Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
1URLScan
urlscan
1https://e-z.bio/vojt...
windows7-x64
1https://e-z.bio/vojt...
android-9-x86
1https://e-z.bio/vojt...
android-10-x64
7https://e-z.bio/vojt...
android-11-x64
1https://e-z.bio/vojt...
macos-10.15-amd64
4https://e-z.bio/vojt...
debian-12-armhf
https://e-z.bio/vojt...
ubuntu-20.04-amd64
7Analysis
-
max time kernel
116s -
max time network
129s -
platform
android_x64 -
resource
android-x64-20240221-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system -
submitted
09/03/2024, 20:13 UTC
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://e-z.bio/vojtax
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
https://e-z.bio/vojtax
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral3
Sample
https://e-z.bio/vojtax
Resource
android-x64-20240221-en
Behavioral task
behavioral4
Sample
https://e-z.bio/vojtax
Resource
android-x64-arm64-20240221-en
Behavioral task
behavioral5
Sample
https://e-z.bio/vojtax
Resource
macos-20240214-en
Behavioral task
behavioral6
Sample
https://e-z.bio/vojtax
Resource
debian12-armhf-20240221-en
General
-
Target
https://e-z.bio/vojtax
Malware Config
Signatures
-
Reads the content of photos stored on the user's device. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://media/external/images/media com.android.chrome
Network
-
Remote address:1.1.1.1:53Requestaccounts.google.comIN AResponseaccounts.google.comIN A173.194.76.84
-
Remote address:1.1.1.1:53Requeste-z.bioIN AResponsee-z.bioIN A104.26.11.196e-z.bioIN A172.67.74.119e-z.bioIN A104.26.10.196
-
Remote address:1.1.1.1:53Requestssl.google-analytics.comIN AResponsessl.google-analytics.comIN A216.58.212.200
-
Remote address:1.1.1.1:53Requestsafebrowsing.googleapis.comIN AResponsesafebrowsing.googleapis.comIN A172.217.16.234
-
Remote address:1.1.1.1:53Requestsafebrowsing.googleapis.comIN A
-
Remote address:1.1.1.1:53Requestr2-bios.e-z.hostIN A
-
Remote address:1.1.1.1:53Requestr2-bios.e-z.hostIN AResponser2-bios.e-z.hostIN A172.67.216.169r2-bios.e-z.hostIN A104.21.45.167
-
Remote address:1.1.1.1:53Requestwww.google.comIN AResponsewww.google.comIN A142.250.178.4
-
Remote address:1.1.1.1:53Requestupdate.googleapis.comIN AResponseupdate.googleapis.comIN A142.250.200.3
-
Remote address:142.250.200.3:443RequestPOST /service/update2 HTTP/1.1
Content-Length: 661
Content-Type: application/x-www-form-urlencoded
User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Pixel 2 Build/QSR1.210802.001)
Host: update.googleapis.com
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 200 OK
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 09 Mar 2024 20:14:17 GMT
Content-Type: text/xml; charset=UTF-8
X-Daynum: 6277
X-Daystart: 44057
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
-
Remote address:142.250.200.3:443RequestPOST /service/update2 HTTP/1.1
Content-Length: 655
Content-Type: application/x-www-form-urlencoded
User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Pixel 2 Build/QSR1.210802.001)
Host: update.googleapis.com
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 200 OK
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Sat, 09 Mar 2024 20:14:18 GMT
Content-Type: text/xml; charset=UTF-8
X-Daynum: 6277
X-Daystart: 44058
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
-
Remote address:1.1.1.1:53RequestcotpqpkgiqdwIN AResponse
-
Remote address:1.1.1.1:53RequestubgwoiignsslzzwIN AResponse
-
Remote address:1.1.1.1:53RequestzosikfowofnnhkwIN AResponse
-
Remote address:1.1.1.1:53Requestandroid.apis.google.comIN AResponseandroid.apis.google.comIN CNAMEclients.l.google.comclients.l.google.comIN A142.250.187.206
-
Remote address:1.1.1.1:53Requestandroid.apis.google.comIN A
-
Remote address:1.1.1.1:53Requestwww.google.comIN AResponsewww.google.comIN A142.250.187.228
-
2.1kB 7.6kB 18 13
-
8.1kB 282.9kB 118 211
-
987 B 940 B 7 4
-
2.2kB 6.0kB 10 7
-
953 B 4.4kB 7 6
-
1.8kB 1.0kB 11 5
-
1.7kB 8.4kB 13 15
-
2.2kB 11.3kB 19 20
-
4.1kB 8.5kB 14 15
HTTP Request
POST https://update.googleapis.com/service/update2HTTP Response
200HTTP Request
POST https://update.googleapis.com/service/update2HTTP Response
200 -
128 B 40 B 2 1
-
857 B 40 B 1 1
-
3.7kB 7.9kB 12 18
-
430 B 40 B 2 1
-
12.3kB 9.6kB 27 30
-
3.6kB 40 B 3 1
-
3.7kB 11
-
65 B 81 B 1 1
DNS Request
accounts.google.com
DNS Response
173.194.76.84
-
53 B 101 B 1 1
DNS Request
e-z.bio
DNS Response
104.26.11.196172.67.74.119104.26.10.196
-
70 B 86 B 1 1
DNS Request
ssl.google-analytics.com
DNS Response
216.58.212.200
-
146 B 89 B 2 1
DNS Request
safebrowsing.googleapis.com
DNS Request
safebrowsing.googleapis.com
DNS Response
172.217.16.234
-
62 B 1
DNS Request
r2-bios.e-z.host
-
62 B 94 B 1 1
DNS Request
r2-bios.e-z.host
DNS Response
172.67.216.169104.21.45.167
-
60 B 76 B 1 1
DNS Request
www.google.com
DNS Response
142.250.178.4
-
67 B 83 B 1 1
DNS Request
update.googleapis.com
DNS Response
142.250.200.3
-
58 B 133 B 1 1
DNS Request
cotpqpkgiqdw
-
61 B 136 B 1 1
DNS Request
ubgwoiignsslzzw
-
61 B 136 B 1 1
DNS Request
zosikfowofnnhkw
-
138 B 109 B 2 1
DNS Request
android.apis.google.com
DNS Request
android.apis.google.com
DNS Response
142.250.187.206
-
60 B 76 B 1 1
DNS Request
www.google.com
DNS Response
142.250.187.228
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6KB
MD52debd58b21acefa88d0ee9af317eb693
SHA1b5c28117cb2c594b1a9e898aff5a705652096032
SHA2560136028f79df96b782c5daf302fc8e927d7269ef49f8fcabacba20cd22d9250c
SHA512593e8c4fe2c5a8bd311c90a266910f1c37087caaa7256e62414337b54a33a18c8d4e85f99c17b0522154a59e5afc2cd35fa89a85f62e273400d6db1e71dda3dc