Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
3892384s -
max time network
71s -
platform
android_x64 -
resource
android-x64-arm64-20231023-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231023-enlocale:en-usos:android-11-x64system -
submitted
19/11/2023, 14:33 UTC
Static task
static1
Behavioral task
behavioral1
Sample
Thermal Cam scanner 6.apk
Resource
android-x86-arm-20231023-en
Behavioral task
behavioral2
Sample
Thermal Cam scanner 6.apk
Resource
android-x64-20231023.1-en
Behavioral task
behavioral3
Sample
Thermal Cam scanner 6.apk
Resource
android-x64-arm64-20231023-en
General
-
Target
Thermal Cam scanner 6.apk
-
Size
5.4MB
-
MD5
b78f64daf602c2dbe0bc890f2e2a47cf
-
SHA1
43c3fb4997ca6facf0e2f4a677c63b8e6b072b15
-
SHA256
396e7916dbfbe89206cd0f98167a15489e73ac56b7d6b29375adb5002928757a
-
SHA512
a67d78c0d9a1db012f2824b46c168a7589ec676c6c159e3db138d47d894203ed27e9e3d7337705a52d00ac5773290ea42d9cf79c34aac46ea005af1a99dc45c0
-
SSDEEP
98304:mfI8zpOQzfr9O43VrFhKGUjEyjN7p8HbSPmnzfz1KYE+NnmpXvYGIaD25W1xgtyG:mfI8Ar4lrTKDgyfSnz71K1OdaDwaViZH
Malware Config
Signatures
-
Acquires the wake lock. 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock org.jackajks.thermish -
Reads information about phone network operator.
Network
-
Remote address:1.1.1.1:53Requestaccounts.google.comIN AResponseaccounts.google.comIN A142.250.179.141
-
Remote address:1.1.1.1:53Requestaccounts.google.comIN AResponseaccounts.google.comIN A142.250.179.205
-
Remote address:1.1.1.1:53Requestinfinitedata-pa.googleapis.comIN A
-
Remote address:1.1.1.1:53Requestinfinitedata-pa.googleapis.comIN A
-
Remote address:1.1.1.1:53RequestpkxabsratpIN AResponse
-
Remote address:1.1.1.1:53RequestjkllldlkkxwIN AResponse
-
Remote address:1.1.1.1:53RequestqcvnmkcadmIN AResponse
-
Remote address:1.1.1.1:53Requestssl.google-analytics.comIN AResponsessl.google-analytics.comIN A142.250.179.200
-
Remote address:1.1.1.1:53Requestnkarem.suIN A
-
Remote address:1.1.1.1:53Requestnkarem.suIN A
-
Remote address:1.1.1.1:53Requestandroid.apis.google.comIN AResponseandroid.apis.google.comIN CNAMEclients.l.google.comclients.l.google.comIN A172.217.23.206
-
Remote address:1.1.1.1:53Requestinfinitedata-pa.googleapis.comIN A
-
Remote address:1.1.1.1:53Requestinfinitedata-pa.googleapis.comIN A
-
Remote address:1.1.1.1:53Requestnkarem.suIN AResponsenkarem.suIN A188.114.96.0nkarem.suIN A188.114.97.0
-
Remote address:188.114.96.0:443RequestPOST /click_2/index.php HTTP/2.0
host: nkarem.su
content-type: application/x-www-form-urlencoded
content-length: 36
accept-encoding: gzip
user-agent: okhttp/4.10.0
ResponseHTTP/2.0 200
content-type: application/json
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zYnooIWSAzElFVlbfEXDmXZNu9nAq%2F%2B4ukdAbFVd2RlpYpn5ByHT9uhyv%2BrjFCaMgocNSE3OuaLEZ%2FY3ql513GLHlFagllCYSJUg77RtZCj%2FTUqg2cWreiZnGmc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82892c034c3eb981-AMS
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
-
Remote address:1.1.1.1:53Requestinfinitedata-pa.googleapis.comIN A
-
Remote address:1.1.1.1:53Requestinfinitedata-pa.googleapis.comIN A
-
