Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

ready.apk

android-10-x64

8

ready.apk

android-11-x64

8

ready.apk

android-13-x64

7

ready.apk

android-9-x86

8

Analysis

  • max time kernel
    179s
  • max time network
    188s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
  • submitted
    23/08/2024, 13:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ready.apk

  • Size

    5.6MB

  • MD5

    968a107ff580a03959ac90ae8a5952e9

  • SHA1

    bc513532c356995f7b0cfeaafb42793e65c57ff6

  • SHA256

    afa70b455d4ee532d679323f6e189b225647784ca8103df62acc5c78c537f9cb

  • SHA512

    c0d566e0d96c0f35abf022ee32df8af0703cc65e7e55260f788d32747b65d9b5268a086f9c0f27cf67d87110b854bc871d4709462efdc2f104425a79000a0917

  • SSDEEP

    12288:twlbo9GgLRBWItYYyow7HCgI4arSQP7fKBx6Rq21Fg975oC:twlfglBWItYYjwjCgI4EmbGN2R

Score
7/10
collectioncredential_accessevasionexecutionimpactpersistence

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • upskirto1.kiss.street
    1⤵
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:4315

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2024-08-23.txt
    Filesize

    20B

    MD5

    e2ee1d5a5fd0f95c540e2e454514c7fc

    SHA1

    6d00b6c1e3f8201042bbaf93d3a330cfd7357b3a

    SHA256

    2f12b8423a6aad2f17a2256bde9b8c5f34f4f02c17179814b388996580fc7b1e

    SHA512

    1d40224ff0c3b93d4dbb1db0ab3615753cf2172afbf2278a92d4860d55ead9f64f6817b6444d0b4ac144e52b33b6b9cb43706f5ebf6696f6aafadfc3189ffec5

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-08-23.txt
    Filesize

    12B

    MD5

    a9256f55737b655c8cff95418411997c

    SHA1

    d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24

    SHA256

    bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412

    SHA512

    10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-08-23.txt
    Filesize

    16B

    MD5

    6596cd7293b7aafa14515f8ff4948543

    SHA1

    c4e30be643f53194d65ac3380930b781d1192ecb

    SHA256

    0b49978eb8a0c84aaa80de17f2e5c5a48c12d5314a4657dfb9ae8914f51e778a

    SHA512

    9afdbcfcb870cf65bd2010e94bc9c1f93de5a6bd356786baa2cbdda6050d89767dc55f1345d5825b753e7ce6ed8c0357306640657571ce18f4e6bac8a05a8032

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-08-23.txt
    Filesize

    247B

    MD5

    09e3ccfd9c71c4e04f15b8bde4cee636

    SHA1

    b86e926f15c06c0a9801da602a0a18946ea49b36

    SHA256

    fc1eb614bdb7af7bd73bc52c3ae7ae42656f2013854491a7a61972b2897326a9

    SHA512

    e2045bd9e4ae6af1f4d9ba967390df86ec6713e0a053ec24d16dd30c96be761362e09b7b31e5d8e7f3954e28f4ee8532dbbad8b3ddd8ea272771318d208b2aca

    Download Submit