Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
02/09/2024, 12:56
240902-p6p3yazhql 802/09/2024, 11:26
240902-nj99xsygml 802/09/2024, 11:08
240902-m8vp4azcpe 10Analysis
-
max time kernel
146s -
max time network
155s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
02/09/2024, 11:08
Static task
static1
Behavioral task
behavioral1
Sample
LIVE XXX (3).apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
LIVE XXX (3).apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
LIVE XXX (3).apk
Resource
android-x64-arm64-20240624-en
General
-
Target
LIVE XXX (3).apk
-
Size
4.8MB
-
MD5
98931c607b3b6be96fecf4e54fd62b48
-
SHA1
4a3ec0ba1d74e61be278a4ab7b2e4f1f55e003a8
-
SHA256
312a30b8abbf7caaf0cf3ac312eef5eef78c8a777af2b04db4195700bdb07cd0
-
SHA512
4255a282c3500afc891bbfdc7b10599b5fc07c86ae9e0bced92a30de9d60398c75d695cbca35015fbdf9307f7ea003bad0c400c3aca6dc5fd9c76687aa88aba2
-
SSDEEP
98304:TbJuaNHeoBzzY9UbDh6BDehFEzj154vqT75v2dOIYAhag:TNkoBfgBDehOzx54al2Nz0g
Malware Config
Signatures
-
pid Process 4971 com.tencent.mm -
Loads dropped Dex/Jar 1 TTPs 4 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.tencent.mm/app_mph_dex/apk.crazy-v1.AndroidManifest.xml 4971 com.tencent.mm /data/user/0/com.tencent.mm/app_mph_dex/apk.crazy-v1.AndroidManifest.xml 4971 com.tencent.mm /data/user/0/com.tencent.mm/app_mph_dex/apk.crazy-v1.AndroidManifest.xml 5205 com.tencent.mm:remote /data/user/0/com.tencent.mm/app_mph_dex/apk.crazy-v1.AndroidManifest.xml 5205 com.tencent.mm:remote -
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.tencent.mm Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText com.tencent.mm Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.tencent.mm -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.tencent.mm -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.tencent.mm -
Schedules tasks to execute at a specified time 1 TTPs 2 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.tencent.mm Framework service call android.app.job.IJobScheduler.schedule com.tencent.mm:remote
Processes
-
com.tencent.mm1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:4971
-
com.tencent.mm:remote1⤵
- Loads dropped Dex/Jar
- Schedules tasks to execute at a specified time
PID:5205
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1Suppress Application Icon
1Input Injection
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7.9MB
MD5f8e11d98fbaf38ebd77bc811887a0742
SHA11b5aa6aa71e134310021c20c91b4e3584b72090b
SHA2561e1f2f64622098d3530df5819b7cf87b41b2969583f05e60160884eebd38b9d1
SHA5128df0ea75f556a1ef70f023f8fa1521921c4f6f67ee1304c2396324727fcf6b847b05010978cf07c846425f027cc2753d24ff760b489416914c53971d2d155445
-
Filesize
16KB
MD572da79d85dfd2e4131b38673b33ff7ad
SHA175747861479ec54725ca5dd9526286e94fae4583
SHA256ee97c4c54a3754d93a8a1eb38a63b26a89adadd3bfdde164ccbdddfcc4c986fa
SHA5122ec8f6b1a61232ecba7787649444981e8cee064f704e4245e56c87feadaa2b79a1c4383c013592acc2f030f9f6603508fb16155a56ae56ebed5069002d84fe75
-
Filesize
8KB
