Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

67430833f9...5f.apk

android-9-x86

8

67430833f9...5f.apk

android-10-x64

8

fyb_iframe...l.html

windows7-x64

1

fyb_iframe...l.html

windows10-2004-x64

1

fyb_static...l.html

windows7-x64

1

fyb_static...l.html

windows10-2004-x64

1

libwbsafeedit

debian-9-armhf

1

libwbsafeedit_64

ubuntu-18.04-amd64

libwbsafeedit_64

debian-9-armhf

libwbsafeedit_64

debian-9-mips

libwbsafeedit_64

debian-9-mipsel

mraid.js

windows7-x64

1

mraid.js

windows10-2004-x64

1

Analysis

  • max time kernel
    2105142s
  • max time network
    144s
  • platform
    android_x64
  • resource
    android-x64-20231023.1-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231023.1-enlocale:en-usos:android-10-x64system
  • submitted
    29/10/2023, 22:00 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    67430833f94c8062f52b0619ef12e5ee531c314f3f0bf46a73d5a7b98693565f.apk

  • Size

    4.6MB

  • MD5

    3c41c4c9bfce2d80e6223f5347d55f56

  • SHA1

    c373286a8da3e59d03c53a67b25482bd7e271766

  • SHA256

    67430833f94c8062f52b0619ef12e5ee531c314f3f0bf46a73d5a7b98693565f

  • SHA512

    968d3f8fca53950d19406f958be4f63529edf14b2055eaa56cefcb254a85d6e3263e92dc1053b9b223b1b950ca1f626b5573b39aef8a94c6360f90d2cc3deb4e

  • SSDEEP

    98304:DvfYCMfBYdBovPtpZW+W+uDuvEEJ/3wKibsr/HGWKXc/r/uZ9lbh9tIH:83fSc0+W+uDI91//HGWQZ9lV9SH

Score
8/10
evasion

Malware Config

Signatures

  • Makes use of the framework's Accessibility service. 3 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Removes a system notification. 1 IoCs
    evasion

Processes

  • com.joinhoney.honeyandroid
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    • Removes a system notification.
    PID:5104

