Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

3ee0b5f142...53.apk

android-9-x86

10

3ee0b5f142...53.apk

android-10-x64

10

3ee0b5f142...53.apk

android-11-x64

10

Resubmissions

26/07/2024, 21:18 UTC

240726-z5rkgsydma 10

13/03/2024, 20:54 UTC

240313-zpt1nsaf53 10

13/03/2024, 20:50 UTC

240313-zmj3page2v 10

Analysis

  • max time kernel
    63s
  • max time network
    67s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    26/07/2024, 21:18 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3ee0b5f142884ccd460b619f7a536b4c68d0d649e34ce477cfe97d18b9620453.apk

  • Size

    2.8MB

  • MD5

    db6463dca0973bb704ac9fce68a1dd23

  • SHA1

    c35ffe6ab3797981da3b8fd830d4d0b3f3b24e2e

  • SHA256

    3ee0b5f142884ccd460b619f7a536b4c68d0d649e34ce477cfe97d18b9620453

  • SHA512

    bdae2fe17fb616a22c8559083e30d23ae5030923bb3dd95f7bab6e7ba38d19a22fa3140048f6cd222b2bbdb5087c7b9524fd695877734b3f64c5c809144f4fd8

  • SSDEEP

    49152:9OcwHfICXpT/JVb0Tnb3fj29kgzpWUYCHBSZyL1xB07DsiHDwJAC6lg/Go:cT/ICXlvb0/PjakgPYCHBSZC1XCYiHC1

Score
10/10
hookcollectioncredential_accessdiscoveryevasionexecutioninfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

