Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
46s -
max time network
147s -
platform
android_x64 -
resource
android-x64-20240221-en -
resource tags
-
submitted
29/04/2024, 05:07
General
-
Target
Gta.apk
-
Size
720KB
-
MD5
6b4a2a223eadda8e24b39456dfc51e71
-
SHA1
ad4cf20ad940ea309fbe8688407c4e4790ef2f3d
-
SHA256
1e7db2759852e04e2cbe3b68e7490489f561b46cd693e2fceb4a61c15a732b9d
-
SHA512
7d0585d3423b1e6a4f3f96201267debd05f36b720040c51e740dc1cc819c9458ac674b6bea402261956408a08d0503a39c8354f1e816141c8005c155bea0986e
-
SSDEEP
12288:/btZ7ieCoVBaUt+aLMwyJH9xwBZMIg4z/usT3cgtN0Fj2C6M6Rq21lgxStWD2t:/5cIVsaKZ9xwoIg4z/HT3SFjJ6MGNWLk
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes
-
com.semi.translator1⤵
- Makes use of the framework's Accessibility service
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
24B
MD529c9a7f7fd7bfc854dcea30683ef40a1
SHA164edc693130136957bd9053b5eee651912df6b9a
SHA2564e732bb8a01846ab7501f5847889eeb8b359acbc3ce5fc71d53a47d2a9ae0b6e
SHA51285285cef04719745b3bd622d158a8b718ee4d8c9e8ca29bb2e2891cf9547d48dc0c1b7430f90c53da8a478c2e36dd77e0910c7c5b668ba160fcfda6e31033900