Network

  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
    Response
    ssl.google-analytics.com
    IN A
    216.58.208.104
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.251.36.14
  • flag-us
    DNS
    incb5rp01od082rye5z7.xyz
    Remote address:
    1.1.1.1:53
    Request
    incb5rp01od082rye5z7.xyz
    IN A
    Response
    incb5rp01od082rye5z7.xyz
    IN A
    51.250.83.6
  • flag-ru
    POST
    http://incb5rp01od082rye5z7.xyz/
    Remote address:
    51.250.83.6:80
    Request
    POST / HTTP/1.1
    Content-Length: 241
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Pixel 2 Build/QSR1.210802.001)
    Host: incb5rp01od082rye5z7.xyz
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    date: Sun, 29 Oct 2023 22:06:50 GMT
    server: Apache/2.4.41 (Ubuntu)
    cache-control: no-cache, private
    set-cookie: XSRF-TOKEN=eyJpdiI6ImQ1NndiUXU2WXJ1U3d3RFdEUnh6UlE9PSIsInZhbHVlIjoiN3BQWm5DLzUxS2t3SmxjTDVMMUJkMDdxUFg2L3cvWlltdHgrb3pJb2JQem00WTRnRmwzUVYvVE43VmFJZ21tbWQxd21ra0NDSXB4N2FvZ3JGZmxoK0FDNWM0RHcyR2RWSEdtOS9rV1hNaWppempmMG02MEthTEY1aWdCOWhMVXYiLCJtYWMiOiIwYTE1MDJiZTk0NzkwY2U4YjI5MTk1NjQ0ODdlYjAwYjVhYmExYzc5NjgyYjg4NjJjY2ZhYjdiMTZiM2ExMTdhIiwidGFnIjoiIn0%3D; expires=Mon, 30-Oct-2023 00:06:50 GMT; Max-Age=7200; path=/; samesite=lax
    set-cookie: laravel_session=eyJpdiI6IlFPR1JzUmpGRmVZSFZmcTBQOUw0WlE9PSIsInZhbHVlIjoiR3EwYWFPRXdUREtQTnNZUHZTZnJreXNoRFZvemF3MlFnQzJrbCtQTTNaVFdIdEJ2WW9jdllPNmFuSzhITHpOZHRtUmhBcmdsVEx0a0tvZkVCQlQvRHJoOFVLZ0NGMitEaHJXWU0rV3VyVnI2UTNRUXp6VVZRajA3czFoVUFwYSsiLCJtYWMiOiI2N2JkMjU1NDQ0Njg4MGFmNTMxYmY1YTJmNmY2ODNkODE5MzQ0NGU2YWE4YzZiNWMyN2RkOTRkYTY2OTM0MGFjIiwidGFnIjoiIn0%3D; expires=Mon, 30-Oct-2023 00:06:50 GMT; Max-Age=7200; path=/; httponly; samesite=lax
    vary: Accept-Encoding
    content-encoding: gzip
    transfer-encoding: chunked
    content-type: text/html; charset=UTF-8
  • flag-ru
    POST
    http://incb5rp01od082rye5z7.xyz/
    Remote address:
    51.250.83.6:80
    Request
    POST / HTTP/1.1
    Content-Length: 305
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Pixel 2 Build/QSR1.210802.001)
    Host: incb5rp01od082rye5z7.xyz
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    date: Sun, 29 Oct 2023 22:06:50 GMT
    server: Apache/2.4.41 (Ubuntu)
    cache-control: no-cache, private
    set-cookie: XSRF-TOKEN=eyJpdiI6IkdYK2tHWmk2WGwyRmM0UmdRNllsWlE9PSIsInZhbHVlIjoiMEtYZGE4czl4czRDRk5CTlcyVkFlQk1XZ29WUE40T0xvN0tiM24yTHVrWWxFTUprb3VUS0tpc1gyMDk3WEkrS3JOS2tpM2xjOHlCclVSY1JjcVVocmsrclBJdHkvUUozTUVOMEtJNnZ3WXhreUx6b1dSaXlCYjJEeHVxTnBIL0YiLCJtYWMiOiI4MjNmOGM2YThiNDlhY2U4YmJiNzcwOTFlYTY5Njc5ODE3NWUyNjFjYmU5NDQ4OWRmOTE5ZjVkZDE0NzhjOTA3IiwidGFnIjoiIn0%3D; expires=Mon, 30-Oct-2023 00:06:51 GMT; Max-Age=7200; path=/; samesite=lax
    set-cookie: laravel_session=eyJpdiI6Imd2RVIxQ2RmcmpQenNGKzZ0aWRGZVE9PSIsInZhbHVlIjoibEtBQTEvclRqY0R3N0RiTnFiT2IvMlo3NkQxeGpVc3NEbzltT0hJamNwYzZlcFh3b0owK25EWTVUNXFyaDF5aFIyOXdqNUJCWUNEMW1nelVmSmlFZ2JPYmRlQllOVWM3bkx4YnRPVG5vUVBqNHJMd2xNQjVRaHF5TWJxTXFkek0iLCJtYWMiOiJkY2I5MThjMzM4Njk3YTM2ZThjYjY4NTMyOTUxMDEwODdmMjVjNzdiYWU2ODhlMDE2MWNlODY2OGMzNmYwMzA3IiwidGFnIjoiIn0%3D; expires=Mon, 30-Oct-2023 00:06:51 GMT; Max-Age=7200; path=/; httponly; samesite=lax
    vary: Accept-Encoding
    content-encoding: gzip
    transfer-encoding: chunked
    content-type: text/html; charset=UTF-8
  • flag-us
    DNS
    g.tenor.com
    Remote address:
    1.1.1.1:53
    Request
    g.tenor.com
    IN A
    Response
    g.tenor.com
    IN CNAME
    tenor.googleapis.com
    tenor.googleapis.com
    IN A
    142.251.36.10
    tenor.googleapis.com
    IN A
    142.251.39.106
    tenor.googleapis.com
    IN A
    172.217.23.202
    tenor.googleapis.com
    IN A
    216.58.208.106
    tenor.googleapis.com
    IN A
    216.58.214.10
    tenor.googleapis.com
    IN A
    142.250.179.138
    tenor.googleapis.com
