Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
152s -
max time network
159s -
platform
android_x64 -
resource
android-x64-arm64-20240221-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system -
submitted
27/03/2024, 09:28 UTC
Behavioral task
behavioral1
Sample
19e74d9f5649e9180b2b32b95c654e7fe448d989a44c15c9b3c245fa3150df5a.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
19e74d9f5649e9180b2b32b95c654e7fe448d989a44c15c9b3c245fa3150df5a.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral3
Sample
19e74d9f5649e9180b2b32b95c654e7fe448d989a44c15c9b3c245fa3150df5a.apk
Resource
android-x64-arm64-20240221-en
Behavioral task
behavioral4
Sample
2242164a5dacbf84465af4b36743c4874eac7688a6ebcc44cdc93940ce1d4622.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral5
Sample
2242164a5dacbf84465af4b36743c4874eac7688a6ebcc44cdc93940ce1d4622.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral6
Sample
2242164a5dacbf84465af4b36743c4874eac7688a6ebcc44cdc93940ce1d4622.apk
Resource
android-x64-arm64-20240221-en
Behavioral task
behavioral7
Sample
51e4cb5f7ae8defcb429de7a3476de7f4aa60deccd76a17f8aa03d3fddf1a0be.apk
Resource
android-x86-arm-20240221-en
General
-
Target
19e74d9f5649e9180b2b32b95c654e7fe448d989a44c15c9b3c245fa3150df5a.apk
-
Size
4.5MB
-
MD5
f0fffd3459637546cf65cff79da1bde7
-
SHA1
49aae3372d8d63be7b2adf057739429cbebf861b
-
SHA256
19e74d9f5649e9180b2b32b95c654e7fe448d989a44c15c9b3c245fa3150df5a
-
SHA512
8a182ca9c9e780a9e0df6c80ca1ab36f89d84312196e7985ae7ac2fc624ba80163514042e610e50548d8c861239633efe20ebe0bf60daffc45430f9e8b855425
-
SSDEEP
98304:u9hinlhin6Vhinahinx1hin6hinshinUhinxIeZ9o2mH9krEXw:ubCzC6DC8CxjCcCyCKCxN9pmH9kIXw
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 2 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.snbaco.newapp Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.snbaco.newapp -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.snbaco.newapp -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.snbaco.newapp
Processes
Network
-
Remote address:1.1.1.1:53Requestandroid.apis.google.comIN AResponseandroid.apis.google.comIN CNAMEclients.l.google.comclients.l.google.comIN A142.250.178.14
-
Remote address:1.1.1.1:53Requestssl.google-analytics.comIN AResponsessl.google-analytics.comIN A216.58.204.72
-
Remote address:1.1.1.1:53Requestfreeipapi.comIN AResponsefreeipapi.comIN A104.21.94.136freeipapi.comIN A172.67.168.79
-
Remote address:1.1.1.1:53Requestfreeipapi.comIN A
-
Remote address:104.21.94.136:443RequestGET /api/json HTTP/2.0
host: freeipapi.com
accept-encoding: gzip
user-agent: okhttp/4.9.0
ResponseHTTP/2.0 200
content-type: application/json
cache-control: no-cache, private
x-ratelimit-limit: 60
x-ratelimit-remaining: 57
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PLFWLxD7r%2Fnp8ykH2rU%2B3qvFXN%2FkZZXUU8Zd%2BKvy%2ByX%2Bzi9HCBMVFtkiyMcbGPzeU6N2N8P1Mr5QDGsMiIFwAz7zuuPcAcarg50i2zvZt%2BbMNxfNvhR7v0j9qmzAY7yd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86ae5b5cb93793f1-LHR