MD528dfecde2d04dec315b2f2aee2846382
SHA1607984ec937518699ca6172d6c9fa91dfcf38aff
SHA256a4d8cde891d9a30c9a2b52a7e3ac158f75a81ce7c3956a681fc28e9c6258c5c4
SHA5127816fe84ae5019222018c62d968be3d4ab2b5791ed8ccac914c26be89155e726aa736cbd76aba18311ae499c8fe96f5c174b4de99f464d077697e6dab0b00558
-
Filesize
8KB
MD5071f6f03ff5058b5506fbbf3dc1b6137
SHA1b1a7721e83bfebb5cfa5da6c69ab6b1b93f4daaf
SHA2561e354d1a38a93c2fdca3b91772f6a7050b847901de0eae09f1dc117b60640673
SHA512bd135bcd75c5ceab74a38da2b6bdc5b00d2857c28ffe1cf68a76b12beb6034119cda721ba837339be90957afb74afd240cd3afd78f3fb08c4bb1a4edf2517714
-
Filesize
8KB
MD5ecd65f702bb99c73a7b0f71cc2055786
SHA1670fc82922f213d1f72075accee6c3c52cb8ccdc
SHA2566e4782e1efb26ebe115e02f3b9bbabe8a0087b9e059d2f40fd5262f0931529a0
SHA512f9c096aad56abb6dcd0e5f261a04fec772c3c810c81b568a0bc120e39ac56fe92eacab3f8776e75faff196c2b84d265aa800749119ba0b2b234c8efa1e02e9c9
-
Filesize
8KB
MD5ff5342a742607a5a02d6625d8f3c0f2d
SHA19eb3f8baaa00cf13a47100e761be803cc99e4a56
SHA2563b2f5fdc702b84027e8689ca5b2df7073595943e9dcd26646e813aab95fc4488
SHA51258c935bea6b6563afe5ef1e1cec3d976d1b79a95ab244676affdfe7a9f731764535ca01041b3e76653b84622f061f2f4f0d24665a27f80deac14389ade5ec7c8
-
Filesize
8KB
MD59002917b50d10695cc37abcda6730aae
SHA12eeaa806b0374ac09e3cc0ebb9a8dc67048fdbff
SHA256dd0ad396e526efb3f909f0ede2954ac65e7931fea49165aff52a7b52ec7ff4ee
SHA512de8365739ba5ff30a797e4c0c09ff2e88891726a6d7316594b2f4f2904e885c5ae0fe3ca342eae49f3020a096d5f5b0f96bd65cfca08bdb14e93b11c5289ffa9
-
Filesize
8KB
MD5267ee2cc19370e73cad5bb3f7d4cdf5d
SHA12423b09c912807b599bde070491d7571fde5c527
SHA256dee6cac9fba624ae4a804e91b215deb9b11fe03c8d1a4606aab6d51f58d6bc06
SHA512de24cff1c8b68520eab38e2d271db4e5f82fc8316e785cf9faee34a0bb9bde73381b6d4cc2f149435167529e3aa0e63cffbc77c79747f0e635e77551e4da9c58
-
Filesize
33B
MD5365f074d64faad2f0f0c7784608e5b57
SHA12105b80d01621cbd370bec93f73709a7b67d565b
SHA2560c4662ed55fc03738e7903864ed0249c921b8f2d858531577eebd53501237cc4
SHA512d29b5c16d10a78b386ba1f4882f7e80bc6d41887671abe6a36c746b015ea280d4a26f3d2af323b4ad755c256e5851a5b95d0bda8882c6c0a2c125bc748fab47a
-
Filesize
268B
MD5dfea9c131e76b130311ea97228c2c918
SHA1926a50f0299bdc8c2db6564a09fadc7029155807
SHA256f57087208462b67d9529d0a58ac44b1a23f30b18e6e40cafce4395f209330229
SHA512ce9a770e40843b6800e6f9daba07a346cd6e4a1bd8fd15cd226d9eaaa76f63e924d272efcbe89fbafa67e0918f0a14dfea8aa627ff9b0c779ea5e0a81233ab2d
-
Filesize
45B
MD50fd0027e48564400b030e49702411fcc
SHA15fdbd6adda1197ec3be92a404f363a85b5c15792
SHA256943c9c7f5ce0e54b488c9ae2728f082076dc9e139b1aab4c1dc7705d3cc3175e
SHA5122705ade851abf46df9cbf0601904efe44d3330c2591f4c2572b3a64f09c5bc447bf2bd40033227d7aa23eb8eb99b99c9e209108396c6e442798bf3dc1122cdfe
-
Filesize
57B
MD5a9ec0c42a43c72d73c499e5c17ccbb8b
SHA1731652fbfe61eac3fdb4b9d3e2eaa010848a0906
SHA2566c5309ce3f31c9af3288b0de3305b7f5ddee97be60ca4ac1184f3c334480c05b
SHA5125f8ed24a51f68cfa0627aceb9190d3a7febaee61bd5a89898ab113ddaa7ce2a41f129a28c4e200d5e5e4ddff7a483abc0393dc38e870782caf1c46d2ec0df2e3