    IN A
    142.251.36.42
    tenor.googleapis.com
    IN A
    172.217.168.234
    tenor.googleapis.com
    IN A
    142.250.179.170
    tenor.googleapis.com
    IN A
    142.250.179.202
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
  • flag-us
    DNS
    mdh-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    mdh-pa.googleapis.com
    IN A
  • flag-us
    DNS
    mdh-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    mdh-pa.googleapis.com
    IN A
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
  • flag-us
    DNS
    mdh-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    mdh-pa.googleapis.com
    IN A
  • flag-us
    DNS
    mdh-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    mdh-pa.googleapis.com
    IN A
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.179.206
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
  • flag-us
    DNS
    mdh-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    mdh-pa.googleapis.com
    IN A
    Response
    mdh-pa.googleapis.com
    IN A
    172.217.168.234
    mdh-pa.googleapis.com
    IN A
    142.251.39.106
    mdh-pa.googleapis.com
    IN A
    142.251.36.42
    mdh-pa.googleapis.com
    IN A
    172.217.23.202
    mdh-pa.googleapis.com
    IN A
    142.250.179.202
    mdh-pa.googleapis.com
    IN A
    172.217.168.202
    mdh-pa.googleapis.com
    IN A
    142.250.179.170
    mdh-pa.googleapis.com
    IN A
    142.251.36.10
    mdh-pa.googleapis.com
    IN A
    142.250.179.138
    mdh-pa.googleapis.com
    IN A
    216.58.214.10
    mdh-pa.googleapis.com
    IN A
    216.58.208.106
  • flag-us
    DNS
    incb5rp01od082rye5z7.xyz
    Remote address:
    1.1.1.1:53
    Request
    incb5rp01od082rye5z7.xyz
    IN A
  • flag-us
    DNS
    incb5rp01od082rye5z7.xyz
    Remote address:
    1.1.1.1:53
    Request
    incb5rp01od082rye5z7.xyz
    IN A
  • flag-us
    DNS
    incb5rp01od082rye5z7.xyz
    Remote address:
    1.1.1.1:53
    Request
    incb5rp01od082rye5z7.xyz
    IN A
    Response
    incb5rp01od082rye5z7.xyz
    IN A
    51.250.83.6
  • flag-ru
    POST
    http://incb5rp01od082rye5z7.xyz/
    Remote address:
    51.250.83.6:80
    Request
    POST / HTTP/1.1
    Content-Length: 241
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Android SDK built for x86_64 Build/QSR1.210802.001)
    Host: incb5rp01od082rye5z7.xyz
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    date: Sun, 29 Oct 2023 22:08:11 GMT
    server: Apache/2.4.41 (Ubuntu)
    cache-control: no-cache, private
    set-cookie: XSRF-TOKEN=eyJpdiI6InY5bWROU1dJVFhYRTFWUnhBTU41VlE9PSIsInZhbHVlIjoiZUlQTzZvcElRWFJaNkZyeFJMYVhsWHI4VUF3UWZiVnIwdW15KzYweU91K2hJR25MS0hRYS8zZDUwNTJXQnFJQm91ZWFNZGZXNWFscnRkanNvc2k2am5IQ3MxN1g2MjFjSzVnK2l1NFhmbm9iRk12QncxbUF0NXE0enBuQy9Pd1MiLCJtYWMiOiI3YTU3NDljODQzMWE5ZWYzOTU0ZWRhZWE2ZjgxNzRmNGNjZjJmNzQzYTY2ZmE0ZDk3ZWUzNjQ3NWIxYzM0YzBmIiwidGFnIjoiIn0%3D; expires=Mon, 30-Oct-2023 00:08:11 GMT; Max-Age=7200; path=/; samesite=lax
    set-cookie: laravel_session=eyJpdiI6IlZsRDlObmN1R1YvNThVMDVmVGFib1E9PSIsInZhbHVlIjoiZ25NSkRWMzE3UnZyOXhhSmhGYjFEcmFZMzZQZjBOdE5sUGEwdExzRlMrQmVhTXAwTHAwMktLaWtKY3FJNTVKUUxhZmhFdGJhYnNlTkZ6Kzh6ZnhBdkFtaXFSQTBNNWlaV3VIOUM3QkhpTjZDUGNiS3p1b0pNRTkvcnhvYWhIYmkiLCJtYWMiOiJlYTEwMDRjYjkyNWIzNjMwODg3YjNlZjIwZTIzNmExNDhlMjIyNDVkODJlY2I3ZmMwODE0MDM3YWU2MWYwNDc1IiwidGFnIjoiIn0%3D; expires=Mon, 30-Oct-2023 00:08:11 GMT; Max-Age=7200; path=/; httponly; samesite=lax
    vary: Accept-Encoding
    content-encoding: gzip
    transfer-encoding: chunked
    content-type: text/html; charset=UTF-8
  • 216.58.208.104:443
    ssl.google-analytics.com
    tls
    1.3kB
     5.7kB
     9
    6
  • 142.251.36.14:443
    android.apis.google.com
    tls
    3.0kB
     7.0kB
     15
    13
  • 51.250.83.6:80
    http://incb5rp01od082rye5z7.xyz/
    http
    1.5kB
     2.7kB
     8
    6

