triada | ea0bcdae6c2f0e158c267f5d3580f057a9a5ea3ff29fa0ac2da88a010cbd5dc7 | Triage

Submit
Reports

Overview

overview

Static

static

[email protected]

android-9-x86

8

Sharing

General

Target

[email protected]
Size

76.2MB
Sample

240421-j2pzgseg37
MD5

fa3586d8a7d24f7c88b3b4e19b671a1b
SHA1

a47814279bfa69c4254a5caea6c70697de227543
SHA256

ea0bcdae6c2f0e158c267f5d3580f057a9a5ea3ff29fa0ac2da88a010cbd5dc7
SHA512

ed00b9f72b3b8fb3b6adaa74f95266bfa37041a029c3b89f71e751a8d5ac8965c8dc1339e690f3d2c47f0ca4a94a71101dc643e15854bce46614e0fec2b5c208
SSDEEP

1572864:VnaQ7AOLAjIo0dVZPapJHhbozN7/lOZ0x9i9xAJgQhDJQ+AX:IFR0dTQJoRTlOZ6uxASQhKnX

Score

10^/10

triada android discovery evasion impact persistence upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

[email protected]

Resource

android-x86-arm-20240221-en

discovery evasion impact persistence upx

android-9-x86

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  [email protected]
- Size
  
  76.2MB
- MD5
  
  fa3586d8a7d24f7c88b3b4e19b671a1b
- SHA1
  
  a47814279bfa69c4254a5caea6c70697de227543
- SHA256
  
  ea0bcdae6c2f0e158c267f5d3580f057a9a5ea3ff29fa0ac2da88a010cbd5dc7
- SHA512
  
  ed00b9f72b3b8fb3b6adaa74f95266bfa37041a029c3b89f71e751a8d5ac8965c8dc1339e690f3d2c47f0ca4a94a71101dc643e15854bce46614e0fec2b5c208
- SSDEEP
  
  1572864:VnaQ7AOLAjIo0dVZPapJHhbozN7/lOZ0x9i9xAJgQhDJQ+AX:IFR0dTQJoRTlOZ6uxASQhKnX
Score

8^/10

discovery evasion impact persistence upx
- Patched UPX-packed file
  Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Acquires the wake lock
- Checks if the internet connection is available
  discovery
- Reads information about phone network operator.
  discovery
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Tasks

static1

behavioral1

discoveryevasionimpactpersistenceupx

© 2018-2024

Terms | Privacy