Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    152s
  • max time network
    159s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240221-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
  • submitted
    27/03/2024, 09:28 UTC

General

  • Target

    19e74d9f5649e9180b2b32b95c654e7fe448d989a44c15c9b3c245fa3150df5a.apk

  • Size

    4.5MB

  • MD5

    f0fffd3459637546cf65cff79da1bde7

  • SHA1

    49aae3372d8d63be7b2adf057739429cbebf861b

  • SHA256

    19e74d9f5649e9180b2b32b95c654e7fe448d989a44c15c9b3c245fa3150df5a

  • SHA512

    8a182ca9c9e780a9e0df6c80ca1ab36f89d84312196e7985ae7ac2fc624ba80163514042e610e50548d8c861239633efe20ebe0bf60daffc45430f9e8b855425

  • SSDEEP

    98304:u9hinlhin6Vhinahinx1hin6hinshinUhinxIeZ9o2mH9krEXw:ubCzC6DC8CxjCcCyCKCxN9pmH9kIXw

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 2 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Acquires the wake lock 1 IoCs

Processes

  • com.snbaco.newapp
    1⤵
    • Makes use of the framework's Accessibility service
    • Makes use of the framework's foreground persistence service
    • Acquires the wake lock
    PID:4455

Network

  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.178.14
  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
    Response
    ssl.google-analytics.com
    IN A
    216.58.204.72
  • flag-us
    DNS
    freeipapi.com
    Remote address:
    1.1.1.1:53
    Request
    freeipapi.com
    IN A
    Response
    freeipapi.com
    IN A
    104.21.94.136
    freeipapi.com
    IN A
    172.67.168.79
  • flag-us
    DNS
    freeipapi.com
    Remote address:
    1.1.1.1:53
    Request
    freeipapi.com
    IN A
  • flag-us
    GET
    https://freeipapi.com/api/json
    Remote address:
    104.21.94.136:443
    Request
    GET /api/json HTTP/2.0
    host: freeipapi.com
    accept-encoding: gzip
    user-agent: okhttp/4.9.0
    Response
    HTTP/2.0 200
    date: Wed, 27 Mar 2024 09:29:35 GMT
    content-type: application/json
    cache-control: no-cache, private
    x-ratelimit-limit: 60
    x-ratelimit-remaining: 57
    access-control-allow-origin: *
    x-frame-options: SAMEORIGIN
    x-content-type-options: nosniff
    cf-cache-status: DYNAMIC
    report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PLFWLxD7r%2Fnp8ykH2rU%2B3qvFXN%2FkZZXUU8Zd%2BKvy%2ByX%2Bzi9HCBMVFtkiyMcbGPzeU6N2N8P1Mr5QDGsMiIFwAz7zuuPcAcarg50i2zvZt%2BbMNxfNvhR7v0j9qmzAY7yd"}],"group":"cf-nel","max_age":604800}
    nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    server: cloudflare
    cf-ray: 86ae5b5cb93793f1-LHR
    content-encoding: gzip
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    https://freeipapi.com/api/json
    Remote address:
    104.21.94.136:443
    Request
    GET /api/json HTTP/2.0
    host: freeipapi.com
    accept-encoding: gzip
    user-agent: okhttp/4.9.0
    Response
    HTTP/2.0 200
    date: Wed, 27 Mar 2024 09:29:35 GMT
    content-type: application/json
    cache-control: no-cache, private
    x-ratelimit-limit: 60
    x-ratelimit-remaining: 56
    access-control-allow-origin: *
    x-frame-options: SAMEORIGIN
    x-content-type-options: nosniff
    cf-cache-status: DYNAMIC
    report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tIYCieTfdIybeewzbbULtr%2FIc1q1cf9VuuZHF10xkpbJEvJ5Ftqjq%2FV7HaPKt2PN9iG6c%2BnduJmerrlTQR4gNmaugjRjqXWdZQg9%2F%2FQo6o00zNrT6VBiw%2BzBmgup50pM"}],"group":"cf-nel","max_age":604800}
    nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    server: cloudflare
    cf-ray: 86ae5b5cb93993f1-LHR
    content-encoding: gzip
    alt-svc: h3=":443"; ma=86400
  • 142.250.180.14:443
    tls, https
    695 B
    40 B
    1
    1
  • 142.250.180.14:443
    tls, https
    1.4kB
    40 B
    2
    1
  • 142.250.180.14:443
    android.apis.google.com
    tls
    999 B
    4.7kB
    8
    7
  • 172.217.169.74:443
    tls, https
    1.3kB
    40 B
    1
    1
  • 172.217.169.74:443
    tls, https
    532 B
    40 B
    1
    1
  • 142.250.178.14:443
    android.apis.google.com
    tls
    4.9kB
    7.9kB
    20
    16
  • 216.58.204.72:443
    ssl.google-analytics.com
    tls
    1.4kB
    6.6kB
    10
    10
  • 46.249.35.219:56897
    189.8kB
    5.7kB
    201
    133
  • 104.21.94.136:443
    https://freeipapi.com/api/json
    tls, http2
    2.0kB
    6.0kB
    16
    12

