Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

Lol.apk

android-9-x86

10

Lol.apk

android-10-x64

10

Lol.apk

android-11-x64

10

amap_resou..._0.apk

android-9-x86

amap_resou..._0.apk

android-10-x64

amap_resou..._0.apk

android-11-x64

consentform.html

windows7-x64

1

consentform.html

windows10-2004-x64

1

libByteAINN.so

debian-9-armhf

1

libbuffer.so

debian-9-armhf

1

libfile_lock.so

debian-9-armhf

1

libgifimage.so

debian-9-armhf

1

libheif.so

debian-9-armhf

1

libnative-filters.so

debian-9-armhf

1

libnpth_dl.so

debian-9-armhf

1

libttmverify.so

debian-9-armhf

1

libttmverifylite.so

debian-9-armhf

1

libvcnverify.so

debian-9-armhf

1

libvcnverifylite.so

debian-9-armhf

1

webvideo.html

windows7-x64

1

webvideo.html

windows10-2004-x64

1

zepto.min.js

windows7-x64

1

zepto.min.js

windows10-2004-x64

1

Resubmissions

08/09/2023, 03:26

230908-dzpm2sgc54 10

01/08/2023, 11:42

230801-nvdp4agf6v 10

01/08/2023, 11:24

230801-nhn1asge81 10

Analysis

  • max time kernel
    1926667s
  • max time network
    161s
  • platform
    android_x64
  • resource
    android-x64-20230831-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20230831-enlocale:en-usos:android-10-x64system
  • submitted
    08/09/2023, 03:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Lol.apk

  • Size

    3.7MB

  • MD5

    10f5a518febd8b0b08b7f69982bc0a7d

  • SHA1

    77137ca4881b82a9baf3dea99e03ce92c89cc742

  • SHA256

    238cdfbab88cbcb6b1a2379b2a18c993640c1f498c4cb0e9faef408331f41c0b

  • SHA512

    52c557425b2eff4f244c2c34280118e913574c0b3a51bff966c4fb4538afdc1220ad6f94956098aeb53cee4984aeff30142f148f6e19c1a978af6d0e7801f918

  • SSDEEP

    98304:z/Se3GAtk9/CYItyoKmFTwgzOOH2qWS9Rr:+e33tcPItTvFcg5W6b

Score
10/10
hookevasioninfostealerransomwareratstealthtrojan

Malware Config

Extracted

Family

hook

C2

http://193.233.196.2:3434

Extracted

Family

hook

C2

http://193.233.196.2:3434

AES_key

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service. 3 IoCs
  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Removes a system notification. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.dogilowopuna.zico
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Removes a system notification.
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4851

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.dogilowopuna.zico/app_DynamicOptDex/oat/pskPXGY.json.cur.prof
    Filesize

    3KB

    MD5

    ed951ebd0d9b582b0f33df7c0ccf2d49

    SHA1

    4add8f66b4a70acbf9b71ff23bd683f48e41032f

    SHA256

    588eae818a895f4f12a4d51120ba046dfe1991b9ea760ad0cd8ee0c40cf34822

    SHA512

    a9c7a03fb2ceafa46f231ecf04a40a9b0e2d7ea7c67f6f33ed50a7cb81a86199452c2dd8ebe54d3f2ddb5d6c5914285fb26148289565e24da57ccb2922981931

    Download Submit

  • /data/data/com.dogilowopuna.zico/app_DynamicOptDex/oat/pskPXGY.json.cur.prof
    Filesize

    4KB

    MD5

    c94a5a7ff1d5d7f44e476fefbb3c2035

    SHA1

    4075bfc3c9ace7ac5ed14e159f1cbc986426a650

    SHA256

    0b22132420ced7862347267a93117cb1f6b245c317aa85b75fd5dbcffa40ea95

    SHA512

    0b0eeb43aebc928d4de78a5b9e64ea27e67c34d84d7183a17f546c52e17ccc4fd5fcfa2e2ef64d3c73ea2a5f1e22dfc833fb0f4b82b3f71f405a43e417c90489

    Download Submit

  • /data/data/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json
    Filesize