hook

C2

%INSERT_URL_HERE%

Signatures

Processes

  • com.tencent.mm
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:4283

Network

  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    172.217.16.238
  • flag-us
    DNS
    semanticlocation-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    semanticlocation-pa.googleapis.com
    IN A
    Response
    semanticlocation-pa.googleapis.com
    IN A
    172.217.169.10
    semanticlocation-pa.googleapis.com
    IN A
    216.58.213.10
    semanticlocation-pa.googleapis.com
    IN A
    142.250.179.234
    semanticlocation-pa.googleapis.com
    IN A
    142.250.187.202
    semanticlocation-pa.googleapis.com
    IN A
    172.217.16.234
    semanticlocation-pa.googleapis.com
    IN A
    216.58.204.74
    semanticlocation-pa.googleapis.com
    IN A
    142.250.178.10
    semanticlocation-pa.googleapis.com
    IN A
    216.58.201.106
    semanticlocation-pa.googleapis.com
    IN A
    142.250.180.10
    semanticlocation-pa.googleapis.com
    IN A
    142.250.187.234
    semanticlocation-pa.googleapis.com
    IN A
    142.250.200.10
    semanticlocation-pa.googleapis.com
    IN A
    142.250.200.42
    semanticlocation-pa.googleapis.com
    IN A
    216.58.212.234
  • flag-us
    DNS
    www.google.com
    Remote address:
    1.1.1.1:53
    Request
    www.google.com
    IN A
    Response
    www.google.com
    IN A
    142.250.178.4
  • flag-us
    DNS
    m.youtube.com
    Remote address:
    1.1.1.1:53
    Request
    m.youtube.com
    IN A
    Response
    m.youtube.com
    IN A
    142.250.178.14
  • flag-us
    DNS
    update.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    update.googleapis.com
    IN A
    Response
    update.googleapis.com
    IN A
    142.250.179.227
  • flag-us
    DNS
    accounts.google.com
    Remote address:
    1.1.1.1:53
    Request
    accounts.google.com
    IN A
    Response
    accounts.google.com
    IN A
    142.251.168.84
  • flag-us
    DNS
    www.youtube.com
    Remote address:
    1.1.1.1:53
    Request
    www.youtube.com
    IN A
    Response
    www.youtube.com
    IN CNAME
    youtube-ui.l.google.com
    youtube-ui.l.google.com
    IN A
    216.58.212.206
    youtube-ui.l.google.com
    IN A
    142.250.200.46
    youtube-ui.l.google.com
    IN A
    142.250.200.14
    youtube-ui.l.google.com
    IN A
    142.250.178.14
    youtube-ui.l.google.com
    IN A
    142.250.187.206
    youtube-ui.l.google.com
    IN A
    172.217.169.78
    youtube-ui.l.google.com
    IN A
    216.58.204.78
    youtube-ui.l.google.com
    IN A
    142.250.187.238
    youtube-ui.l.google.com
    IN A
    172.217.16.238
    youtube-ui.l.google.com
    IN A
    172.217.169.14
    youtube-ui.l.google.com
    IN A
    142.250.179.238
    youtube-ui.l.google.com
    IN A
    172.217.169.46
    youtube-ui.l.google.com
    IN A
    216.58.212.238
    youtube-ui.l.google.com
    IN A
    216.58.213.14
    youtube-ui.l.google.com
    IN A
    216.58.201.110
    youtube-ui.l.google.com
    IN A
    142.250.180.14
  • flag-us
    DNS
    gstatic.com
    Remote address:
    1.1.1.1:53
    Request
    gstatic.com
    IN A
    Response
    gstatic.com
    IN A
    216.58.213.3
  • flag-us
    DNS
    jnn-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    jnn-pa.googleapis.com
    IN A
    Response
    jnn-pa.googleapis.com
    IN A
    172.217.169.42
    jnn-pa.googleapis.com
    IN A
    172.217.16.234
    jnn-pa.googleapis.com
    IN A
    172.217.169.10
    jnn-pa.googleapis.com
    IN A
    216.58.201.106
    jnn-pa.googleapis.com
    IN A
    142.250.179.234
    jnn-pa.googleapis.com
    IN A
    142.250.178.10
    jnn-pa.googleapis.com
    IN A
    216.58.212.234
    jnn-pa.googleapis.com
    IN A
    142.250.187.202
    jnn-pa.googleapis.com
    IN A
    142.250.187.234
    jnn-pa.googleapis.com
    IN A
    216.58.212.202
    jnn-pa.googleapis.com
    IN A
    216.58.213.10
    jnn-pa.googleapis.com
    IN A
    142.250.200.42
    jnn-pa.googleapis.com
    IN A
    142.250.200.10
    jnn-pa.googleapis.com
    IN A
    142.250.180.10
    jnn-pa.googleapis.com
    IN A
    172.217.169.74
    jnn-pa.googleapis.com
    IN A
    216.58.204.74
  • flag-us
    DNS
    play.google.com
    Remote address:
    1.1.1.1:53
    Request
    play.google.com
    IN A
    Response
    play.google.com
    IN A
    142.250.200.46
  • flag-us
    DNS
    consent.youtube.com
    Remote address:
    1.1.1.1:53
    Request
    consent.youtube.com
    IN A
    Response
    consent.youtube.com
    IN A
    172.217.16.238
  • 142.250.200.46:443
    tls, https
    858 B
     40 B
     1
    1
  • 172.217.16.238:443
    android.apis.google.com
    tls
    2.8kB
     6.9kB
     10
    13
  • 216.58.213.10:443
    semanticlocation-pa.googleapis.com
    tls, https
    1.2kB
     40 B
     1
    1
  • 172.217.169.10:443
    semanticlocation-pa.googleapis.com
    tls
    2.0kB
     6.1kB
     13
    13
  • 142.250.178.4:443
    www.google.com
    tls
    3.8kB
     40.2kB
     39
    61
  • 142.250.178.4:443
    www.google.com
    tls
    1.4kB
     5.8kB
     12
    14
  • 142.250.178.14:443
    m.youtube.com
    tls
    48.4kB
     1.3MB
     446
    1029
  • 142.250.178.14:443
    m.youtube.com
    tls
    973 B
     7.3kB
     11
    8
  • 142.250.179.227:443
    update.googleapis.com
    tls
    1.9kB
     6.4kB
     9
    10
  • 142.251.168.84:443
    accounts.google.com
    tls
    6.0kB
     129.2kB
     74
    107
  • 216.58.213.3:443
    gstatic.com
    tls
    1.6kB
     5.9kB
     14
    15
  • 172.217.169.42:443
    jnn-pa.googleapis.com
    tls
    4.5kB
     53.1kB
     39
    62
  • 142.250.200.46:443
    play.google.com
    tls
    887 B
     7.3kB
     12
    10
  • 142.250.200.46:443
    play.google.com
    tls
    1.6kB
     8.0kB
     14
    14
  • 142.250.200.46:443
    play.google.com
    tls
    4.4kB
     10.2kB
     22
    28
  • 172.217.16.238:443
    consent.youtube.com
    tls
    4.1kB
     67.1kB
     50
    63
  • 172.217.16.238:443
    consent.youtube.com
    tls
    1.1kB
     7.4kB
     13
    10
  • 224.0.0.251:5353
    3.6kB
     13
  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    172.217.16.238

  • 1.1.1.1:53
    semanticlocation-pa.googleapis.com
    dns
    80 B
     288 B
     1
    1

    DNS Request

    semanticlocation-pa.googleapis.com

    DNS Response

    172.217.169.10
    216.58.213.10
    142.250.179.234
    142.250.187.202
    172.217.16.234
    216.58.204.74
    142.250.178.10
    216.58.201.106
    142.250.180.10
    142.250.187.234
    142.250.200.10
    142.250.200.42
    216.58.212.234

