Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

_Dropper.apk

android-11-x64

1

childapp.apk

android-11-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    _Dropper.apk

  • Size

    7.3MB

  • Sample

    240817-m5halaverr

  • MD5

    afbdf14f896a36697e6ec5a55282a28c

  • SHA1

    e406083d008dd7fd96ce64268cd3cd631ed47a85

  • SHA256

    e01a2bcea75c06aaf7410e8e1cbc7f2843de96d83a8d5f9e7c0a6d2a89a56240

  • SHA512

    bb5457492707f3fcba9b5d0568471fcf0a0677ff42e27d74deea3392fd76778d3b4409cc5d573864b65851eece51d110a125be13d8d5c30d8322ea03ffc14f04

  • SSDEEP

    196608:lfNybIFB7COB2g0R3J89yGORnD5FOklFEbRzQ:lfNBFB+OB2lZ8AGOR9FvEbRk

Score
10/10
spynoteandroidbankercollectioncredential_accessdiscoveryevasionexecutionpersistence

Malware Config

Targets

    • Target

      _Dropper.apk

    • Size

      7.3MB

    • MD5

      afbdf14f896a36697e6ec5a55282a28c

    • SHA1

      e406083d008dd7fd96ce64268cd3cd631ed47a85

    • SHA256

      e01a2bcea75c06aaf7410e8e1cbc7f2843de96d83a8d5f9e7c0a6d2a89a56240

    • SHA512

      bb5457492707f3fcba9b5d0568471fcf0a0677ff42e27d74deea3392fd76778d3b4409cc5d573864b65851eece51d110a125be13d8d5c30d8322ea03ffc14f04

    • SSDEEP

      196608:lfNybIFB7COB2g0R3J89yGORnD5FOklFEbRzQ:lfNBFB+OB2lZ8AGOR9FvEbRk

    Score
    1/10
    behavioral1

    • Target

      childapp.apk

    • Size

      4.4MB

    • MD5

      630acf588ab2df03cd6163395b08e820

    • SHA1

      bc6b13dacee18a81825eb20d70e60577ec95e4bc

    • SHA256

      3a9776009c4a5dd2bec06d8053fdf289581b4ee8084052a752a635ef03e222a3

    • SHA512

      36e31bc299632a6bb8d7737aa4a8183a2aaaf863e384accbc2f29cf1e70ebb1e59879946652b12fa31b1f40cb11cd09e3a7265944489e7393432695611d724bc

    • SSDEEP

      98304:w0kG0mVYsSzbPFRxvaCm4RM1vj5mzRzBFTT0tIHeYEb:59VYxLL/9evgzxcYU

    Score
    7/10
    bankercollectioncredential_accessdiscoveryevasionexecutionpersistence

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence
    behavioral2

MITRE ATT&CK Mobile v15

Tasks