Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

ready.apk

android-10-x64

8

ready.apk

android-11-x64

8

ready.apk

android-13-x64

7

ready.apk

android-9-x86

8

Analysis

  • max time kernel
    179s
  • max time network
    186s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    23/08/2024, 13:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ready.apk

  • Size

    5.6MB

  • MD5

    968a107ff580a03959ac90ae8a5952e9

  • SHA1

    bc513532c356995f7b0cfeaafb42793e65c57ff6

  • SHA256

    afa70b455d4ee532d679323f6e189b225647784ca8103df62acc5c78c537f9cb

  • SHA512

    c0d566e0d96c0f35abf022ee32df8af0703cc65e7e55260f788d32747b65d9b5268a086f9c0f27cf67d87110b854bc871d4709462efdc2f104425a79000a0917

  • SSDEEP

    12288:twlbo9GgLRBWItYYyow7HCgI4arSQP7fKBx6Rq21Fg975oC:twlfglBWItYYjwjCgI4EmbGN2R

Score
8/10
collectioncredential_accessdiscoveryevasionexecutionpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • upskirto1.kiss.street
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries the mobile country code (MCC)
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:4265

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2024-08-23.txt
    Filesize

    12B

    MD5

    a9256f55737b655c8cff95418411997c

    SHA1

    d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24

    SHA256

    bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412

    SHA512

    10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-08-23.txt
    Filesize

    16B

    MD5

    68b9f3e6cd6e3545a7532f9693a9d028

    SHA1

    8ac1aa8234af85dc35fb6a9e2980722194f2a8eb

    SHA256

    dd49b92a041de24aa1160ee60383ee64359c3ed79498ced750a92326a56615d4

    SHA512

    c75bad663e0d178904819b3877ea3fdbd1514554e818276985407bb8e98ebc8c96cf37056536a139f9fe3c023a884822bb03ce776ec547bb995c5beb92f7c6e1

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-08-23.txt
    Filesize

    271B

    MD5

    2036b83eb5d0b0b88b48f1e54bbe0037

    SHA1

    ab15d2b3749177e0a2d31cb4813970fb01f05f18

    SHA256

    f66783cfe223ff59635e0a4f72196575f9465f55b851251732948da3a76d32e6

    SHA512

    0f0eebd3bc75cdf9303082d32467e43dd7aba2de6db175469298ee942155fa29a5f3a0569d607963b16d44772e78349af29c7faf9d7fbdb749e79fcc33710742

    Download Submit