Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

6

6665e7b95a...a4.apk

android-9-x86

7

6665e7b95a...a4.apk

android-11-x64

7

mimo_asset.apk

android-9-x86

1

mimo_asset.apk

android-10-x64

1

mimo_asset.apk

android-11-x64

1

Analysis

  • max time kernel
    9s
  • max time network
    136s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    19/01/2024, 00:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6665e7b95a849be8ebdcb04e431c2ca4.apk

  • Size

    18.1MB

  • MD5

    6665e7b95a849be8ebdcb04e431c2ca4

  • SHA1

    7c07891b67078eebd198034b62a55127bd42d563

  • SHA256

    569a1a092991f064c3b43329d707c9e6809a8fff4baa38ccb194a7932d453d23

  • SHA512

    05432a944c29ceab841a30b5147c3129906650f2254a837adf14e8c0d09798c80119f4eedb8c767d67a11bb51a82b2d073cb1315f2a16961207f173f3133b47a

  • SSDEEP

    393216:IWrshhjoLSzPraH+fL8CfExaFpT6PSNrIXOYvgQJfBRE:R4jp448CfExazMXl4MfTE

Score
7/10
evasion

Malware Config

Signatures

  • Loads dropped Dex/Jar 5 IoCs

    Runs executable file dropped to the device during analysis.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Listens for changes in the sensor environment (might be used to detect emulation) 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.profusionstudios.powerlineio.fhp
    1⤵
    • Loads dropped Dex/Jar
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4254
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.profusionstudios.powerlineio.fhp/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.profusionstudios.powerlineio.fhp/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4286

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.profusionstudios.powerlineio.fhp/.jiagu/classes.dex
    Filesize

    6.2MB

    MD5

    35fa4580417d6e3e8b59d2cd4d8d451f

    SHA1

    7ff30f53f72a7796a2e78c99cae21803e4b90cd7

    SHA256

    d40ebf14092668d72cfa9c309245d8eb62da7edaf8cdee1c73a750817bf30b48

    SHA512

    0df1a140e85830c22b305e12c4ca19eda074e9c8e875defd7486e9810ba510be8071d1ffc3f4ed7f79e9a382d57b5adfa5ade29afcec9cc727a87bd0e6de287e

    Download Submit

  • /data/data/com.profusionstudios.powerlineio.fhp/.jiagu/classes.dex!classes2.dex
    Filesize

    454KB

    MD5

    da1401a586791fd04c181804a5051de5

    SHA1

    ead88b6c3dcf39f01b00970358e40b2182285b90

    SHA256

    26e4004375b8e8e0fdf7d1fce91c091879f042e2331d980560009d44de156025

    SHA512

    6c8471e557a2fe399921ed25efb757ca36428c5e1eabe92e71b522e69d26bea983fb0c513e1d29e8baffc3da71678b55315fdd6aecf94e8331cf61bbf45b4bf8

    Download Submit

  • /data/data/com.profusionstudios.powerlineio.fhp/.jiagu/libjiagu.so
    Filesize

    496KB

    MD5

    f07656a2f51ecb23edc102003c32b764

    SHA1

    3ef18f74b609313887b9e825c56a54b5a9eef20e

    SHA256

    f6847402ab69102f8495aac58b9beddde9a71dc52470c5de17e382eec2a6b913

    SHA512

    34b337d2cf98ec3009f80ff299e43984a1c911e5f9eb5942a915915cb7b5b591ffc9f1b79a7989534c2583a703a3f0857e74be68cdd71388f68d5bef354f7238

    Download Submit

  • /data/data/com.profusionstudios.powerlineio.fhp/.jiagu/tmp.dex
    Filesize

    284B

    MD5

    f1771b68f5f9b168b79ff59ae2daabe4

    SHA1

    0df6a835559f5c99670214a12700e7d8c28e5a42

    SHA256

    9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

    SHA512

    dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

    Download Submit

  • /data/data/com.profusionstudios.powerlineio.fhp/databases/ua.db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.profusionstudios.powerlineio.fhp/databases/ua.db-journal
    Filesize

    512B

    MD5

    1d6a220397c07ee444268c314b92f8cd

    SHA1

    8b1fbe1eff2d51dcfabc984191e2ebfae6c66836

    SHA256

    1b4933153d25028ed08c8afec578f262e5a26446c8da9a932fb5268fcd1f049c

    SHA512

    749d5688aacbf33031e5adc1a168edc00a8d8e5c1906c6ca11e2efedb27e9542c7ed0a70f9bc8c7027e0415770efcf9e7a9d18347bab644f3cb5d09008b744ba

    Download Submit

  • /data/data/com.profusionstudios.powerlineio.fhp/databases/ua.db-wal
    Filesize

    16KB

    MD5

    42867bb77370eb97872855618daa4ad2

    SHA1

    07321f6125f5a325569fb29b19d713c7b49b4ada

    SHA256

    f1527856c5586c874263e094be160a3574ff8a5681eaedca85324fc3dd038983

    SHA512

    0bcd5da63da6a37a602eff645860a4d386c2994055d54329abc4757e0d86fbce899332917502aeeb9bd0cf9f589e02d16e41c351311b0dce6928818f562d069b

    Download Submit