    704KB

    MD5

    9bfea1b2027ec1635c3590e0ea14e3cf

    SHA1

    9cc1ea7f49e361961be1f5d2ab43658d41f86d59

    SHA256

    f2620b302348120f00c9bd7a3e0a6cbef991b484edcdcdd915fbbd13ac861eb4

    SHA512

    4e17d67bcd5f5361a3d9b27f4fbc29969b25a2686edffa9872e7bca1a6528b4eaaf7f90541eda8d31583d8e515b1a20d4d1b20dd4a88c9e83e07d91d525de4a1

    Download Submit

  • /data/data/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json
    Filesize

    704KB

    MD5

    4c5cc08fbf8fe10e34fc490fef580f3c

    SHA1

    92f11a0ec664e21d5546109af27ac481d4741b8f

    SHA256

    604976f65004e5c54cd7ded095be2b42aae134c7e48c4bbef1faea342b8ed878

    SHA512

    f69b6877c057b0907b60a429d20af46f48931b3e95ab429ec2f580e1c6fa61232b0177a3dac18292f7bb4cef82d3dfe9e9263d929ffa1a8ffc1fb0319d3ab214

    Download Submit

  • /data/data/com.dogilowopuna.zico/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.dogilowopuna.zico/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    03dd45ccbe623759a159749af965fcb4

    SHA1

    588d79319fec64d972feda8b93ebaef9fe8bf570

    SHA256

    577c965f12f5a10153d25ecd1d84f70ffe73154df00d92c99c90fd5b9d50a679

    SHA512

    ade7e6490b915f5725fe58d76c66acd65fa1ca435ccc898b702609e2b0773b599dff41bc365a1b64b902f8cd02d3c5fd4ad38350846f7438492210565fe54241

    Download Submit

  • /data/data/com.dogilowopuna.zico/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.dogilowopuna.zico/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    364ed9e466deb6c603399a82a986a128

    SHA1

    5503a7a95bb8e253ac41816b8878d79b777de0dc

    SHA256

    18ed7065a180f1ab66f081809a7287f7d38d365048c8de51acbbd601650d9b23

    SHA512

    7ec24834fff1bd33f3b54e6edd597506c6232b290ea0befe832944581abd008972bd78ecdb64a31417e9d94a6af7fc2d506bcf4f208f628ff558c18675f2f4d9

    Download Submit

  • /data/data/com.dogilowopuna.zico/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    cb2316e7604d74a7dfd2b3ada414ba56

    SHA1

    ddc0b39e1a380211cb370c08f50c6bc11f278601

    SHA256

    c881604f09f1cc79703ec2500d6014ead1a842ddc0aa3f8b2f448d0c79811af6

    SHA512

    50ad776c65f845fb194a7a754214a76aceb3474d6db79d08c7f71048deb8cbd607cd82fbfb094a53a7b0d95a1184c27ac1dff30c8e04ea3fc33b78cce2f56066

    Download Submit

  • /data/data/com.dogilowopuna.zico/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    688270ebe30ea755716f5ba9ad909a00

    SHA1

    7f9544ad6cc993026bc9fccfe506f9d2641738be

    SHA256

    23ebf71c637ff7530fe0eb7304652508113dda2c2e0093776c5c43203da11d98

    SHA512

    80ffbd0818a29736ca17ba41f57e4cf5e41e6641160fe101d85075e85e06b93052b8669624b15c4068765783c7211abff70d431d29954cad1abf2fa0835d9ff9

    Download Submit

  • /data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json
    Filesize

    1.5MB

    MD5

    cf80a0964d7adb2dc9ab389185abcff1

    SHA1

    a630b6d63b9be79f2fe9f2fc38c91fcbc1d8d6ea

    SHA256

    f90f95cb686db2f9ce0607038438527e3665ca8e33c38fd168834f6d96def4ed

    SHA512

    ef1a6f7c47772fd49ae2fda552df4f54fea83e30c99980ae8e0863b4abcfe2d7cb9869449962129cb560760d49ee6349add36e6ca7417e6cf0e9f99d86a3ee53

    Download Submit