Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    dc4712f817e553e8371df12013c9ebe027056bdbd2aeb56442b5b46ac71f321d

  • Size

    1.2MB

  • Sample

    231227-x188macaeq

  • MD5

    9c71138391b46bdc409b2127c7c9baa7

  • SHA1

    ea7d6c968f085c84e2790a49986635cced746666

  • SHA256

    dc4712f817e553e8371df12013c9ebe027056bdbd2aeb56442b5b46ac71f321d

  • SHA512

    1951e1057e337f4a50a8d7b70ef45bba826096bb8064337bc78d30e07894f0ffce63b07d97d131602d219818d2f0ed94e10ddebffa3c08f9d239714edc5a67e2

  • SSDEEP

    24576:sWTVd0Vv4B/nQz321KE9nx7olQmY32g/E0SMtS:saVTB/n432Usag/u/

Malware Config

Extracted

Family

hook

C2

http://198.186.130.12:3434

AES_key

Targets

    • Target

      dc4712f817e553e8371df12013c9ebe027056bdbd2aeb56442b5b46ac71f321d

    • Size

      1.2MB

    • MD5

      9c71138391b46bdc409b2127c7c9baa7

    • SHA1

      ea7d6c968f085c84e2790a49986635cced746666

    • SHA256

      dc4712f817e553e8371df12013c9ebe027056bdbd2aeb56442b5b46ac71f321d

    • SHA512

      1951e1057e337f4a50a8d7b70ef45bba826096bb8064337bc78d30e07894f0ffce63b07d97d131602d219818d2f0ed94e10ddebffa3c08f9d239714edc5a67e2

    • SSDEEP

      24576:sWTVd0Vv4B/nQz321KE9nx7olQmY32g/E0SMtS:saVTB/n432Usag/u/

    • Hook

      Hook is an Android malware that is based on Ermac with RAT capabilities.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Removes its main activity from the application launcher

    • Acquires the wake lock

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Matrix

Tasks