Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
5f3c4ccc01161f35e2067e4f3dc7137db4b4c0dea323289633ed2075d5565d76.bin
-
Size
914KB
-
Sample
240826-12qdpaxgrb
-
MD5
4f6420bb7af85f9788ebab7b99a47838
-
SHA1
9cd0107440e24091eb43a1bbead4c780c634492e
-
SHA256
5f3c4ccc01161f35e2067e4f3dc7137db4b4c0dea323289633ed2075d5565d76
-
SHA512
6509f8b4b5df4c6b24b66ec12b8115c5832f5d50aeeece5784bf83e3494bcf3169c0ed822bda0b3d7cf7c98661bf7239f37056197378b7aead148c1e40573938
-
SSDEEP
24576:l80F1tt8SIV4KgapbP10ucz91vb2u6g/75w:G0nnM4KJJBQlx6g/W
Behavioral task
behavioral1
Sample
5f3c4ccc01161f35e2067e4f3dc7137db4b4c0dea323289633ed2075d5565d76.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
5f3c4ccc01161f35e2067e4f3dc7137db4b4c0dea323289633ed2075d5565d76.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
5f3c4ccc01161f35e2067e4f3dc7137db4b4c0dea323289633ed2075d5565d76.apk
Resource
android-x64-arm64-20240624-en
Malware Config
Extracted
ermac
http://193.111.125.240:8080
Targets
-
-
Target
5f3c4ccc01161f35e2067e4f3dc7137db4b4c0dea323289633ed2075d5565d76.bin
-
Size
914KB
-
MD5
4f6420bb7af85f9788ebab7b99a47838
-
SHA1
9cd0107440e24091eb43a1bbead4c780c634492e
-
SHA256
5f3c4ccc01161f35e2067e4f3dc7137db4b4c0dea323289633ed2075d5565d76
-
SHA512
6509f8b4b5df4c6b24b66ec12b8115c5832f5d50aeeece5784bf83e3494bcf3169c0ed822bda0b3d7cf7c98661bf7239f37056197378b7aead148c1e40573938
-
SSDEEP
24576:l80F1tt8SIV4KgapbP10ucz91vb2u6g/75w:G0nnM4KJJBQlx6g/W
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries the phone number (MSISDN for GSM devices)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries the mobile country code (MCC)
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
MITRE ATT&CK Mobile v15
Defense Evasion
Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1