Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b11df71b3099e5c86b729985aebc508226cbb1f2b5dfdf5971e5b89ce5e03878.bin
-
Size
2.7MB
-
Sample
230728-e3fpzscb81
-
MD5
6fdc277e3f0aeffba6fab9f96cb5e854
-
SHA1
4160eb58897f1e8ce69a84ff05071abef49d7ca0
-
SHA256
b11df71b3099e5c86b729985aebc508226cbb1f2b5dfdf5971e5b89ce5e03878
-
SHA512
a63bfdb70404f1b165fd5cd3b65de04787e8014ea4373c39190abfbec79958666507074ee9bfa763f4f0651aec38302bf8f022bb77915d91b205c1c59d2eeed6
-
SSDEEP
49152:7/zRG5OQgZKv4v0SWrqj0q7YmJ2VibUnDMaPiQEGCVEyFVdMYx/i:jFGqkvaasJqDMa/EL+I4
Static task
static1
Behavioral task
behavioral1
Sample
b11df71b3099e5c86b729985aebc508226cbb1f2b5dfdf5971e5b89ce5e03878.apk
Resource
android-x86-arm-20230621-en
Behavioral task
behavioral2
Sample
b11df71b3099e5c86b729985aebc508226cbb1f2b5dfdf5971e5b89ce5e03878.apk
Resource
android-x64-20230621-en
Behavioral task
behavioral3
Sample
b11df71b3099e5c86b729985aebc508226cbb1f2b5dfdf5971e5b89ce5e03878.apk
Resource
android-x64-arm64-20230621-en
Behavioral task
behavioral4
Sample
cross_bk_grass_day.ps1
Resource
win7-20230712-en
Behavioral task
behavioral5
Sample
cross_bk_grass_day.ps1
Resource
win10v2004-20230703-en
Malware Config
Extracted
hook
http://5.42.199.22:3434
Targets
-
-
Target
b11df71b3099e5c86b729985aebc508226cbb1f2b5dfdf5971e5b89ce5e03878.bin
-
Size
2.7MB
-
MD5
6fdc277e3f0aeffba6fab9f96cb5e854
-
SHA1
4160eb58897f1e8ce69a84ff05071abef49d7ca0
-
SHA256
b11df71b3099e5c86b729985aebc508226cbb1f2b5dfdf5971e5b89ce5e03878
-
SHA512
a63bfdb70404f1b165fd5cd3b65de04787e8014ea4373c39190abfbec79958666507074ee9bfa763f4f0651aec38302bf8f022bb77915d91b205c1c59d2eeed6
-
SSDEEP
49152:7/zRG5OQgZKv4v0SWrqj0q7YmJ2VibUnDMaPiQEGCVEyFVdMYx/i:jFGqkvaasJqDMa/EL+I4
Score10/10-
Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
-
Makes use of the framework's Accessibility service.
-
Acquires the wake lock.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Removes a system notification.
-
Uses Crypto APIs (Might try to encrypt user data).
-
-
-
Target
cross_bk_grass_day.png
-
Size
81KB
-
MD5
6c5432bbb767f5ce9b9a389dab54b5e2
-
SHA1
d4dbce3781c86ad24d11f5ceed207a1062b726b0
-
SHA256
9fea3903045f19aabcd53ac40bd5ba3c258d8b681a2f08677a14ec3227a09aa5
-
SHA512
68bc65b34f51646db4d65418df0cc0ffafbc9fd069300862c6e8eaff49f0cb8614daf1a13381ab8b10c3f15a25fe791b128804f4695b7a77de7d98ff6bc9bd73
-
SSDEEP
1536:SK+8zw0HVjLuWwMPNa8Ei6f1jd91fepYCQGh8hB60TKOFeEnutVJy84i1P:l+2rlLhwWaLvFfesGMBdKOXnc4wP
Score1/10 -