Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4372_ymusic_arm64.apk

  • Size

    9.1MB

  • Sample

    240423-yqj2esbc8v

  • MD5

    09acbc3764e707dddad6d26f5fb74636

  • SHA1

    c42380cb2ad13e349deaa2cb31e596d863673b2e

  • SHA256

    4c1b9ff58bb37781fe91c2e9cd36ea8b7f095af96f2905ce533cbdee1c4e02f9

  • SHA512

    e387766d83b18d6a75aea99f4dc0e7827d42e2526d8a45d29bfbf90cfb863302f762af176ac67f1cc10b8662801ec0d52c61e8a6000eecbfb4b1e41851e884d5

  • SSDEEP

    196608:NDUG1SWt29puv/LHb+kYP+LPyI1RiwrbuBlSE4dbPTkmu3w:NDU9+rqkY2byIH7mJmZ

Malware Config

Targets

    • Target

      4372_ymusic_arm64.apk

    • Size

      9.1MB

    • MD5

      09acbc3764e707dddad6d26f5fb74636

    • SHA1

      c42380cb2ad13e349deaa2cb31e596d863673b2e

    • SHA256

      4c1b9ff58bb37781fe91c2e9cd36ea8b7f095af96f2905ce533cbdee1c4e02f9

    • SHA512

      e387766d83b18d6a75aea99f4dc0e7827d42e2526d8a45d29bfbf90cfb863302f762af176ac67f1cc10b8662801ec0d52c61e8a6000eecbfb4b1e41851e884d5

    • SSDEEP

      196608:NDUG1SWt29puv/LHb+kYP+LPyI1RiwrbuBlSE4dbPTkmu3w:NDU9+rqkY2byIH7mJmZ

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Acquires the wake lock

    • Checks if the internet connection is available

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Checks the presence of a debugger

MITRE ATT&CK Mobile v15

Tasks