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
-
Remote address:104.21.94.136:443RequestGET /api/json HTTP/2.0
host: freeipapi.com
accept-encoding: gzip
user-agent: okhttp/4.9.0
ResponseHTTP/2.0 200
content-type: application/json
cache-control: no-cache, private
x-ratelimit-limit: 60
x-ratelimit-remaining: 56
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tIYCieTfdIybeewzbbULtr%2FIc1q1cf9VuuZHF10xkpbJEvJ5Ftqjq%2FV7HaPKt2PN9iG6c%2BnduJmerrlTQR4gNmaugjRjqXWdZQg9%2F%2FQo6o00zNrT6VBiw%2BzBmgup50pM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86ae5b5cb93993f1-LHR
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
-
695 B 40 B 1 1
-
1.4kB 40 B 2 1
-
999 B 4.7kB 8 7
-
1.3kB 40 B 1 1
-
532 B 40 B 1 1
-
4.9kB 7.9kB 20 16
-
1.4kB 6.6kB 10 10
-
189.8kB 5.7kB 201 133
-
2.0kB 6.0kB 16 12
HTTP Request
GET https://freeipapi.com/api/jsonHTTP Request
GET https://freeipapi.com/api/jsonHTTP Response
200HTTP Response
200 -
1.2kB 3.8kB 9 7
-
919 B 40 B 2 1
-
12.2kB 9.6kB 38 28
-
3.7kB 11
-
51 B 50 B 1 1
-
51 B 50 B 1 1
-
69 B 109 B 1 1
DNS Request
android.apis.google.com
DNS Response
142.250.178.14
-
70 B 86 B 1 1
DNS Request
ssl.google-analytics.com
DNS Response
216.58.204.72
-
118 B 91 B 2 1
DNS Request
freeipapi.com
DNS Request
freeipapi.com
DNS Response
104.21.94.136172.67.168.79
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
309B
MD5cad0d927c3585c0e21688980f14315a6
SHA117c76f4c6fe4bc006c3d5b9e6a5d4a37d8db2041
SHA2564e5ab1c0cb9c537b3b4f64f1e7477151971ae9d53df6ae0c4404c9a8f824f44c
SHA512c42000b1e16bfa2d316fd626f4d7ceab1c985e7257ed68bb3bcfa68f7356bc6e4bd125b09b0952a189aa522234d6fc1c56feac5a842cc1f7b8ae3c278dda697e
-
Filesize
4B
MD5098f6bcd4621d373cade4e832627b4f6
SHA1a94a8fe5ccb19ba61c4c0873d391e987982fbbd3
SHA2569f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
SHA512ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff
-
Filesize
40KB
MD50f846d61a922fcd3852c7241f99dc9bc
SHA12198433f3a500dcf88048096d0dbdb9f26b7ce47
SHA25639ced8a590d3e71780b7d787db9b98065d9cd7a9f987dda085fb837a012cff8d
SHA512d2380af9ad7c68ffdca1745f6dc3f747cc5ff5622ad1c6a1b1af79267c8d3d1f28fe6e01c435797a77309ec31ce085a3c6866503b01bc9850f679ffb34ea3c08
-
Filesize
121KB
MD57b38720a0352dffa26411726c72dd2b0
SHA1b15e687f42abcdc12427f146a3115ef2259211f8
SHA2562013f490d45638cada331b3474ed65b9a43cec60da773accc98332e58c06336d
SHA5120df28f87da4f9beb3ca8c108f54021a2a1a1434771abbb5ba67a2736097f2287b05e5220a33e92c42ee13ecae1144714a422b986763712794f69e65bc44c83e3
-
Filesize
11B
MD51b65c10c6215685f9d621d797f911373
SHA1cc50aaed5cd521a62ec8cf9fe0413153ec90f265
SHA2562230c2b2787663a054c47450ecd1718f0296853ad768b8e5d306ecb912685e89
SHA5125a9139f295dbe384b1584eff5c11f3f86759232f7b661b75f27fe92b996b4cdc0552e315f79b26f5f2c1f91756d9ae04cf0c3675b6172e91a3d373b9b314496f