    HTTP Request

    POST http://incb5rp01od082rye5z7.xyz/

    HTTP Response

    200

    HTTP Request

    POST http://incb5rp01od082rye5z7.xyz/

    HTTP Response

    200
  • 142.250.179.142:443
    tls, https
    128 B
     40 B
     2
    1
  • 216.58.208.110:443
    tls, https
    128 B
     40 B
     2
    1
  • 142.251.36.14:443
    android.apis.google.com
    364 B
     7
  • 172.217.168.226:443
    364 B
     7
  • 172.217.168.195:443
    364 B
     7
  • 172.217.168.195:443
    364 B
     7
  • 142.250.102.188:5228
    364 B
     7
  • 51.250.83.6:80
    http://incb5rp01od082rye5z7.xyz/
    http
    726 B
     1.8kB
     4
    4

    HTTP Request

    POST http://incb5rp01od082rye5z7.xyz/

    HTTP Response

    200
  • 224.0.0.251:5353
    7.7kB
     25
  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    70 B
     86 B
     1
    1

    DNS Request

    ssl.google-analytics.com

    DNS Response

    216.58.208.104

  • 1.1.1.1:53
    android.apis.google.com
    dns
    138 B
     2

    DNS Request

    android.apis.google.com

    DNS Request

    android.apis.google.com

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.251.36.14

  • 1.1.1.1:53
    incb5rp01od082rye5z7.xyz
    dns
    70 B
     86 B
     1
    1

    DNS Request

    incb5rp01od082rye5z7.xyz

    DNS Response

    51.250.83.6

  • 1.1.1.1:53
    g.tenor.com
    dns
    57 B
     248 B
     1
    1

    DNS Request

    g.tenor.com

    DNS Response

    142.251.36.10
    142.251.39.106
    172.217.23.202
    216.58.208.106
    216.58.214.10
    142.250.179.138
    142.251.36.42
    172.217.168.234
    142.250.179.170
    142.250.179.202

