Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

c0cf231fc9...b3.apk

android-9-x86

6

c0cf231fc9...b3.apk

android-10-x64

6

c0cf231fc9...b3.apk

android-11-x64

6

Analysis

  • max time kernel
    10s
  • max time network
    135s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    29/06/2024, 22:02 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c0cf231fc9bbea9743fa3ad0376a0a97ab040291004eadc13bb755e08a04afb3.apk

  • Size

    3.7MB

  • MD5

    1ca1896d0ffba709220d700f7ded2aea

  • SHA1

    f23f58bb31a9433949b48e4e9e360f73413bae88

  • SHA256

    c0cf231fc9bbea9743fa3ad0376a0a97ab040291004eadc13bb755e08a04afb3

  • SHA512

    78adb38b01e748287059aba30aa4ca0bb16de605de84c3dc1a280e36667df50314dba978d4d77643c1c5d542057c2d6704d48bc463a76d83b9d07c860bb7fb6e

  • SSDEEP

    49152:t0nP/Nw8c+csg28Qo/KruohdufgFOJHbXPF2CdUDydCiWh9gAWlrZ:WN/o/KruohdAgFOJH7kCdNArfg9L

Score
6/10
discoveryexecutionpersistence

Malware Config

Signatures

  • Acquires the wake lock 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • com.hoarycow.msg
    1⤵
    • Acquires the wake lock
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:4222

Network

  • flag-us
    DNS
    semanticlocation-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    semanticlocation-pa.googleapis.com
    IN A
    Response
    semanticlocation-pa.googleapis.com
    IN A
    142.250.200.42
    semanticlocation-pa.googleapis.com
    IN A
    216.58.212.234
    semanticlocation-pa.googleapis.com
    IN A
    142.250.180.10
    semanticlocation-pa.googleapis.com
    IN A
    142.250.187.234
    semanticlocation-pa.googleapis.com
    IN A
    216.58.201.106
    semanticlocation-pa.googleapis.com
    IN A
    172.217.16.234
    semanticlocation-pa.googleapis.com
    IN A
    142.250.179.234
    semanticlocation-pa.googleapis.com
    IN A
    216.58.204.74
    semanticlocation-pa.googleapis.com
    IN A
    172.217.169.74
    semanticlocation-pa.googleapis.com
    IN A
    142.250.178.10
    semanticlocation-pa.googleapis.com
    IN A
    216.58.213.10
    semanticlocation-pa.googleapis.com
    IN A
    172.217.169.10
    semanticlocation-pa.googleapis.com
    IN A
    142.250.187.202
    semanticlocation-pa.googleapis.com
    IN A
    216.58.212.202
    semanticlocation-pa.googleapis.com
    IN A
    142.250.200.10
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    216.58.212.238
  • flag-us
    DNS
    frgukufe.cloud
    Remote address:
    1.1.1.1:53
    Request
    frgukufe.cloud
    IN A
    Response
    frgukufe.cloud
    IN A
    185.73.113.55
  • flag-nl
    POST
    https://frgukufe.cloud/akil/install.php
    Remote address:
    185.73.113.55:443
    Request
    POST /akil/install.php HTTP/2.0
    host: frgukufe.cloud
    content-type: application/x-www-form-urlencoded
    content-length: 282
    accept-encoding: gzip
    user-agent: okhttp/5.0.0-alpha.14
    Response
    HTTP/2.0 404
    server: nginx
    date: Sat, 29 Jun 2024 22:06:44 GMT
    content-type: text/html
    content-length: 808
    last-modified: Tue, 25 Jun 2024 13:17:05 GMT
    etag: "328-61bb6b6d8cd68"
    accept-ranges: bytes
  • 142.250.187.206:443
    tls, https
    1.2kB
     40 B
     1
    1
  • 216.58.212.238:443
    android.apis.google.com
    tls
    5.9kB
     9.7kB
     16
    27
  • 185.73.113.55:443
    https://frgukufe.cloud/akil/install.php
    tls, http2
    1.7kB
     5.2kB
     15
    15

    HTTP Request

    POST https://frgukufe.cloud/akil/install.php

    HTTP Response

    404
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    semanticlocation-pa.googleapis.com
    dns
    80 B
     320 B
     1
    1

    DNS Request

    semanticlocation-pa.googleapis.com

    DNS Response

    142.250.200.42
    216.58.212.234
    142.250.180.10
    142.250.187.234
    216.58.201.106
    172.217.16.234
    142.250.179.234
    216.58.204.74
    172.217.169.74
    142.250.178.10
    216.58.213.10
    172.217.169.10
    142.250.187.202
    216.58.212.202
    142.250.200.10

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    216.58.212.238

  • 1.1.1.1:53
    frgukufe.cloud
    dns
    60 B
     76 B
     1
    1

    DNS Request

    frgukufe.cloud

    DNS Response

    185.73.113.55

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.hoarycow.msg/files/PersistedInstallation6577193063115417073tmp
    Filesize

    90B

    MD5

    b86e71309847d1873dac953a2eff154e

    SHA1

    03839406411bc3e3321034b130162833b4033e8c

    SHA256

    76168f81ee5b4529417e4539023688e591971560dfd2335d4cbed13af283c3a3

    SHA512

    e866523662608f23598042efacc732b731033d026318b950ca8ba09c179ee3dd9be01280b1408e05605a25739af5d3425babb55ee88d764bf34ab50340ad472c

