Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

Lol.apk

android-9-x86

10

Lol.apk

android-10-x64

10

Lol.apk

android-11-x64

10

amap_resou..._0.apk

android-9-x86

amap_resou..._0.apk

android-10-x64

amap_resou..._0.apk

android-11-x64

consentform.html

windows7-x64

1

consentform.html

windows10-2004-x64

1

libByteAINN.so

debian-9-armhf

1

libbuffer.so

debian-9-armhf

1

libfile_lock.so

debian-9-armhf

1

libgifimage.so

debian-9-armhf

1

libheif.so

debian-9-armhf

1

libnative-filters.so

debian-9-armhf

1

libnpth_dl.so

debian-9-armhf

1

libttmverify.so

debian-9-armhf

1

libttmverifylite.so

debian-9-armhf

1

libvcnverify.so

debian-9-armhf

1

libvcnverifylite.so

debian-9-armhf

1

webvideo.html

windows7-x64

1

webvideo.html

windows10-2004-x64

1

zepto.min.js

windows7-x64

1

zepto.min.js

windows10-2004-x64

1

Resubmissions

08/09/2023, 03:26

230908-dzpm2sgc54 10

01/08/2023, 11:42

230801-nvdp4agf6v 10

01/08/2023, 11:24

230801-nhn1asge81 10

Analysis

  • max time kernel
    1926668s
  • max time network
    162s
  • platform
    android_x64
  • resource
    android-x64-arm64-20230831-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230831-enlocale:en-usos:android-11-x64system
  • submitted
    08/09/2023, 03:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Lol.apk

  • Size

    3.7MB

  • MD5

    10f5a518febd8b0b08b7f69982bc0a7d

  • SHA1

    77137ca4881b82a9baf3dea99e03ce92c89cc742

  • SHA256

    238cdfbab88cbcb6b1a2379b2a18c993640c1f498c4cb0e9faef408331f41c0b

  • SHA512

    52c557425b2eff4f244c2c34280118e913574c0b3a51bff966c4fb4538afdc1220ad6f94956098aeb53cee4984aeff30142f148f6e19c1a978af6d0e7801f918

  • SSDEEP

    98304:z/Se3GAtk9/CYItyoKmFTwgzOOH2qWS9Rr:+e33tcPItTvFcg5W6b

Score
10/10
hookevasioninfostealerrattrojan

Malware Config

Extracted

Family

hook

C2

http://193.233.196.2:3434

Extracted

Family

hook

C2

http://193.233.196.2:3434

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service. 3 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Removes a system notification. 1 IoCs
    evasion

Processes

  • com.dogilowopuna.zico
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Removes a system notification.
    PID:4465

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/oat/pskPXGY.json.cur.prof
    Filesize

    3KB

    MD5

    ce9ab1e3e554bf9961b18e6cdb06a4f7

    SHA1

    32770227381320d116224f7bf924e60fc140464b

    SHA256

    4ddea8401595b4f85daee925ff7876aad5c555df2de577843206d53e2cf39636

    SHA512

    6d0fbd1f0195cd1da12b92108cf38675a7829fc56f129778213911db33d8e48e2cf86418405bbb544165fa530d8fa2d58e720fac50fee421df13a980e1e95a89

    Download Submit

  • /data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json
    Filesize

    704KB

    MD5

    9bfea1b2027ec1635c3590e0ea14e3cf

    SHA1

    9cc1ea7f49e361961be1f5d2ab43658d41f86d59

    SHA256

    f2620b302348120f00c9bd7a3e0a6cbef991b484edcdcdd915fbbd13ac861eb4

    SHA512

    4e17d67bcd5f5361a3d9b27f4fbc29969b25a2686edffa9872e7bca1a6528b4eaaf7f90541eda8d31583d8e515b1a20d4d1b20dd4a88c9e83e07d91d525de4a1

    Download Submit

  • /data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json
    Filesize

    704KB

    MD5

    4c5cc08fbf8fe10e34fc490fef580f3c

    SHA1

    92f11a0ec664e21d5546109af27ac481d4741b8f

    SHA256

    604976f65004e5c54cd7ded095be2b42aae134c7e48c4bbef1faea342b8ed878

    SHA512

    f69b6877c057b0907b60a429d20af46f48931b3e95ab429ec2f580e1c6fa61232b0177a3dac18292f7bb4cef82d3dfe9e9263d929ffa1a8ffc1fb0319d3ab214

    Download Submit

  • /data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json
    Filesize

    1.5MB

    MD5

    cf80a0964d7adb2dc9ab389185abcff1

    SHA1

    a630b6d63b9be79f2fe9f2fc38c91fcbc1d8d6ea

    SHA256

    f90f95cb686db2f9ce0607038438527e3665ca8e33c38fd168834f6d96def4ed

    SHA512

    ef1a6f7c47772fd49ae2fda552df4f54fea83e30c99980ae8e0863b4abcfe2d7cb9869449962129cb560760d49ee6349add36e6ca7417e6cf0e9f99d86a3ee53

    Download Submit

  • /data/user/0/com.dogilowopuna.zico/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    7e858c4054eb00fcddc653a04e5cd1c6

    SHA1

    2e056bf31a8d78df136f02a62afeeca77f4faccf

    SHA256

    9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

    SHA512

    d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

    Download Submit

  • /data/user/0/com.dogilowopuna.zico/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    982193774cb48e8d321a33f9c3b694e4

    SHA1

    bd605f44183872f29e84028cd2418915bb81d4de

    SHA256

    f005010ec69ade9a6c037d8c2f174aa1a16031b146bfc09d3d1c75280ae5f609

    SHA512

    bc220503bd124069ee924dcc33f7a81b9ab7c114120d88e7e4f81194d2f5d15652e3063234e6d77a9574002da69a972b3ee94b37135078b7316571b9dd9a29f5

    Download Submit

  • /data/user/0/com.dogilowopuna.zico/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/user/0/com.dogilowopuna.zico/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    41ef082384bc494d2d9dad3916e1387b

    SHA1

    8614b17dd0b7ca0110bc80985d9f7daa9a6e9508

    SHA256

    c04b0fe979a5f93679857c7dd7fcdddd612ca62c62b8fa57747a54c511ed1c07

    SHA512

    1e58ba4edf99e00b6d11430663ed6934b5d9c8718f44b97d5244bd7b9ded2f9ead25d0a852cb795ea925a743b6443385f9c133c1ef3ed1919925b3cd9e345472

    Download Submit

  • /data/user/0/com.dogilowopuna.zico/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    689cc31b08b3333b1401247a3bfa52bb

    SHA1

    293388b41fc31506f696aaad11e55ae22c0840fc

    SHA256

    1c1dd8678dc314e9eb98990a36ae28c0690ea109f7a6817107c8c9a80c482a75

    SHA512

    a379a3df68b86c38e5c18af6a942a1cb78b70ca04844e5b654c64ca719d8ded0d443d3118d89f98387d4607c431407a38242cb431155680ebb23a9d4ca35aa42

    Download Submit

  • /data/user/0/com.dogilowopuna.zico/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    2c9541b28a5c7d6003a4689c346c99ff

    SHA1

    0729ddb0031ea37a4d4098eba66ebb7d97fa8613

    SHA256

    000fd7e611565c6b4d49b466658e606d1c176384c8dbfcd381800f45b0ecdb4b

    SHA512

    548e2ac969e6d378653f938c081e52ae230c3b9781e60b8c19cbbc8942dcd36a212477f3e71c6dacef455652085937a6c8ca73cf90fec0041b768e47b25e4864

    Download Submit