Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    2292315s
  • max time network
    156s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    20/12/2023, 00:34

General

  • Target

    7578acbb0486fc40aeb8fb4e3e429aa4b5ecf23875071e732153ac72a5f568e2.apk

  • Size

    30.7MB

  • MD5

    dc60c8cba1f91319714ace8d93d03979

  • SHA1

    298ecbb2db0efe53ec9c5fa76316e1f654bf3192

  • SHA256

    7578acbb0486fc40aeb8fb4e3e429aa4b5ecf23875071e732153ac72a5f568e2

  • SHA512

    3c926d759eab79c09395d2d1768004aa76ca5d201177bc368377e98925fc336af91c134b4a60a7b041a774cc4446ac2fd729e848306fad4505fc1eada25c3e51

  • SSDEEP

    786432:4Xhd7VcRidExsAZX0Cz+tf/oBNC5LQZUcMiZlzBSxYhsdgNyfx/JUzedl:Yz7C0ssAZtzMfgByQZU94fh8Myfx04

Score
8/10

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs
  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 2 IoCs

Processes

  • com.mbwmps.delivery
    1⤵
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4261
  • com.mbwmps.delivery:remote
    1⤵
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4302

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.mbwmps.delivery/files/jpush_stat_history_remote/27c3f71fb96a23fa8dc2e4f1/active_user/nowrap/f7e67318-959e-40da-8d7b-e874a92e0283

    Filesize

    159B

    MD5

    44571e534daad5b94b3d3a72d3ac3bdd

    SHA1

    bbfef799e1a17f5f7bdfbcafab851222722c728c

    SHA256

    78e9bfae161aa78dcb32698ded160ae262d0d018b41a382fd9e378e4d28365a5

    SHA512

    b22eead3c8faaf4960278af820ba70dd25bd32c2a6eadd1a7721dea268e3d6c0102e09c7aa775a5cbf2b1b48929cb1b39590a699a4c55c40e2e4d8d0de5cd439

  • /data/data/com.mbwmps.delivery/files/jpush_stat_history_remote/27c3f71fb96a23fa8dc2e4f1/normal/nowrap/9e122375-9c78-4236-b7a6-baea002538b2

    Filesize

    202B

    MD5

    4c1ed49f8fca56d605c7d30bcdda4682

    SHA1

    39466d652980b12b32f07f8686cdd46de4cce522

    SHA256

    da881a6d88455bb3975186ef46d47c7e112e1e38b430d612abaa810cdc9a113b

    SHA512

    1273e8a14efc95b41e6424cbdc2045de5bb01f375a79399c359aeba013cf8420ad94fad3da8128ed075382ee396c73ccded5690dc9b794299e80348cd615d7a3

  • /storage/emulated/0/data/.push_deviceid

    Filesize

    32B

    MD5

    e404f1f14bc2e3da7cd3dee151059faa

    SHA1

    900c6ccf3d99ddf0d18c53d38377e2dc2d8ac655

    SHA256

    3fd34bdae343a3eb76ca103de844d5eb24674138c01b1a0b7a710a90792e5035

    SHA512

    955a6b44ece7d77c1d73c8c311e15b84cba4dda045b06e9719972bf867e855840333dbb793a67c8a1351a47f95a9f30fc7037035b44b0645408d438d4e9df683