Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
7Lol.apk
android-9-x86
10Lol.apk
android-10-x64
10Lol.apk
android-11-x64
10amap_resou..._0.apk
android-9-x86
amap_resou..._0.apk
android-10-x64
amap_resou..._0.apk
android-11-x64
consentform.html
windows7-x64
1consentform.html
windows10-2004-x64
1libByteAINN.so
debian-9-armhf
1libbuffer.so
debian-9-armhf
1libfile_lock.so
debian-9-armhf
1libgifimage.so
debian-9-armhf
1libheif.so
debian-9-armhf
1libnative-filters.so
debian-9-armhf
1libnpth_dl.so
debian-9-armhf
1libttmverify.so
debian-9-armhf
1libttmverifylite.so
debian-9-armhf
1libvcnverify.so
debian-9-armhf
1libvcnverifylite.so
debian-9-armhf
1webvideo.html
windows7-x64
1webvideo.html
windows10-2004-x64
1zepto.min.js
windows7-x64
1zepto.min.js
windows10-2004-x64
1Resubmissions
08/09/2023, 03:26
230908-dzpm2sgc54 1001/08/2023, 11:42
230801-nvdp4agf6v 1001/08/2023, 11:24
230801-nhn1asge81 10Analysis
-
max time kernel
1926667s -
max time network
161s -
platform
android_x64 -
resource
android-x64-20230831-en -
resource tags
androidarch:x64arch:x86image:android-x64-20230831-enlocale:en-usos:android-10-x64system -
submitted
08/09/2023, 03:26
Static task
static1
Behavioral task
behavioral1
Sample
Lol.apk
Resource
android-x86-arm-20230831-en
Behavioral task
behavioral2
Sample
Lol.apk
Resource
android-x64-20230831-en
Behavioral task
behavioral3
Sample
Lol.apk
Resource
android-x64-arm64-20230831-en
Behavioral task
behavioral4
Sample
amap_resource1_0_0.apk
Resource
android-x86-arm-20230831-en
Behavioral task
behavioral5
Sample
amap_resource1_0_0.apk
Resource
android-x64-20230831-en
Behavioral task
behavioral6
Sample
amap_resource1_0_0.apk
Resource
android-x64-arm64-20230831-en
Behavioral task
behavioral7
Sample
consentform.html
Resource
win7-20230831-en
Behavioral task
behavioral8
Sample
consentform.html
Resource
win10v2004-20230831-en
Behavioral task
behavioral9
Sample
libByteAINN.so
Resource
debian9-armhf-20230831-en
Behavioral task
behavioral10
Sample
libbuffer.so
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral11
Sample
libfile_lock.so
Resource
debian9-armhf-20230831-en
Behavioral task
behavioral12
Sample
libgifimage.so
Resource
debian9-armhf-20230831-en
Behavioral task
behavioral13
Sample
libheif.so
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral14
Sample
libnative-filters.so
Resource
debian9-armhf-20230831-en
Behavioral task
behavioral15
Sample
libnpth_dl.so
Resource
debian9-armhf-20230831-en
Behavioral task
behavioral16
Sample
libttmverify.so
Resource
debian9-armhf-20230831-en
Behavioral task
behavioral17
Sample
libttmverifylite.so
Resource
debian9-armhf-20230831-en
Behavioral task
behavioral18
Sample
libvcnverify.so
Resource
debian9-armhf-20230831-en
Behavioral task
behavioral19
Sample
libvcnverifylite.so
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral20
Sample
webvideo.html
Resource
win7-20230831-en
Behavioral task
behavioral21
Sample
webvideo.html
Resource
win10v2004-20230831-en
Behavioral task
behavioral22
Sample
zepto.min.js
Resource
win7-20230831-en
Behavioral task
behavioral23
Sample
zepto.min.js
Resource
win10v2004-20230831-en
General
-
Target
Lol.apk
-
Size
3.7MB
-
MD5
10f5a518febd8b0b08b7f69982bc0a7d
-
SHA1
77137ca4881b82a9baf3dea99e03ce92c89cc742
-
SHA256
238cdfbab88cbcb6b1a2379b2a18c993640c1f498c4cb0e9faef408331f41c0b
-
SHA512
52c557425b2eff4f244c2c34280118e913574c0b3a51bff966c4fb4538afdc1220ad6f94956098aeb53cee4984aeff30142f148f6e19c1a978af6d0e7801f918
-
SSDEEP
98304:z/Se3GAtk9/CYItyoKmFTwgzOOH2qWS9Rr:+e33tcPItTvFcg5W6b
Malware Config
Extracted
hook
http://193.233.196.2:3434
Extracted
hook
http://193.233.196.2:3434
Signatures
-
Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
-
Makes use of the framework's Accessibility service. 3 IoCs
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.dogilowopuna.zico Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.dogilowopuna.zico Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText com.dogilowopuna.zico -
pid Process 4851 com.dogilowopuna.zico -
Acquires the wake lock. 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.dogilowopuna.zico -
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json 4851 com.dogilowopuna.zico -
Reads information about phone network operator.