  • 1.1.1.1:53
    android.apis.google.com
    dns
    138 B
     2

    DNS Request

    android.apis.google.com

    DNS Request

    android.apis.google.com

  • 1.1.1.1:53
    mdh-pa.googleapis.com
    dns
    134 B
     2

    DNS Request

    mdh-pa.googleapis.com

    DNS Request

    mdh-pa.googleapis.com

  • 1.1.1.1:53
    android.apis.google.com
    dns
    138 B
     2

    DNS Request

    android.apis.google.com

    DNS Request

    android.apis.google.com

  • 1.1.1.1:53
    mdh-pa.googleapis.com
    dns
    134 B
     2

    DNS Request

    mdh-pa.googleapis.com

    DNS Request

    mdh-pa.googleapis.com

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.179.206

  • 1.1.1.1:53
    android.apis.google.com
    dns
    138 B
     2

    DNS Request

    android.apis.google.com

    DNS Request

    android.apis.google.com

  • 1.1.1.1:53
    mdh-pa.googleapis.com
    dns
    67 B
     243 B
     1
    1

    DNS Request

    mdh-pa.googleapis.com

    DNS Response

    172.217.168.234
    142.251.39.106
    142.251.36.42
    172.217.23.202
    142.250.179.202
    172.217.168.202
    142.250.179.170
    142.251.36.10
    142.250.179.138
    216.58.214.10
    216.58.208.106

  • 1.1.1.1:53
    incb5rp01od082rye5z7.xyz
    dns
    140 B
     2

    DNS Request

    incb5rp01od082rye5z7.xyz

    DNS Request

    incb5rp01od082rye5z7.xyz

  • 1.1.1.1:53
    incb5rp01od082rye5z7.xyz
    dns
    70 B
     86 B
     1
    1

    DNS Request

    incb5rp01od082rye5z7.xyz

    DNS Response

    51.250.83.6

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.joinhoney.honeyandroid/app_DynamicOptDex/LmRrjjACo.json
    Filesize

    573KB

    MD5

    363d356cec6c707ea4dae1df711339ea

    SHA1

    0624f06891a8a70bd6d16aa3649fe0770dc107d3

    SHA256

    ac028d4f0f88ad01d406830e4acdfac62627e3f7c29c489903ea262fada8d4de

    SHA512

    d64f6e3451acb0b113a7c7f3c691044237068a8a8697e1bee265ea0be52699fdd4c622454a936d50a9f08509bd1ffbc125dcd4efe75bd7d7d5fc5b6d3a2f182b

    Download Submit

  • /data/data/com.joinhoney.honeyandroid/app_DynamicOptDex/LmRrjjACo.json
    Filesize

    573KB

    MD5

    510c86c35726dcdeedc656d64ad0537d

    SHA1

    dbbac669ced41485c64ffb619dbdea0104297c76

    SHA256

    35abdf7c89f2b187c484eda16d18942d7afecd2730d894c8badc9590673ad999

    SHA512

    7bef7f5f156737046c4cd20f22672f929f36235457e35bce463ba57e0586f8f90ec08a22f751491ad7900094bb7f8400fb4515ecc557286ae4abbfef25048d2c

    Download Submit

  • /data/data/com.joinhoney.honeyandroid/app_DynamicOptDex/oat/LmRrjjACo.json.cur.prof
    Filesize

    538B

    MD5

    5924321d80f3133af9990ab2f465c96c

    SHA1

    23a8b9fa6c8717ae7c27125331a048c40e2a3039

    SHA256

    2b39efae0c7a083f926dd9bf2bae95c9e1b45a292382377d503a611bead67989

    SHA512

    160d85a1e060a831479750d7d94b253cc57acf79315bed7cc536816f156aaf2c71c677932f96ffbb550bd3ca3133d8cf26a9bfb49755358862f52cdb9285b2e2

    Download Submit

  • /data/user/0/com.joinhoney.honeyandroid/app_DynamicOptDex/LmRrjjACo.json
    Filesize

    634KB

    MD5

    58ba52bf98d823ce20663b9a5dda16c3

    SHA1

    66151ee0c403dbc854846a97bc133c6cea5caf10

    SHA256

    87064019a322cbb8952e7f7660b5a292444f944a89deb9fdc075ae6a789440fe

    SHA512

    21e1e7eef0550230d8a10a0759e2eb8cc2ce0b8a1d8f14a59c8b4e364a20c8c3dac9ceabde24248773a776da158df644da6c976f84e5da5b3df8f3c68b191767

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.