Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

6

VirusShare...64.apk

android-9-x86

7

VirusShare...64.apk

android-10-x64

1

VirusShare...64.apk

android-11-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    VirusShare_9cfb618d54d4b782a3d470defd79e564

  • Size

    37KB

  • Sample

    240608-1krv7ahe29

  • MD5

    9cfb618d54d4b782a3d470defd79e564

  • SHA1

    cf58d21d98bcf9c4d037cced8f607eeae35a4822

  • SHA256

    595032b6998ec767e6503178134c772ea5bd0d18a4f2f6e5b09611ef66b81b4b

  • SHA512

    e78ab0f9f9a0e6fc5864260048af3979b487716044082bcdadc9628256989aca0e2a412e7a781d4435f5e8c14686d486cd87dcd8fce26242ac0f01d452fd671a

  • SSDEEP

    768:xvFOYulSKRhF/XaCqtmO6FK9yjDi0djPgIYO2haZVeGav27p/CeePCGs:xvFSSKRjXa/k2yjpjPgIYh4ZZRp/3

Score
7/10
androidbankercollectioncredential_accessdiscoveryevasionimpactpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      VirusShare_9cfb618d54d4b782a3d470defd79e564

    • Size

      37KB

    • MD5

      9cfb618d54d4b782a3d470defd79e564

    • SHA1

      cf58d21d98bcf9c4d037cced8f607eeae35a4822

    • SHA256

      595032b6998ec767e6503178134c772ea5bd0d18a4f2f6e5b09611ef66b81b4b

    • SHA512

      e78ab0f9f9a0e6fc5864260048af3979b487716044082bcdadc9628256989aca0e2a412e7a781d4435f5e8c14686d486cd87dcd8fce26242ac0f01d452fd671a

    • SSDEEP

      768:xvFOYulSKRhF/XaCqtmO6FK9yjDi0djPgIYO2haZVeGav27p/CeePCGs:xvFSSKRjXa/k2yjpjPgIYh4ZZRp/3

    Score
    7/10
    bankercollectiondiscoveryevasionimpactpersistenceprivilege_escalationcredential_access

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Reads the content of the call log.

      collection

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Queries the mobile country code (MCC)

      discovery

    • Tries to add a device administrator.

      privilege_escalationimpact
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1626

Device Administrator Permissions

1
T1626.001

Defense Evasion

Foreground Persistence

1
T1541

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

1
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Protected User Data

1
T1636

Call Log

1
T1636.002

Command and Control

Exfiltration

Impact

Account Access Removal

1
T1640

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Tasks