Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

b11df71b30...78.apk

android-9-x86

10

b11df71b30...78.apk

android-10-x64

10

b11df71b30...78.apk

android-11-x64

10

cross_bk_g...ay.ps1

windows7-x64

1

cross_bk_g...ay.ps1

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b11df71b3099e5c86b729985aebc508226cbb1f2b5dfdf5971e5b89ce5e03878.bin

  • Size

    2.7MB

  • Sample

    230728-e3fpzscb81

  • MD5

    6fdc277e3f0aeffba6fab9f96cb5e854

  • SHA1

    4160eb58897f1e8ce69a84ff05071abef49d7ca0

  • SHA256

    b11df71b3099e5c86b729985aebc508226cbb1f2b5dfdf5971e5b89ce5e03878

  • SHA512

    a63bfdb70404f1b165fd5cd3b65de04787e8014ea4373c39190abfbec79958666507074ee9bfa763f4f0651aec38302bf8f022bb77915d91b205c1c59d2eeed6

  • SSDEEP

    49152:7/zRG5OQgZKv4v0SWrqj0q7YmJ2VibUnDMaPiQEGCVEyFVdMYx/i:jFGqkvaasJqDMa/EL+I4

Score
10/10
hookandroidevasioninfostealerransomwareratstealthtrojan

Malware Config

Extracted

Family

hook

C2

http://5.42.199.22:3434

AES_key

Targets

    • Target

      b11df71b3099e5c86b729985aebc508226cbb1f2b5dfdf5971e5b89ce5e03878.bin

    • Size

      2.7MB

    • MD5

      6fdc277e3f0aeffba6fab9f96cb5e854

    • SHA1

      4160eb58897f1e8ce69a84ff05071abef49d7ca0

    • SHA256

      b11df71b3099e5c86b729985aebc508226cbb1f2b5dfdf5971e5b89ce5e03878

    • SHA512

      a63bfdb70404f1b165fd5cd3b65de04787e8014ea4373c39190abfbec79958666507074ee9bfa763f4f0651aec38302bf8f022bb77915d91b205c1c59d2eeed6

    • SSDEEP

      49152:7/zRG5OQgZKv4v0SWrqj0q7YmJ2VibUnDMaPiQEGCVEyFVdMYx/i:jFGqkvaasJqDMa/EL+I4

    Score
    10/10
    hookevasioninfostealerrattrojanransomwarestealth

    • Hook

      Hook is an Android malware that is based on Ermac with RAT capabilities.

      rattrojaninfostealerhook

    • Makes use of the framework's Accessibility service.

    • Removes its main activity from the application launcher

      stealthtrojan

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion

    • Removes a system notification.

      evasion

    • Uses Crypto APIs (Might try to encrypt user data).

      ransomware
    behavioral1behavioral2behavioral3

    • Target

      cross_bk_grass_day.png

    • Size

      81KB

    • MD5

      6c5432bbb767f5ce9b9a389dab54b5e2

    • SHA1

      d4dbce3781c86ad24d11f5ceed207a1062b726b0

    • SHA256

      9fea3903045f19aabcd53ac40bd5ba3c258d8b681a2f08677a14ec3227a09aa5

    • SHA512

      68bc65b34f51646db4d65418df0cc0ffafbc9fd069300862c6e8eaff49f0cb8614daf1a13381ab8b10c3f15a25fe791b128804f4695b7a77de7d98ff6bc9bd73

    • SSDEEP

      1536:SK+8zw0HVjLuWwMPNa8Ei6f1jd91fepYCQGh8hB60TKOFeEnutVJy84i1P:l+2rlLhwWaLvFfesGMBdKOXnc4wP

    Score
    1/10
    behavioral4behavioral5

MITRE ATT&CK Matrix

Tasks