Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
3114960s -
max time network
141s -
platform
android_x86 -
resource
android-x86-arm-20231215-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system -
submitted
29/12/2023, 23:31 UTC
Static task
static1
Behavioral task
behavioral1
Sample
06fe61b001b6eb74e32f04dd5917cff9.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral2
Sample
49gamebox.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral3
Sample
49gamebox.apk
Resource
android-x64-20231215-en
General
-
Target
06fe61b001b6eb74e32f04dd5917cff9.apk
-
Size
5.9MB
-
MD5
06fe61b001b6eb74e32f04dd5917cff9
-
SHA1
30e404147d2953951ab2afb49e3c58926bb206d1
-
SHA256
85c39b93b9cf4466bc4527b700c8ddb2606028a68e38f99027123b3546df3856
-
SHA512
9fd668659a6a922cb1a294ec7019eb0df7c1981fc0a900440fb03e7f74c25f1ef1c287338785c12e9e5873179fb265e8eee91e70a1a7492fc34d0bdca768f544
-
SSDEEP
98304:noAadUrQGWtjH9te4ZE5180xZ2fTCV1axBbq/K5EEq/5o6pM+f5oKODdSX3SLTql:ozSrQ7D9OPTWTCXobqdnp1f5o1DduCTw
Malware Config
Signatures
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.yxxinglin.xzid53282 -
Reads information about phone network operator.
-
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.yxxinglin.xzid53282
Processes
Network
-
Remote address:1.1.1.1:53Requestandroid.bugly.qq.comIN AResponseandroid.bugly.qq.comIN CNAMEins-9fciednc.ias.tencent-cloud.netins-9fciednc.ias.tencent-cloud.netIN A129.226.103.12ins-9fciednc.ias.tencent-cloud.netIN A129.226.103.217
-
Remote address:129.226.103.12:80RequestPOST /rqd/async?aid=310cb9f6-47cd-48a5-8d1e-74383bbdb987 HTTP/1.1
wup_version: 3.0
raKey: vm8rWPgvh6z03oYz35pUWrWLmL2KoksAAiQ8q%2Bt7D5mUUQdszroH4FPSSxgUNWdvht80L2MR%2Fzx1%0A%2F6cb7xF2d2eIH825p7ecRlHcx4LVA%2BJUjG5iDpSBN%2F0la3fyrKevK9O5jRnvqO2qiQUYvtDFw72R%0A17BP877uAzziBdF0fjU%3D%0A
strategylastUpdateTime: 0
appVer: 2.3.2
bundleId: com.yxxinglin.xzid53282
sdkVer: 2.6.5
prodId: 6c298be15b
cmd: 840
platformId: 1
A37: LTE
A38: LTE
Content-Type: application/x-www-form-urlencoded
User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
Host: android.bugly.qq.com
Connection: Keep-Alive
Accept-Encoding: gzip
Content-Length: 922
ResponseHTTP/1.1 200 OK
Content-Length: 334
Connection: keep-alive
Server: Resin/4.0.27
Bugly-Version: bugly/1.0
status: 0
nstat: 0
-
Remote address:1.1.1.1:53Requestlog.tbs.qq.comIN AResponselog.tbs.qq.comIN CNAMEins-d94v3bvj.ias.tencent-cloud.netins-d94v3bvj.ias.tencent-cloud.netIN A129.226.106.211ins-d94v3bvj.ias.tencent-cloud.netIN A129.226.107.80
-
Remote address:129.226.106.211:80RequestPOST /ajax?c=dl&k=8e2b94b9b4ef9a66f80d6f837087265a HTTP/1.1
Connection: close
Content-Length: 432
Content-Type: application/x-www-form-urlencoded
User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
Host: log.tbs.qq.com
Accept-Encoding: gzip
ResponseHTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 7
Connection: close
