Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

6

8ec873f849...3d.apk

android-9-x86

7

8ec873f849...3d.apk

android-10-x64

7

8ec873f849...3d.apk

android-11-x64

7

Analysis

  • max time kernel
    69s
  • max time network
    160s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    28/06/2024, 22:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8ec873f84949385ac5fbed4194503f126d5737a995f4fc2cec9789c1862b183d.apk

  • Size

    4.5MB

  • MD5

    dbf4a1cef33a59c6235bf428991414fb

  • SHA1

    e910296bfd6ca507fef563d2060b3f2bd8c0ebed

  • SHA256

    8ec873f84949385ac5fbed4194503f126d5737a995f4fc2cec9789c1862b183d

  • SHA512

    a7214f5aa7a56ef751c13768aa47cc524002663c8af1156983d715d9259c92cb12c9350052f150d3a4142236b505818475c37471ba7c4f1678f6b6c1c871900d

  • SSDEEP

    98304:hkhfz/QEcYcC3GVDssvvO9h9CwfLyEefaq7P8:YQEL2VjgfzyzaqI

Score
7/10
bankercollectioncredential_accessdiscoveryevasionexecutionpersistence

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Acquires the wake lock 1 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 6 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • com.bean.cousin
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Queries account information for other applications stored on the device
    • Reads the contacts stored on the device.
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:4956

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Credential Access

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Protected User Data

1
T1636

Contact List

1
T1636.003

Screen Capture

1
T1513

Stored Application Data

1
T1409

Command and Control

Exfiltration

Impact

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.bean.cousin/app_DynamicOptDex/CtaDwII.json
    Filesize

    2.2MB

    MD5

    c9ea4a96385657ebb6555b6d4d5eca0c

    SHA1

    5bae7c22a1bc9d4d0410a9a2a66056ebe00a7e93

    SHA256

    11b1cbdef463227d288271c05101ed180109d372d68fc924c29db43bf518922b

    SHA512

    e42bbc1ab5dcea9d0c54ff9ebf71919e97ec8ea49793e05179414a95a034f9108b709cbc52fd25c8a6f1d48d249b9d0bb59bfcabdac4f4853d0177ab3fdfce8c

    Download Submit

  • /data/data/com.bean.cousin/app_DynamicOptDex/CtaDwII.json
    Filesize

    2.2MB

    MD5

    f7f7cdf82b7b6c72882a6172213d0aff

    SHA1

    c423b55cb32e1c04cc8cca01cddf1d1264ab8777

    SHA256

    f6776bddb6a62dfaabcdf46eb1d5e22374ba0cfbabc45915ba887637b2f28c71

    SHA512

    e496bd409bc49ecf86bf98ed6924bfc78caa0729cc7e8277f3e53534b4aa9daee504712f885f2c46c0ee60f7b8e9e8db7b3a4e9dc20292bf24d9e81c3a6a24b7

    Download Submit

  • /data/data/com.bean.cousin/app_DynamicOptDex/oat/CtaDwII.json.cur.prof
    Filesize

    4KB

    MD5

    951dfd7d0e29e4a461cc55beabf5e698

    SHA1

    7b948b9e5d627ef9ac6f103ed719f7293e830313

    SHA256

    957c7766bd05946e2d34f26bea5e3674d2b24cab7d78c893fc3e86a34ecfc6a7

    SHA512

    0084ef9d0ad15dc08fcdc1fdb2815b9b5714d1152f9789b79680c025164f1e5b2492555c3cef9c7b092568cc8c513a56df5a45ea67ce00e01fed115152575c45

    Download Submit

  • /data/data/com.bean.cousin/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.bean.cousin/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    7cd969ff930842a380d995c47ff5572d

    SHA1

    cb0dc15f49734bb4072e33b1905ddb371adc09b0

    SHA256

    2db34cc19147ef448988db2e994a683045d881258c9f021cc2165b981b07fc5e

    SHA512

    096a1b1e16d1d537a95f6959e4e57c07cf8d4d301e0604bfc0467ce78acfe890cc1daf299f3504b67d88113e311ea8a1460b0ffe12769ffebe62e1d0e55a02eb

    Download Submit

  • /data/data/com.bean.cousin/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.bean.cousin/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    fedc758f3073d7c607293ca60d0b9d41

    SHA1

    ca2912507fe91d583408232f7554fd9a08208a81

    SHA256

    102b8e3041f05ae7dcf70e06eafbdd6605d7412711a49b395ff7aeb16a4a8c64

    SHA512

    5ff099d8346a2d2306697b1482d6ae952bab9a5ca8545653b8ee77521adb78b8d83400f5df03cb12e4d25184060ad56bb08c9ba89ba3aa8adfb5e8c3ec591748

    Download Submit

  • /data/data/com.bean.cousin/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    fe5aa692f6810c9bf5f5ec73b73e84bd

    SHA1

    923f29903989e05271ce322df924998dda24ae0c

    SHA256

    00c93fdf14a37baa1e0b0d0819392145b5759f436f4bc6a9ff58139baa6bc105

    SHA512

    b2afe8f3f872155c4d1b8ac32be66b2d4e5721bac9963c7441df88485947799703dc73ad43caeb88f41453205cdcf16dbfe8df13b30c1ce53bcff19594c3653d

    Download Submit

  • /data/data/com.bean.cousin/no_backup/androidx.work.workdb-wal
    Filesize

    197KB

    MD5

    18d7ddaa0f8e6cd74ac51d693237a363

    SHA1

    9bd905d4baed1113cf2bf8b52a309dbdbc875e5c

    SHA256

    242701b175f8a72965a7d885c99302f17bc14787b831676e00654943c3f4f07f

    SHA512

    0dfff86fb5630775cfc1d0b8a6cf3ab5fe56e0a0d7588ee2bfb69c3cfd934632604c3161b18efc7b1a814029e958da2bf88a9dd76741f033d65d1c91ad1eeeaa

    Download Submit

  • /data/user/0/com.bean.cousin/app_DynamicOptDex/CtaDwII.json
    Filesize

    6.0MB

    MD5

    cb83525904c2bff0cb586d662c5fe2b9

    SHA1

    2d63ff2e85b34006a5517f85deb470ff48734df5

    SHA256

    acd7234022738f4e8499749de805c474879fea06de0d7ca066483d03e7ef02f5

    SHA512

    33eced5d3bead49bb238f08bac960044c7359262fdd58ab559cb38c47528859e24f8578e32743ba6a1630ce7e45497c9f99edb0b96c5c8fa6c0a4ca7fb15fd3e

    Download Submit