    Download Submit

  • /data/data/com.hoarycow.msg/files/PersistedInstallation6577484455942104356tmp
    Filesize

    567B

    MD5

    f099aa5c0ad1b2f1639fcbe69af8fb0e

    SHA1

    1fbc816d39ff40f7f0465892f98be8d91748be8b

    SHA256

    3ddea0a511375c06c0057039a2b4aa451835294e5e5db59bbda85d80698f2836

    SHA512

    35d55f5bb16d14db45f8be3c2740a6c312f1fb739055d405c084a11f2660458594125495fd783999a6a0212d7f6eef3e8a9ddc1bba743060581132f6e3244da8

    Download Submit

  • /data/data/com.hoarycow.msg/files/profileInstalled
    Filesize

    24B

    MD5

    75f936e5d24b93f23358aad447723a26

    SHA1

    8f0a8ac291783db17c7d6a4ee764f70ba31dfb34

    SHA256

    bf1f81101c8172d9e04ef2fa98c06b827697c73c1c57f40e666ec501c5e1d676

    SHA512

    dbc1b347baabf541ed9ab09cd64cc82b7e56383c099f7448e11eadd14b5c0149d01595150db8f492557f594030c738d6378c7ac03501b39b76666a9b18c00dfd

    Download Submit

  • /data/data/com.hoarycow.msg/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
    Filesize

    8B

    MD5

    1dad4d1152e0051d2e0c5202f1f2e224

    SHA1

    9597c948c9b4cb63ad059beba96f84ad78faabd4

    SHA256

    87a89717b3aa3675acabb9ea50114788d6c672d1dc96c7a2637773a1f967d2eb

    SHA512

    4ee95f3c569eca3bda5333da7f4a13b93255022f9a63c771a50229c4b1cefc509bb0b80c9a1c745f7c75246d5aa0ee0b780e0dfd0163058fa87773099309b9f3

    Download Submit

  • /data/data/com.hoarycow.msg/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.hoarycow.msg/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    3f987816df264c70926312e90b458b7a

    SHA1

    b080e66a8aae1dfe81aef964bdfa736809fa1434

    SHA256

    22a313fdb3125fd300cb70116ac27d0f24b0bee6a536921f327ecf2b6894dadd

    SHA512

    c41fae1c3cf507f8b41db8fbdfdaa98c8e790da986af03ffc3a452a9210ef88a29ea06dfbbd07ac5b835abb7cf38da6d55759afa99b484c7d05513608e6b9b14

    Download Submit

  • /data/data/com.hoarycow.msg/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.hoarycow.msg/no_backup/androidx.work.workdb-wal
    Filesize

    116KB

    MD5

    ccf33abf73e8cc5ea42ad9d72a5d6ac0

    SHA1

    cd36cf367bd104c1e403e0b5bf7f5610f2bb85ad

    SHA256

    73cfa1a45f6e838f033610b208a24af9e2b2ba405043b199dfa6e251da7739dd

    SHA512

    45f5dda3bd606e70515ced32c9be4a9e0283b70785f01e386d077091fd3260e80f4e6f1067c50b7a1a87fe35220cfc22103b298b80ae8733c27d1c3915955c68

    Download Submit

  • /data/data/com.hoarycow.msg/no_backup/androidx.work.workdb-wal
    Filesize

    189KB

    MD5

    292bdfa96671d6d267709f6c66ffa4eb

    SHA1

    1f4dc795b6d814a96f63bc2a83df74fc0240c374

    SHA256

    660691782c42638df3e1eebab73307047e80ac532c0fdc7e1ee99ef340dae6fb

    SHA512

    5c5cb6362fe6431619d8eb97f218c5dafb6a2ffad590753e04d410c7430c8f07365b3a306184c922cc170b7201a60391286f2552e04d5e8a44e488d8f503f776

    Download Submit

  • /data/data/com.hoarycow.msg/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    90f4f7166fb5a5b8c5ac8c74757b952a

    SHA1

    e4b2b8daa36b137b0cbc80d1263042656b86f0b2

    SHA256

    21d1d23e8771a9d68a6916d85d71dce463c0abaaf8ae94450a0787238da4297e

    SHA512

    733db7d5f32ff7fb4728b4af032c8a31be5d99097afd13263210caf0fcc7374305a8477468c62af89d40b4758996b48fddad6a8d257512bc5b26760df878a9e4

    Download Submit

  • /data/misc/profiles/cur/0/com.hoarycow.msg/primary.prof
    Filesize

    1KB

    MD5

    b3ed04ca5cf1331fb379b9ecf1adce5b

    SHA1

    158c97c2f12835aaf6df01e1ba8e82ec10f785bd

    SHA256

    183d9008adce2f7d578bc548d014c67e2f8079d534c8c306b5886574c8bcf08a

    SHA512

    014440aa71ed66adc3ed1c616f24a7e2566a82e21fd4949713490ad1b74688aa1e3986712f74935f7c5b1de04aab71fd7c401871d1a21a21d24abfcd83078f4a

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.