Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e07fd729182650c77f29293c6e4522c5.bin
-
Size
900KB
-
Sample
240503-b8tl9aca91
-
MD5
f46dbaa99fd94e6cf37bcfd3f342b655
-
SHA1
374bba533b4590d8e1b0b8db3b96b315bedfa327
-
SHA256
fb3375e035518ce5d71bf5038b8870b5246c2a2d2e06628350322e6ada734234
-
SHA512
c173696a445fa90f136ba092f304fd7e4708f4467b26e48ae39ecf3081be240e1cee9a558a41082d93357b9f657343557bf0735e1c0a6b32c726fc41b367a8c8
-
SSDEEP
24576:Pb8m7MSsdJcYFtc2U0qtvY8XNWYTr6vC+SZ8a:TbMda2URv1NWYCvE
Behavioral task
behavioral1
Sample
697a13b1358a09008afcf17117a04cb253a11a30cd24944be1c60a4696dc27f0.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
697a13b1358a09008afcf17117a04cb253a11a30cd24944be1c60a4696dc27f0.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral3
Sample
697a13b1358a09008afcf17117a04cb253a11a30cd24944be1c60a4696dc27f0.apk
Resource
android-x64-arm64-20240221-en
Malware Config
Extracted
hook
http://54.36.113.159:3434
Targets
-
-
Target
697a13b1358a09008afcf17117a04cb253a11a30cd24944be1c60a4696dc27f0.zip
-
Size
1.1MB
-
MD5
e07fd729182650c77f29293c6e4522c5
-
SHA1
9e0c183e6ef61953cea9d29bf4fc6ea2cbd8a164
-
SHA256
697a13b1358a09008afcf17117a04cb253a11a30cd24944be1c60a4696dc27f0
-
SHA512
8673e7b983773e58f83d4a75b7a7cc7dbb6d0bfcc16d47848800cd491fb224880e1867fe198ac35f3dec496f2154a5792539bfa2e27cb557336331379e86dca7
-
SSDEEP
24576:sbKs3t7YSbMlettFATgZYfw20V/ojyx5g/Qn2q:zW5YSRFATgyfw2E/Xx5g/7q
-
Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-
Queries the phone number (MSISDN for GSM devices)
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Requests enabling of the accessibility settings.
-
Acquires the wake lock
-
Reads information about phone network operator.
-
Schedules tasks to execute at a specified time
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Foreground Persistence
1Hide Artifacts
1Suppress Application Icon
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Discovery
Process Discovery
1System Network Configuration Discovery
3System Network Connections Discovery
1