Remote address:1.1.1.1:53Requestinfinitedata-pa.googleapis.comIN AResponseinfinitedata-pa.googleapis.comIN A172.217.168.202infinitedata-pa.googleapis.comIN A142.251.39.106infinitedata-pa.googleapis.comIN A142.250.179.170infinitedata-pa.googleapis.comIN A216.58.214.10infinitedata-pa.googleapis.comIN A142.251.36.42infinitedata-pa.googleapis.comIN A142.250.179.202infinitedata-pa.googleapis.comIN A216.58.208.106infinitedata-pa.googleapis.comIN A142.250.179.138infinitedata-pa.googleapis.comIN A142.251.36.10infinitedata-pa.googleapis.comIN A172.217.23.202
-
Remote address:1.1.1.1:53Requestupdate.googleapis.comIN A
-
Remote address:1.1.1.1:53Requestupdate.googleapis.comIN A
-
Remote address:1.1.1.1:53Requestupdate.googleapis.comIN AResponseupdate.googleapis.comIN A172.217.168.227
-
Remote address:1.1.1.1:53Requestedgedl.me.gvt1.comIN A
-
Remote address:1.1.1.1:53Requestedgedl.me.gvt1.comIN A
-
Remote address:1.1.1.1:53Requestedgedl.me.gvt1.comIN AResponseedgedl.me.gvt1.comIN A34.104.35.123
-
GEThttp://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3Remote address:34.104.35.123:80RequestGET /edgedl/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3 HTTP/1.1
Host: edgedl.me.gvt1.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
Accept-Encoding: gzip, deflate
ResponseHTTP/1.1 200 OK
content-disposition: attachment
content-length: 35043
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: c95da4b0-f60e-4245-aceb-3d44083b271a
date: Sat, 18 Nov 2023 19:53:05 GMT
age: 67300
last-modified: Wed, 20 Sep 2023 15:00:41 GMT
etag: "1b45ddd"
content-type: application/octet-stream
alt-svc: clear
cache-control: public,max-age=86400
-
2.0kB 7.2kB 17 12
-
1.2kB 5.6kB 7 5
-
1.3kB 40 B 1 1
-
1.3kB 40 B 1 1
-
9.8kB 10.8kB 28 29
-
1.5kB 6.8kB 12 10
HTTP Request
POST https://nkarem.su/click_2/index.phpHTTP Response
200 -
897 B 5.4kB 10 7
-
3.6kB 9.1kB 17 13
-
34.104.35.123:80http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3http871 B 36.0kB 9 8
HTTP Request
GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3HTTP Response
200
-
65 B 81 B 1 1
DNS Request
accounts.google.com
DNS Response
142.250.179.141
-
65 B 81 B 1 1
DNS Request
accounts.google.com
DNS Response
142.250.179.205
-
3.3kB 10
-
152 B 2
DNS Request
infinitedata-pa.googleapis.com
DNS Request
infinitedata-pa.googleapis.com
-
56 B 131 B 1 1
DNS Request
pkxabsratp
-
57 B 132 B 1 1
DNS Request
jkllldlkkxw
-
56 B 131 B 1 1
DNS Request
qcvnmkcadm
-
70 B 86 B 1 1
DNS Request
ssl.google-analytics.com
DNS Response
142.250.179.200
-
110 B 2
DNS Request
nkarem.su
DNS Request
nkarem.su
-
69 B 109 B 1 1
DNS Request
android.apis.google.com
DNS Response
172.217.23.206
-
152 B 2
DNS Request
infinitedata-pa.googleapis.com
DNS Request
infinitedata-pa.googleapis.com
-
55 B 87 B 1 1
DNS Request
nkarem.su
DNS Response
188.114.96.0188.114.97.0
-
152 B 2
DNS Request
infinitedata-pa.googleapis.com
DNS Request
infinitedata-pa.googleapis.com
-
76 B 236 B 1 1
DNS Request
infinitedata-pa.googleapis.com
DNS Response
172.217.168.202142.251.39.106142.250.179.170216.58.214.10142.251.36.42142.250.179.202216.58.208.106142.250.179.138142.251.36.10172.217.23.202
-
67 B 1
DNS Request
update.googleapis.com
-
67 B 1
DNS Request
update.googleapis.com
-
67 B 83 B 1 1
DNS Request
update.googleapis.com
DNS Response
172.217.168.227
-
64 B 1
DNS Request
edgedl.me.gvt1.com
-
64 B 1
DNS Request
edgedl.me.gvt1.com
-
64 B 80 B 1 1
DNS Request
edgedl.me.gvt1.com
DNS Response
34.104.35.123
