Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1939309s -
max time network
155s -
platform
android_x86 -
resource
android-x86-arm-20230831-en -
resource tags
-
submitted
08/09/2023, 06:57
General
-
Target
Lol.apk
-
Size
3.7MB
-
MD5
10f5a518febd8b0b08b7f69982bc0a7d
-
SHA1
77137ca4881b82a9baf3dea99e03ce92c89cc742
-
SHA256
238cdfbab88cbcb6b1a2379b2a18c993640c1f498c4cb0e9faef408331f41c0b
-
SHA512
52c557425b2eff4f244c2c34280118e913574c0b3a51bff966c4fb4538afdc1220ad6f94956098aeb53cee4984aeff30142f148f6e19c1a978af6d0e7801f918
-
SSDEEP
98304:z/Se3GAtk9/CYItyoKmFTwgzOOH2qWS9Rr:+e33tcPItTvFcg5W6b
Malware Config
Extracted
hook
http://193.233.196.2:3434
Extracted
hook
http://193.233.196.2:3434
Signatures
-
Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
-
Makes use of the framework's Accessibility service. 3 IoCs
-
Removes its main activity from the application launcher 1 IoCs
-
Acquires the wake lock. 1 IoCs
-
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
-
Removes a system notification. 1 IoCs
Processes
-
com.dogilowopuna.zico1⤵
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Removes a system notification.
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/oat/x86/pskPXGY.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5a1ad603c71d36ea67407970d929949c3
SHA1ae83e9ca2688865e1204426b9c8c970a56d793de
SHA256101a1b456e5129b1dbe018f386e539a08f9954b9d526d2d4a6c5a450b218baef
SHA5127d5fa8d89c6ae44f90086d9ba9cf92b5aa481a81665036419ac6d13bba8c6c24c2bf00597e20300e16f4410a4e46cbaf77ec6e535d3b453d3e4d80d9300b763d
-
Filesize
4KB
MD517d4165b9f5a37d2e0ec6d7334601e67
SHA101521f0b546895fbc4dcdc29330c680d627fa1a3
SHA256b3da14d8b8ac93103d1cd4d338258b3161c7adf7265c7fab77d4b4d722728b4f
SHA51244e550e3eee6617666cd4ae4864204911b467de2a6bf70314f3b4f43d08338c1dba9fd8a7228891950e0e9d999c942fa3dc7c41e99a75a942d494ab92bafda09
-
Filesize
704KB
MD59bfea1b2027ec1635c3590e0ea14e3cf
SHA19cc1ea7f49e361961be1f5d2ab43658d41f86d59
SHA256f2620b302348120f00c9bd7a3e0a6cbef991b484edcdcdd915fbbd13ac861eb4
SHA5124e17d67bcd5f5361a3d9b27f4fbc29969b25a2686edffa9872e7bca1a6528b4eaaf7f90541eda8d31583d8e515b1a20d4d1b20dd4a88c9e83e07d91d525de4a1
-
Filesize
704KB
MD54c5cc08fbf8fe10e34fc490fef580f3c
SHA192f11a0ec664e21d5546109af27ac481d4741b8f
SHA256604976f65004e5c54cd7ded095be2b42aae134c7e48c4bbef1faea342b8ed878
SHA512f69b6877c057b0907b60a429d20af46f48931b3e95ab429ec2f580e1c6fa61232b0177a3dac18292f7bb4cef82d3dfe9e9263d929ffa1a8ffc1fb0319d3ab214
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD53847e92b70108f77b2ec2877e60700a1
SHA150bb1a795a5ff71698d65a6cf09d8371878a9759
SHA256e0905ebdf55270630d17180da79b8e38a763e6d91a85671e77ecae77818d27f4
SHA5121af2c576861aa42957d6cad3087427b0fa104f17ec2235eb7114f56391b6e17879777677d34cf7beebe71d12cf2642e977b085cd959ad2ecadd9c3c0b1f8468d
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
108KB
MD58b0a9eab48989d88c80469a020bde2c8
SHA19fdf8e7e9601c926b55f5aab8f9991c4fe45f4ef
SHA256f0f2ff577e15f0fa84e2eee0ac08d0307b3eb593f55aee2c7a7c8a76b683940f
SHA512c6a5c29725b648624cb208bd6cd3d7eba75a61a894e7a0604a0ebe782bc746423dea2c3c10c4823fe4456f5ba179a058233d773a56a56e5c4b5ccad473c83155
-
Filesize
173KB
MD5237dad4a48ae3a8affbf3831f2452fba
SHA16280fa20e9344e4cf985b2b7962382eebc76981b
SHA2565db60ae26eaf9a841296ef71f396cc17a09bdc51ecba262eee7cc933b98abad2
SHA512e2d6d60da0582481bfa294c84f0a85ca000ac35fa8f3d684e698568aa7f8994ecfcc4e0da703201a98916cb7b45c650cdab14c59acf085d3773c5b40d722b234
-
Filesize
16KB
MD5efc1cc6e50979cc2f35f3d5bde0ce2a5
SHA19baca86cc7d099cdb2c98c0a8bc21421eadbcc71
SHA2568ea1f4d359ba8071804f3edb17a5a075b4dbdb88b40f374dd45e9d2d29131fda
SHA5124a3ed6caecd6a562962882a4987478ba0982dea50da4b6cf07e1831eaba7b705aa8324a437294fa6995866f6f5600c106943873543cf630d53e0672313e1e539
-
Filesize
1.5MB
MD57ffa71e1e1ae0b4b47d6be864fc29366
SHA18f19d6ff1a28b1737f298a22c19009782ef84331
SHA256593b12a640d78ee06f6b74458c7f456eaff676b68dca095de5feeb86adeae18e
SHA512f017f92ccbb379f7fae44df3473c12b03200081263c9f5187b929db49887f4af0498f46697cb51cfab0901f5b04c133f10b7d7b2291a8832a9e7f1b9082f5d9d
-
Filesize
1.5MB
MD5cf80a0964d7adb2dc9ab389185abcff1
SHA1a630b6d63b9be79f2fe9f2fc38c91fcbc1d8d6ea
SHA256f90f95cb686db2f9ce0607038438527e3665ca8e33c38fd168834f6d96def4ed
SHA512ef1a6f7c47772fd49ae2fda552df4f54fea83e30c99980ae8e0863b4abcfe2d7cb9869449962129cb560760d49ee6349add36e6ca7417e6cf0e9f99d86a3ee53