Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

burlaplayprotect.apk

android-10-x64

7

burlaplayprotect.apk

android-11-x64

7

Analysis

  • max time kernel
    70s
  • max time network
    78s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    08/08/2024, 21:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    burlaplayprotect.apk

  • Size

    4.4MB

  • MD5

    6be7a0365bedfb6a47d801f4b43df7b1

  • SHA1

    4a234cf09120ef29f0308921d749bc70a794c5df

  • SHA256

    9c403a126032455b730e69886bf4062255be43013d50fb631f16a95eb68114ff

  • SHA512

    acb39cab91357489939a4c05e6de191f0425470b51f17f17c3b44b7eb98eda7960d43d0a6b9cf5185479ecb8807ea995dbca18109a77cae3825d21718ae7520b

  • SSDEEP

    98304:3yezBXTomz7p0t8tIXfan71TY43qaqkwT/kqIAKU8ZvGqZ2wqL0u:rXz7G8ofanZ84sk4I7UQvGq/u

Score
7/10
collectioncredential_accessevasionexecutionpersistence

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Acquires the wake lock 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Requests enabling of the accessibility settings. 1 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • trained.equity.encouraged
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Requests enabling of the accessibility settings.
    • Schedules tasks to execute at a specified time
    PID:4500

Network

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2024-08-08.txt
    Filesize

    13B

    MD5

    de2c41a51ee9246eb1708f65b511add0

    SHA1

    2f442d634c8a18760a232c8829d4b5d74a52f074

    SHA256

    ad2d914ca347cd1930e32f21c6d5448c34104bea181b93abc85ec518985653ab

    SHA512

    7cdfbd001594503644e9ed80ae852f90ef9e841a8382e2eec6979e149a2c400a3b83055d205b4d1d66e1600e5127482932d5127eb5800d35a4ee5673fe34d84a

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-08-08.txt
    Filesize

    25B

    MD5

    6a073085afb0a4d6fb679ac7dc985c1f

    SHA1

    44eca5eb9bd6ef5f9d6bc195f8b447702fd19e0c

    SHA256

    b6bc3fecf515d96b74526d41f05d0125d12af7fd322edb05048981978d4f5715

    SHA512

    2d09b972a207354c13fa2006f02a3da8a4d3984ac6e6b8a971ad1ca97c212b9ea8e26936b253c7bbbba91e0b7949718a1b2e76354ee8fa92fce156e8600ad5bb

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-08-08.txt
    Filesize

    138B

    MD5

    3431348f1f156185c2161bec6316e972

    SHA1

    e6fbaecc98cf1d3decd23cdaf7e629fe34fa902c

    SHA256

    a5ba8f5d1682566e13cc37346ec2215dafc639781ac5947db28d67ccd0a3a47f

    SHA512

    801d43becb0de1d6320e8a6e495bcfe06ac793d9a4e73ecf8d8d7930eeaaea2713030af94be9c09aa435615dcd6e7a6592330a51165bc1d415ebc626e222da6a

    Download Submit