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD57e858c4054eb00fcddc653a04e5cd1c6
SHA12e056bf31a8d78df136f02a62afeeca77f4faccf
SHA2569010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb
-
Filesize
512B
MD5eaf65cb1b0053c49ce5e2492bcb33467
SHA163afaf90540bbd1e1000e939058117ae0c13006c
SHA2567cadd9aa88bd5e079c0565cade7cae8c79dea2ec23dc0dc230c4cb6b747f2bbf
SHA51257a5db6c40a240a008d1227714787fa71126c57eedb5236a800266dc86305b32278a245c9a498182c58a831869602eef9b82a0cb9646fd5e648c262aac0c8759
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
88KB
MD59023fca45f74b07d0f967da72478ee24
SHA184f8411296becb1308ffdccd25ab95e77ddc5626
SHA256431d08b2edef29208cebc5daf344124d90a2c25fc6fcf41afb8cf5da0b5f1e2b
SHA5124a4a752f4a52baf18a7e87fc16d8f03bf57ec44b421c0e194ebe2781c72e8f25cda3c750ff317f9f97b6f334acb824b30cfe2741df544ac8f810ffacce81a695
-
Filesize
148KB
MD522db3b01f89f20cd7c9c8611cecce146
SHA1cca459a193ca00aea1d790eb34f969904953506b
SHA2565310c3e732a8af27b14bb7ae0dcc07fbeb85389c1067bcbdfb74451a4db92ec7
SHA5126ca116773f84c17dd1b2173bdc7c0b95aa54b8d1e3cd6493d54ff43fdec08ab013eed85cc4fd87c58bcdeb381d8f4e0b53e086c1b694719d20c9a9e7c10532a9
-
Filesize
16KB
MD5c6198e56467c5005d890b96b2b2d0f42
SHA1371ec57b102d5e4bd63b7ee132d8655457b72038
SHA256b49a3cb4e410d2680279efb57fd01f45d33aeacd85ada570bb9cf7bc1fd87537
SHA5122ef376b171d8f59b724eb643343717097cefd50980a326d819f69850652c47caf40386c6cd4721b41279a6179436189852b43cfa0dc6594e9966bc47ed33d67f
-
Filesize
56KB
MD504d5fd928b83b455df1544cbce40d1cb
SHA116f6ad6969020c32de21b92d15a4eb11744b1d24
SHA256bf34418bac8770c020c58f3f4d9505cd2ea2256dddbdefcfb5faf4bb6f143d6e
SHA51218781622efe5f093b86a1cb49a44e2d854fb20f6aed58e2aba9095f81787a26c225490e59c09662e6e78ec07d687940364b323b25a28f601e45149695f8bb1bc
-
Filesize
512B
MD5d62f8e772c3afdc0c403f114720c1997
SHA1e6725fa01bcb95250a38c326808400d6ba4478df
SHA256f2e30e493e0cd8d679e60f080bb30baad752874847b8e15144e03a96868ba3d8
SHA512004bf388e14c1b9c9b9ea90a699f63a5e0502b6d5f44cd91048c717e2c68f6d12a2594702c9b78b2bf2f38013190882cef0b472d6def5ee97876276bfb5e69dc
-
Filesize
8KB
MD57343a13fcf4d4d97931d89aba04f1c4f
SHA1c1d090c892de31d10a563533767caaef213156da
SHA256a77228e1c38bb6e65a2263beecfb78071faace06fcd11eae70b4c25cde2b58b7
SHA5120cdcc75ce7685a9382db7ba6ff2e917963263d1c188670b6c8cabcf66643a3885403fd7915f6f37dc3a40d6cd38d000ffb45ddcc3eb6b776631efb207df4d002
-
Filesize
8KB
MD51f35ac8749708241490b66c1314140d0
SHA1e7569c557c33d815e0085bdb50d8f767ba44646f
SHA2562504eff4fbebae42b1b18cfc754590a603e8313e048cedea76ac36f75a8cfaf2
SHA5128670b5825fa80cba002dd42694b308ff6f222bd8a11c00f8225968ac1f3bbb5193b3253f05c63323a3f8981fc77d3b1690153b729bf7bb9295b97ff049cadcf3
-
Filesize
90B
MD56f023060bd22f690f3c766683b84520e
SHA1978e1d1bc10419773f1df044b8141ba390135df5
SHA2562faf2ce2ccceeb934e14eb792395dba188470a750740a6c5128c02ad10fc0eb9
SHA512c3f0d315099b03f72c95590d4d0666022f8b13fcb79aad86ee3f9fa0e7a86a0e9b2e10198d34b689875840c0afe9aa5622c9526e2a759e4e6884932434835bc4
-
Filesize
570B
MD588df7e1280d28720a8d6654775996a6c
SHA1b798c52afe6dc2ca2bdd60812a72d1c31e0aa4f0
SHA256b4d1c25c63d00339605896c2c9b2c299f30f1146c397868b08899d5b4097a153
SHA512e652590dc9382a6155bb38f4d3380825f8899f7b0be32170b5c9cedb8aafda82dc554a50d1bdecaa31d3e3b4671a03356dfa8a91b9a56cc6dd571ccfe9e8c097