-
Removes a system notification. 1 IoCs
description ioc Process Framework service call android.app.INotificationManager.cancelNotificationWithTag com.dogilowopuna.zico -
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.dogilowopuna.zico
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5ed951ebd0d9b582b0f33df7c0ccf2d49
SHA14add8f66b4a70acbf9b71ff23bd683f48e41032f
SHA256588eae818a895f4f12a4d51120ba046dfe1991b9ea760ad0cd8ee0c40cf34822
SHA512a9c7a03fb2ceafa46f231ecf04a40a9b0e2d7ea7c67f6f33ed50a7cb81a86199452c2dd8ebe54d3f2ddb5d6c5914285fb26148289565e24da57ccb2922981931
-
Filesize
4KB
MD5c94a5a7ff1d5d7f44e476fefbb3c2035
SHA14075bfc3c9ace7ac5ed14e159f1cbc986426a650
SHA2560b22132420ced7862347267a93117cb1f6b245c317aa85b75fd5dbcffa40ea95
SHA5120b0eeb43aebc928d4de78a5b9e64ea27e67c34d84d7183a17f546c52e17ccc4fd5fcfa2e2ef64d3c73ea2a5f1e22dfc833fb0f4b82b3f71f405a43e417c90489
-
Filesize
704KB
MD59bfea1b2027ec1635c3590e0ea14e3cf
SHA19cc1ea7f49e361961be1f5d2ab43658d41f86d59
SHA256f2620b302348120f00c9bd7a3e0a6cbef991b484edcdcdd915fbbd13ac861eb4
SHA5124e17d67bcd5f5361a3d9b27f4fbc29969b25a2686edffa9872e7bca1a6528b4eaaf7f90541eda8d31583d8e515b1a20d4d1b20dd4a88c9e83e07d91d525de4a1
-
Filesize
704KB
MD54c5cc08fbf8fe10e34fc490fef580f3c
SHA192f11a0ec664e21d5546109af27ac481d4741b8f
SHA256604976f65004e5c54cd7ded095be2b42aae134c7e48c4bbef1faea342b8ed878
SHA512f69b6877c057b0907b60a429d20af46f48931b3e95ab429ec2f580e1c6fa61232b0177a3dac18292f7bb4cef82d3dfe9e9263d929ffa1a8ffc1fb0319d3ab214
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD503dd45ccbe623759a159749af965fcb4
SHA1588d79319fec64d972feda8b93ebaef9fe8bf570
SHA256577c965f12f5a10153d25ecd1d84f70ffe73154df00d92c99c90fd5b9d50a679
SHA512ade7e6490b915f5725fe58d76c66acd65fa1ca435ccc898b702609e2b0773b599dff41bc365a1b64b902f8cd02d3c5fd4ad38350846f7438492210565fe54241
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
16KB
MD5364ed9e466deb6c603399a82a986a128
SHA15503a7a95bb8e253ac41816b8878d79b777de0dc
SHA25618ed7065a180f1ab66f081809a7287f7d38d365048c8de51acbbd601650d9b23
SHA5127ec24834fff1bd33f3b54e6edd597506c6232b290ea0befe832944581abd008972bd78ecdb64a31417e9d94a6af7fc2d506bcf4f208f628ff558c18675f2f4d9
-
Filesize
108KB
MD5cb2316e7604d74a7dfd2b3ada414ba56
SHA1ddc0b39e1a380211cb370c08f50c6bc11f278601
SHA256c881604f09f1cc79703ec2500d6014ead1a842ddc0aa3f8b2f448d0c79811af6
SHA51250ad776c65f845fb194a7a754214a76aceb3474d6db79d08c7f71048deb8cbd607cd82fbfb094a53a7b0d95a1184c27ac1dff30c8e04ea3fc33b78cce2f56066
-
Filesize
173KB
MD5688270ebe30ea755716f5ba9ad909a00
SHA17f9544ad6cc993026bc9fccfe506f9d2641738be
SHA25623ebf71c637ff7530fe0eb7304652508113dda2c2e0093776c5c43203da11d98
SHA51280ffbd0818a29736ca17ba41f57e4cf5e41e6641160fe101d85075e85e06b93052b8669624b15c4068765783c7211abff70d431d29954cad1abf2fa0835d9ff9
-
Filesize
1.5MB
MD5cf80a0964d7adb2dc9ab389185abcff1
SHA1a630b6d63b9be79f2fe9f2fc38c91fcbc1d8d6ea
SHA256f90f95cb686db2f9ce0607038438527e3665ca8e33c38fd168834f6d96def4ed
SHA512ef1a6f7c47772fd49ae2fda552df4f54fea83e30c99980ae8e0863b4abcfe2d7cb9869449962129cb560760d49ee6349add36e6ca7417e6cf0e9f99d86a3ee53