Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

66c4513025..._1.apk

android-9-x86

10

66c4513025..._1.apk

android-10-x64

10

66c4513025..._1.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    66c4513025128719dda018820cc0987e_1

  • Size

    3.0MB

  • Sample

    240517-w2hlmace61

  • MD5

    66c4513025128719dda018820cc0987e

  • SHA1

    4dcc2d9ef4921b3eb4e4dc72dd3716520d558102

  • SHA256

    c19cf001efb893cfb4f3aedb1c4c3771ce8419d3838e1bc399e88a12b583b28c

  • SHA512

    dd5ed77e8f110ceafe036adcf673dfb77b46e78d23815abcf25cbe08ad6631bf6c348bdab49ca497ed44c77c1ad0b19425fd8ed44063cb1da8dbe9b84fab49bd

  • SSDEEP

    49152:HYvtHWc3kQdaWWce2fFeeC6K6iZHyqDmLJTsY2424rTOoQE2jvKuAz:Hodz3kQAW3ft9CH79dD2JNvS+

Score
10/10
spynoteandroidbankerdiscoveryevasioninfostealerpersistencerattrojan

Malware Config

Targets

    • Target

      66c4513025128719dda018820cc0987e_1

    • Size

      3.0MB

    • MD5

      66c4513025128719dda018820cc0987e

    • SHA1

      4dcc2d9ef4921b3eb4e4dc72dd3716520d558102

    • SHA256

      c19cf001efb893cfb4f3aedb1c4c3771ce8419d3838e1bc399e88a12b583b28c

    • SHA512

      dd5ed77e8f110ceafe036adcf673dfb77b46e78d23815abcf25cbe08ad6631bf6c348bdab49ca497ed44c77c1ad0b19425fd8ed44063cb1da8dbe9b84fab49bd

    • SSDEEP

      49152:HYvtHWc3kQdaWWce2fFeeC6K6iZHyqDmLJTsY2424rTOoQE2jvKuAz:Hodz3kQAW3ft9CH79dD2JNvS+

    Score
    10/10
    spynotebankerdiscoveryevasioninfostealerpersistencerattrojan

    • Spynote

      Spynote is a Remote Access Trojan first seen in 2017.

      bankertrojaninfostealerratspynote

    • Spynote payload

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Registers a broadcast receiver at runtime (usually for listening for system events)

      persistence

    • Requests dangerous framework permissions

    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks