Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

6

5e31d798bb...29.apk

android-9-x86

7

5e31d798bb...29.apk

android-10-x64

7

5e31d798bb...29.apk

android-11-x64

7

Analysis

  • max time kernel
    10s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    12/06/2024, 23:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5e31d798bb12a72f73628cdf914e8123014892a6393bcb194e8aa803172e4d29.apk

  • Size

    321KB

  • MD5

    b9f89c751bc66f79a9725c18fdc77780

  • SHA1

    e2b50898b0acbc86acaaeffb66b86d199701fa06

  • SHA256

    5e31d798bb12a72f73628cdf914e8123014892a6393bcb194e8aa803172e4d29

  • SHA512

    1b9ee103a2e1d3fc2175e78fce1a8c47f5c81c16a3e6195031040a2837dc899d8d608e150095a090a8c1a8dab5cd7f65be9dad5398b11dea1f9b2e1c6a61ce0b

  • SSDEEP

    6144:AE6F4b6mB6DitCqAEaTlKGZMgSkvnc0rJKcb6h:AW8GtCZfJ9YkvnjKG6h

Score
7/10
discoveryevasion

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 24 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion

Processes

  • com.dsbfewsjkuiewjkfew21jkcuiew.security
    1⤵
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4270
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/0.obfedex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/oat/x86/0.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4296
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/1.obfedex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/oat/x86/1.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4319
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/2.obfedex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/oat/x86/2.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4343
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/3.obfedex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/oat/x86/3.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4368
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/4.obfedex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/oat/x86/4.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4390
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/5.obfedex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/oat/x86/5.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4413
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/6.obfedex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/oat/x86/6.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4441
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/7.obfedex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/oat/x86/7.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4475

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/0.obfedex
    Filesize

    51KB

    MD5

    4cc65fba32e83da3e8ab0f336b425df0

    SHA1

    bf00e554b5a75f9a833c867d521364064fded8b3

    SHA256

    a0a2c30619c2c84583e811f022288d6eb3d387e0dad8dc7d28d61d93be734c5f

    SHA512

    252a9264cca19dc79f4a36db558b5d34396d0d185cf6d58fe5f443bbf920108bf417d6f37d8e7e3b4c854e584103a2c1e9698a9dbdce01968973a381aed0144f

    Download Submit

  • /data/data/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/1.obfedex
    Filesize

    59KB

    MD5

    da6af6aad3011241eafdb3f3eb04d037

    SHA1

    ba03167591339de2db3611a5dc32f457fdb9f456

    SHA256

    2d017a2eade7e16464769aac761a134ee1fc954de3ce42ac34f1056a3eb47b2a

    SHA512

    ec2d5c2af12900957d0701d47251ecd7ef93d3710a9a6e0013459a1e4019c9560c92a7ac15e7056809fef608e86ab7196574e399d3a5a8ff526dc32e2740e896

    Download Submit

  • /data/data/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/2.obfedex
    Filesize

    19KB

    MD5

    f63cb0e957a8ef68e5824f06616ac788

    SHA1

    7f2c1b06807456156b424d7b64304fa63fa4defd

    SHA256

    63f798577567fe0864427e6afddd3993957014f05772ec94f875160f5f1a432a

    SHA512

    45a28d1a46873f9538eb410e2cee2bc9be56fc5568103c35e1dce6dced9c36f71987e39ef4441f05a4d0b73c315e8da0b5d2083b10cb91d27417d75dedb1da4e

    Download Submit

  • /data/data/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/3.obfedex
    Filesize

    15KB

    MD5

    fc1c9100351ea92917a9630bea84dd1d

    SHA1

    bd8689c24daae4cee834a71caa16a966a7601cbf

    SHA256

    5baebfd43f7a7a2c722bcf3bb643c149541f8c0836d3100cbe8ba5fdfe08c4ef

    SHA512

    abf2f47c5f27fc3406de415c2627678214b736c133ff3a35696b72fb3ac8a033f41c7edc9d487214068839464238e1afd4a893cdc300dd9ac0afe09077797b50

    Download Submit

  • /data/data/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/4.obfedex
    Filesize

    5KB

    MD5

    a173921e7f02588fc5a5727312a8aade

    SHA1

    68556a3b076252a58c772887b57c228becf0de1d

    SHA256

    61b4da1d56b9e64a3f3713d04ef0dc4675a00a24631e265e279dd37c4783b484

    SHA512

    2791782df7d7f3c5c842468e1bb7294f1104a68c9e33f697aa86351be9424067adef7af9b6573915b9b48f73203b9799a4e0d837f10105fc5b0847193ff439fa

    Download Submit

  • /data/data/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/5.obfedex
    Filesize

    9KB

    MD5

    25b4dd2f9ee6229bc4dc392b4ac614a8

    SHA1

    5e4c9139f52cdf3ac47fe959da6f46bdd8d3b760

    SHA256

    061c0c01e4471523c0e09d2e8a86afb251f30f2a086ac3fa2a04ecd6645fea0a

    SHA512

    0779ff33b8cc5437ef8849b856af110b2ed7f4d8c411c62e03f2e516fb7f5d6220097e698bb185e0703811af9150ec377bee16bffbdedc664ee84fed3a1b8a05

    Download Submit

  • /data/data/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/6.obfedex
    Filesize

    4KB

    MD5

    d942556b6c563a25a774f1e64f623803

    SHA1

    fed3170dd5cbfef7317eb0492722629d0ff10c36

    SHA256

    f156f98a12ed9784508afcb5cde2129caac3d0c57fca059e14d98aff4450eb9b

    SHA512

    549330d91a585328de10ab4e42a0a2260c59eb913bf2115e055aca3f8630c475b513dc9593d4bf0307b4a6742a18064fbd24fa7c928b8df7c07bb93ccd351644

    Download Submit

  • /data/data/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/7.obfedex
    Filesize

    8KB

    MD5

    8e7637da08b4d48c7ef40ab8be2581b7

    SHA1

    8f3c64fd9a878fe376e36c97e3ee7a43268334e8

    SHA256

    bf177521cf2821ee2be2e0c9ec1cff748b6bdf823656a8dc6dd2ae0861d63ab1

    SHA512

    3edf90391312475e403eb53b616f07c36e6190450488272d0b4a54862820b6eb18ea3016ba87f97d7b556a04625c8e7145bb923ac71b93dcd172c0df0301f275

    Download Submit

  • /data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/0.obfedex
    Filesize

    51KB

    MD5

    b5ebbf0b8718b35d7ba0929a470ada93

    SHA1

    f7725bc9dbc466839f2209faa89f7e1d6cefff47

    SHA256

    99e98534853731722cbe4763410ef65f90001e9cc21cb07957ce86d0a684e653

    SHA512

    89156d37b03eb51d2ecd68c5da31aac0e941aaf9e552df799b5d4766e6b9198fffc5d48cfd7a92045f039b1ee7abedda808335bb5f391b8243b0c53e3002c6b3

    Download Submit

  • /data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/1.obfedex
    Filesize

    59KB

    MD5

    2205473057cc98bb79ae4b6b84790ac3

    SHA1

    caef04d1af34f333f117c1d8d47fffd17513d820

    SHA256

    e0b4456abd1bc2ff372fb1d1d3cf8a840d699288895eedbca88997d87702c1b7

    SHA512

    544259ed93b16f98c14cc839a158a5c90dd57193012899dad1b18894a4f902679998e9069e991b1a82733413082a12daef8af41fa2da56f381a5fbde00aad82a

    Download Submit

  • /data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/2.obfedex
    Filesize

    19KB

    MD5

    95944f5e949d490bb7827c43fa194b8f

    SHA1

    19869111fbafa4256e6c71e0b9c5b67ebb02c41c

    SHA256

    3766d03e5c28882e737f871a3f32659759a876a42a6d041ad2fdc41e5e8d2880

    SHA512

    9260a23c97a78707502b95ca7b7d1c4fa889c398cdea08ecc9f2fe40dc4f39baba5c878da9fc867f53aa3e378b90ab4d4a3475a616081aca6a045490294ddd83