  • 1.1.1.1:53
    www.google.com
    dns
    60 B
     76 B
     1
    1

    DNS Request

    www.google.com

    DNS Response

    142.250.178.4

  • 1.1.1.1:53
    m.youtube.com
    dns
    59 B
     75 B
     1
    1

    DNS Request

    m.youtube.com

    DNS Response

    142.250.178.14

  • 1.1.1.1:53
    update.googleapis.com
    dns
    67 B
     83 B
     1
    1

    DNS Request

    update.googleapis.com

    DNS Response

    142.250.179.227

  • 1.1.1.1:53
    accounts.google.com
    dns
    65 B
     81 B
     1
    1

    DNS Request

    accounts.google.com

    DNS Response

    142.251.168.84

  • 1.1.1.1:53
    www.youtube.com
    dns
    61 B
     351 B
     1
    1

    DNS Request

    www.youtube.com

    DNS Response

    216.58.212.206
    142.250.200.46
    142.250.200.14
    142.250.178.14
    142.250.187.206
    172.217.169.78
    216.58.204.78
    142.250.187.238
    172.217.16.238
    172.217.169.14
    142.250.179.238
    172.217.169.46
    216.58.212.238
    216.58.213.14
    216.58.201.110
    142.250.180.14

  • 1.1.1.1:53
    gstatic.com
    dns
    57 B
     73 B
     1
    1

    DNS Request

    gstatic.com

    DNS Response

    216.58.213.3

  • 1.1.1.1:53
    jnn-pa.googleapis.com
    dns
    67 B
     323 B
     1
    1

    DNS Request

    jnn-pa.googleapis.com

    DNS Response

    172.217.169.42
    172.217.16.234
    172.217.169.10
    216.58.201.106
    142.250.179.234
    142.250.178.10
    216.58.212.234
    142.250.187.202
    142.250.187.234
    216.58.212.202
    216.58.213.10
    142.250.200.42
    142.250.200.10
    142.250.180.10
    172.217.169.74
    216.58.204.74

  • 1.1.1.1:53
    play.google.com
    dns
    61 B
     77 B
     1
    1

    DNS Request

    play.google.com

    DNS Response

    142.250.200.46

  • 1.1.1.1:53
    consent.youtube.com
    dns
    65 B
     81 B
     1
    1

    DNS Request

    consent.youtube.com

    DNS Response

    172.217.16.238

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Foreground Persistence

1
T1541

Hide Artifacts

2
T1628

Suppress Application Icon

1
T1628.001

User Evasion

1
T1628.002

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Process Discovery

1
T1424

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    58c681ab142ff4579bf293fa35e97245

    SHA1

    cbd0a7c370b4965b62e549d1ab89dda423c27e4f

    SHA256

    e35e697b0e4397ef87bce2fbac52ced2cc205764983fdc1dfc754a4986f23b39

    SHA512

    8912d6f703fd142de74ede207feac35e082119ab46c447080e4ef3d1c7ebe12211ca1c33d45fea9b1cb16e2dcafdf67debb5254632b4cd55e9663fb26a078b9c

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    44ab83486b1e4cfe3ea1a019f851aa36

    SHA1

    b296e244b73fb8fd9f563e22dd2268743d58aea3

    SHA256

    a10de610157c268c8f66658e3c3d4ba435bc370dd4464a8de8b4d8c88336817b

    SHA512

    36cfdce7bd7c8d958c27667b7fa88a9b65dfdfb3bfd905da089591de2f1c2a1d76ab642f4aa168284cedec495e9a9223cf098330188a50d78a7c1582e362fbeb

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    3bb9c6118d52a7124f05145deb67ed81

    SHA1

    f98e561e9bae6604611a9ef5f7058a62ca802ffc

    SHA256

    e1dbeedf67e737e5a68136a317d1b12369156a73d72f7dca19fa2f1f2623bc68

    SHA512

    9132b8ad4e4bf6b9fcb29ab522047bf6c9f78274cbb2e1cbb25dce298b454cb13dde36dd547ada8b1a3311802700c3f2def8513355ba85cd73a87cff80ac08ed

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    48ba5e90949d4481062510cab0723c7a

    SHA1

    e7c566b958da6c2439b282c407044d6d44a1902a

    SHA256

    685284a51de93a2025ce22fac3839d7ce6a6650c15beb3e4a3cc5a622aaa0093

    SHA512

    4ac3d01e3a1201ef2e5e048c4c4d76fc0ca60c1e13ba7f12013dc9a7d6b15cf27113a87926934675056ff378877a73f4ae7a861ae6d779895d0cb70e9e958f4f

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.