.AssetManager.open 6259 world.cool.excuse:cproc Invokes method java.io.FilterInputStream.read 6259 world.cool.excuse:cproc Invokes method java.io.FilterInputStream.read 6259 world.cool.excuse:cproc Invokes method java.io.BufferedInputStream.read 6259 world.cool.excuse:cproc Invokes method java.lang.Object.getClass 6259 world.cool.excuse:cproc Invokes method java.io.BufferedInputStream.close 6259 world.cool.excuse:cproc Invokes method java.lang.Object.getClass 6259 world.cool.excuse:cproc Invokes method java.lang.String.getBytes 6259 world.cool.excuse:cproc Invokes method java.lang.Object.getClass 6259 world.cool.excuse:cproc Invokes method java.io.FileOutputStream.write 6259 world.cool.excuse:cproc Invokes method java.lang.Object.getClass 6259 world.cool.excuse:cproc Invokes method java.io.BufferedInputStream.close 6259 world.cool.excuse:cproc Invokes method java.lang.Object.getClass 6259 world.cool.excuse:cproc Invokes method java.io.FilterOutputStream.close 6259 world.cool.excuse:cproc Invokes method android.app.ActivityThread.currentActivityThread 6259 world.cool.excuse:cproc Acesses field android.app.ActivityThread.mPackages 6259 world.cool.excuse:cproc Invokes method java.lang.reflect.Field.get 6259 world.cool.excuse:cproc Invokes method java.lang.Object.getClass 6259 world.cool.excuse:cproc Invokes method java.lang.ref.Reference.get 6259 world.cool.excuse:cproc Invokes method java.lang.ref.Reference.get 6259 world.cool.excuse:cproc Acesses field android.app.LoadedApk.mClassLoader 6259 world.cool.excuse:cproc Invokes method java.lang.reflect.Field.get 6259 world.cool.excuse:cproc Acesses field android.app.LoadedApk.mClassLoader 6259 world.cool.excuse:cproc