    Download Submit

  • /data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/3.obfedex
    Filesize

    15KB

    MD5

    cb3162deed3b455fae1aff56bbc71e8a

    SHA1

    52e98ec50174b3cc687f029803a055a0adbaf063

    SHA256

    5c76c2bd1e08ad6ecff31eba50916c9c6ae1a7c1164a45e2374b5be725ce236e

    SHA512

    302197601868b3a0586e8e996382764d08f8b4d65a1432eb0f1d584aa274fafa769fdf3fcd0a45deeac7c791e0cd649cb98b5123c33f9056db30bd13ceb010b1

    Download Submit

  • /data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/4.obfedex
    Filesize

    5KB

    MD5

    27c18e8bc2f992d6d57b427dfdbd3664

    SHA1

    9d5f5ba013a6bb6c173586d2de0c66c59f9106ca

    SHA256

    ee1c61e88c843a99f7ed5dfe81cf1d0097ef9f092b692f3cb0ddf7e069ebb475

    SHA512

    d54833a8f67b43f4d6523be251478565193d40979d65e5b4fd30e4e69f9172f225d677c918476a1f4cf902251f245b67276764950958582be764b587bb66e182

    Download Submit

  • /data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/5.obfedex
    Filesize

    9KB

    MD5

    fbd45c33c17c2b89c65b65ef55fde6be

    SHA1

    dc135c416128b3ae332da5bd70ce5124e3cb86bc

    SHA256

    1b4703f1190b4eeede6be3f2008e2579b75f6a7641d2bb29cd4b04344413e361

    SHA512

    cca7af474bbd8c0a09728d7c91e44bd94bb3dece85d693fd443bed647ea0eaeeee07f4e3869de709f57ccef626e017f707716063b2e500fdaa442b0309337099

    Download Submit

  • /data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/6.obfedex
    Filesize

    4KB

    MD5

    fb403e4a89138fef63fbf1145b257a8f

    SHA1

    ac2684b11d384bf53bef0db16665e79a70cccb5f

    SHA256

    21721048cf274b6b2e18ce2e01b2bdbde4c1dc49605da38b7f68c30ed6ce61ea

    SHA512

    79951c80e69627b834232621933aa1e0d938313f9c8dc3b5e057f76fef69a0dd98f489fa5e94462cacac3a3092943aa511a6b4856a22216d53320b86b4ca6d0d

    Download Submit

  • /data/user/0/com.dsbfewsjkuiewjkfew21jkcuiew.security/app_tpod.jsn.c6d0.rsb/obfs/7.obfedex
    Filesize

    8KB

    MD5

    465b539a4ebfd07d43c41ab0ba794eb7

    SHA1

    66b093879885a7be0fdbe20709813d5e5ae02469

    SHA256

    a722bfcc6ff76ea9a63a3da1297c4c3214bc6ec318b773ad299f9e968c015204

    SHA512

    edab191c1730ae286acdab2a94cb072bd77d91df4b1b423197cdaa5b90f5d8af3038a9cca4be0d006cd1f850ec339f88bc71b2bb377ff6af18688305999cf0bb

    Download Submit

  • /storage/emulated/0/dsbfewsjkuiewjkfew21jkcuiew.txt
    Filesize

    2B

    MD5

    6512bd43d9caa6e02c990b0a82652dca

    SHA1

    17ba0791499db908433b80f37c5fbc89b870084b

    SHA256

    4fc82b26aecb47d2868c4efbe3581732a3e7cbcc6c2efb32062c08170a05eeb8

    SHA512

    74a49c698dbd3c12e36b0b287447d833f74f3937ff132ebff7054baa18623c35a705bb18b82e2ac0384b5127db97016e63609f712bc90e3506cfbea97599f46f

    Download Submit