Set-Cookie: tgw_l7_route=f8daa8a174ca3c40ba2dc16121f3d221; Expires=Sat, 30-Dec-2023 08:08:48 GMT; Path=/
-
Remote address:1.1.1.1:53Requestapi.fusion.49app.comIN AResponseapi.fusion.49app.comIN A101.37.182.27
-
Remote address:1.1.1.1:53Requestandroid.apis.google.comIN A
-
Remote address:1.1.1.1:53Requestandroid.apis.google.comIN A
-
Remote address:1.1.1.1:53Requestapi.fusion.49app.comIN AResponseapi.fusion.49app.comIN A101.37.182.27
-
Remote address:1.1.1.1:53Requestandroid.apis.google.comIN AResponseandroid.apis.google.comIN CNAMEclients.l.google.comclients.l.google.comIN A142.250.179.238
-
129.226.103.12:80http://android.bugly.qq.com/rqd/async?aid=310cb9f6-47cd-48a5-8d1e-74383bbdb987http1.9kB 1.3kB 7 7
HTTP Request
POST http://android.bugly.qq.com/rqd/async?aid=310cb9f6-47cd-48a5-8d1e-74383bbdb987HTTP Response
200 -
3.3kB 471 B 10 5
HTTP Request
POST http://log.tbs.qq.com/ajax?c=dl&k=8e2b94b9b4ef9a66f80d6f837087265aHTTP Response
200 -
240 B 4
-
858 B 40 B 1 1
-
858 B 40 B 1 1
-
240 B 4
-
5.0kB 8.8kB 21 22
-
3.8kB 12
-
66 B 146 B 1 1
DNS Request
android.bugly.qq.com
DNS Response
129.226.103.12129.226.103.217
-
60 B 140 B 1 1
DNS Request
log.tbs.qq.com
DNS Response
129.226.106.211129.226.107.80
-
66 B 82 B 1 1
DNS Request
api.fusion.49app.com
DNS Response
101.37.182.27
-
138 B 2
DNS Request
android.apis.google.com
DNS Request
android.apis.google.com
-
66 B 82 B 1 1
DNS Request
api.fusion.49app.com
DNS Response
101.37.182.27
-
69 B 109 B 1 1
DNS Request
android.apis.google.com
DNS Response
142.250.179.238
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
232B
MD58ac8d302a8a84eda0a81e0e26a6028df
SHA1f4c0eba229d98f0ccdb3626224ac858e9c79ca41
SHA25624586aa4ae92e7988391730e5a60b435a8983e83992585082c55f3ab0caadd3b
SHA5127ae687af20391ab7ea5c3ba9b1e93ba117cd7bef73e297da049a1903659f47b83f97227a5c5918c266ac4cdd21b6baa7c4be87f9bfce15958e76ebfe9996a185
-
Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5c3749c02359b6c496fd42aa60fe2fe78
SHA1883c579bfc374ad44b032e14d6b777a44bcd4a60
SHA2569809babd561a928dca479b0b9d37f12d03586e436407f4aaba6b12242aa71717
SHA5121bd442a03ca39148f83c603158ab59c7ae2ffba73a32a0c515622c12cf5b8e90bdb8802d827662ea723f247933bdabab7da5f4582e286ea142ae131b1f166691
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
72KB
MD54c9f5bd2de8fc2857eac76a585bfb7d4
SHA10b5eeb8e8c7c4f4c80099adab0abb503f160e8d2
SHA2563c8639c8052eae7fe8e44561f7aa5b03895b63f8d8912cc971702d8e7de679f3
SHA51291f7ada51b6b56b7d280c8d2e54f5c14c459edd1eeadc6ebd54fb911ce7998c44f9ad269c9ff3ca6d5ca21f8a4eef2546e2dfb46424582a7cc72cc8dfe1a6541
-
Filesize
2KB
MD55af86f15d8b86ec27eeb8bfb0f30370d
SHA15c7c46f319c142f9616a7e6ff9f78303eb7b943e
SHA256d3800d7007a88c326a03925620d0f783de947916b1d6bc715f3d49acb631644d
SHA512889f98664d91f75d00e581d150ee6f7c124a5592ebf9fc4fcf1946870f3bada8ede52a7bd48877ef1c4cf8da4f93e6065fdcb61200090fa7039a4f857a577396