    HTTP Request

    GET https://freeipapi.com/api/json

    HTTP Request

    GET https://freeipapi.com/api/json

    HTTP Response

    200

    HTTP Response

    200
  • 104.21.94.136:443
    freeipapi.com
    tls, http2
    1.2kB
    3.8kB
    9
    7
  • 216.58.201.100:443
    tls, https
    919 B
    40 B
    2
    1
  • 216.58.201.100:443
    www.google.com
    tls
    12.2kB
    9.6kB
    38
    28
  • 224.0.0.251:5353
    3.7kB
    11
  • 216.58.213.10:443
    https
    51 B
    50 B
    1
    1
  • 142.250.200.46:443
    https
    51 B
    50 B
    1
    1
  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
    109 B
    1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.178.14

  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    70 B
    86 B
    1
    1

    DNS Request

    ssl.google-analytics.com

    DNS Response

    216.58.204.72

  • 1.1.1.1:53
    freeipapi.com
    dns
    118 B
    91 B
    2
    1

    DNS Request

    freeipapi.com

    DNS Request

    freeipapi.com

    DNS Response

    104.21.94.136
    172.67.168.79

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.snbaco.newapp/cache/1

    Filesize

    309B

    MD5

    cad0d927c3585c0e21688980f14315a6

    SHA1

    17c76f4c6fe4bc006c3d5b9e6a5d4a37d8db2041

    SHA256

    4e5ab1c0cb9c537b3b4f64f1e7477151971ae9d53df6ae0c4404c9a8f824f44c

    SHA512

    c42000b1e16bfa2d316fd626f4d7ceab1c985e7257ed68bb3bcfa68f7356bc6e4bd125b09b0952a189aa522234d6fc1c56feac5a842cc1f7b8ae3c278dda697e

  • /data/user/0/com.snbaco.newapp/cache/~test.test

    Filesize

    4B

    MD5

    098f6bcd4621d373cade4e832627b4f6

    SHA1

    a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

    SHA256

    9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08

    SHA512

    ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff

  • /data/user/0/com.snbaco.newapp/files/db.db

    Filesize

    40KB

    MD5

    0f846d61a922fcd3852c7241f99dc9bc

    SHA1

    2198433f3a500dcf88048096d0dbdb9f26b7ce47

    SHA256

    39ced8a590d3e71780b7d787db9b98065d9cd7a9f987dda085fb837a012cff8d

    SHA512

    d2380af9ad7c68ffdca1745f6dc3f747cc5ff5622ad1c6a1b1af79267c8d3d1f28fe6e01c435797a77309ec31ce085a3c6866503b01bc9850f679ffb34ea3c08

  • /data/user/0/com.snbaco.newapp/files/loading.gif

    Filesize

    121KB

    MD5

    7b38720a0352dffa26411726c72dd2b0

    SHA1

    b15e687f42abcdc12427f146a3115ef2259211f8

    SHA256

    2013f490d45638cada331b3474ed65b9a43cec60da773accc98332e58c06336d

    SHA512

    0df28f87da4f9beb3ca8c108f54021a2a1a1434771abbb5ba67a2736097f2287b05e5220a33e92c42ee13ecae1144714a422b986763712794f69e65bc44c83e3

  • /data/user/0/com.snbaco.newapp/files/txtscreensize.txt

    Filesize

    11B

    MD5

    1b65c10c6215685f9d621d797f911373

    SHA1

    cc50aaed5cd521a62ec8cf9fe0413153ec90f265

    SHA256

    2230c2b2787663a054c47450ecd1718f0296853ad768b8e5d306ecb912685e89

    SHA512

    5a9139f295dbe384b1584eff5c11f3f86759232f7b661b75f27fe92b996b4cdc0552e315f79b26f5f2c1f91756d9ae04cf0c3675b6172e91a3d373b9b314496f

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.