triada | 329ccadb1f5a9027f7c85061cb5d2137343749f585120ce339e437ef2ccd18f9

Resubmissions

15-09-2024 13:05

240915-qbk16swaqk 10

11-08-2024 03:45

240811-ebk6dstdrq 6

10-08-2024 18:57

240810-xlxahssgrj 10

Analysis

max time kernel
22s
max time network
22s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
15-09-2024 13:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

whatsapp_Plus_17.85_whatsapplus.org.apk
Size

114.8MB
MD5

56ccacc70ccc328698edc296e183e9c8
SHA1

5c9bfdd00ae326c766611ed26770a1fd4acff73a
SHA256

329ccadb1f5a9027f7c85061cb5d2137343749f585120ce339e437ef2ccd18f9
SHA512

accbf2510ff0eb3dada21a001c5fc1eb8f66e9583ee270745eecfc9262d6adf120de38ec6feecd1ac188cdcb52babf8d54803ab9464729585d16f1f49a1666b6
SSDEEP

1572864:df3YFq69wcVm6+i5AEhKr+4QDuUaJRKfyMuK0aPKIUsqGM7UgolqKWG40rAIZBS/:dvYFHnKbEQWsGXuK0EHMJGWp0fZMd1

Score

10^/10

triada banker evasion infostealer trojan

Malware Config

Signatures

Android Triada payload 1 IoCs

Processes:

resource	yara_rule
Anonymous-DexFile@0xcb4e7000-0xcbd4f384	family_triada

Triada
Triada is an Android banking trojan first seen in 2016.
trojan infostealer banker triada

Loads dropped Dex/Jar 1 TTPs 9 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.aerowtsapp

ioc	pid	process
Anonymous-DexFile@0xcbd50000-0xcc3d0e94	4268	com.aerowtsapp
Anonymous-DexFile@0xc9bf4000-0xca34bb68	4268	com.aerowtsapp
Anonymous-DexFile@0xc92e3000-0xc9bf3298	4268	com.aerowtsapp
Anonymous-DexFile@0xcb4e7000-0xcbd4f384	4268	com.aerowtsapp
Anonymous-DexFile@0xcb284000-0xcb4e6674	4268	com.aerowtsapp
Anonymous-DexFile@0xc89ac000-0xc92e2428	4268	com.aerowtsapp
Anonymous-DexFile@0xca8c8000-0xcb2831a8	4268	com.aerowtsapp
Anonymous-DexFile@0xc7fbc000-0xc89abc98	4268	com.aerowtsapp
Anonymous-DexFile@0xd07ce000-0xd07dd428	4268	com.aerowtsapp

com.aerowtsapp
1⤵
- Loads dropped Dex/Jar
PID:4268

/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.aerowtsapp/.cache/v1filter.jar --output-vdex-fd=43 --oat-fd=44 --oat-location=/data/user/0/com.aerowtsapp/.cache/oat/x86/v1filter.odex --compiler-filter=quicken --class-loader-context=&
2⤵
PID:4314

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.aerowtsapp/.cache/classes.dve
Filesize
24B

MD5
42f7d508506ca8c86a39e333ac0c0720

SHA1
291fc10d163367001781d8c7e8d41eb1b8846c59

SHA256
3ec4ffb5c8ff5970f98f502a810f6d3b0c869d641a715337930726ee383f1e37

SHA512
89b82be5d85bd8a5760bbfa84ff4933a2efbef22fb83c6c2e0eb8f9b54d130d378e848c341882215046a482f5623bcb2a3db45a0d2b5b5c9d9bcb822796a5fca

Download Submit
/data/data/com.aerowtsapp/.cache/classes.jar
Filesize
24.9MB

MD5
b9a5fcd22af6f0d910b5a03203fa3686

SHA1
857dfad7a6c17110879e86074ec61b5f2d68e73a

SHA256
2e65eece7f19709d1b5462e3fb2b364e55193096e9b092932d32771405dcd507

SHA512
484ece1672b3f3ea4ae293b337b0cfdfe0f8393977b25f4b7084f46c28f47d71a6d70dd66b239ad9be5889fe43de49280583ce8997d8ed6f8a39f0d29dac2eb3

Download Submit
/data/data/com.aerowtsapp/.cache/oat/x86/classes.odex
Filesize
4B

MD5
583c4c08bcc7e7c1923f73c48d685208

SHA1
d780f2afd503801b13c0169ecf4545748ef839f2

SHA256
f7ff2894f4a16c38874d6959af0c879f38a6b5cd8ee5900d651c3c2c87964877

SHA512
a05fb03c2192678832720473e2fcb8fc453070b623c7b89a6d9e8081efecbb39f2617eb734c63b68aab0f9a115fa4c4b2be33bc873b3dccc19870560da0c4f7a

Download Submit
/data/data/com.aerowtsapp/.cache/v1filter.jar
Filesize
18KB

MD5
59b86ba83f008aa126bb3ba4e186e359

SHA1
0c1051c2a0322288ec27b5942c8c782a04ce9089

SHA256
c1ace7f2dad13e05123328158a83680e56a0d540a089270cc3ed93decce45c1f

SHA512
d37bc7cb656dd317f60e39b839ed14d19383bd42315512695173100e1ec13946603430405811863e111fb27cb16c8b9b221fd88a531a8a4040cbfd4f61b59274

Download Submit
Anonymous-DexFile@0xc7fbc000-0xc89abc98
Filesize
9.9MB

MD5
7ee1a8daa847100622fbcbe50772bb26

SHA1
8ee48a39191c71b59f04d625993076abe75b00df

SHA256
ee3378790666d4ffcc91412fe7d4c3c5a18ab812598b1bf055d365785ecbcce3

SHA512
20de41572715a5f1b7f763059fdaecdb6797c6a2621e1fe2daf7774bac4ed22b3beb66120c10371f9639af262b217944270ea2f911746942b2629958d209cf28

Download Submit
Anonymous-DexFile@0xc89ac000-0xc92e2428
Filesize
9.2MB

MD5
1ec563c7c96dafe2ef23a994238cddb5

SHA1
5052ea13d760c94caa05c49e68a42dc63410a207

SHA256
c2afdeede7c47f67dc05c87db0f8cd0e7578f4e887c9515ae7e1412f00f6a32e

SHA512
a553ec7b8bd144376b4a779ecb04a3f7167afe6c0291a10ae06f427b1052511052f6598e467ac5e3bd1c354a506c6d18220dfe1189752bc6458dae23c99f1e5a

Download Submit
Anonymous-DexFile@0xc92e3000-0xc9bf3298
Filesize
9.1MB

MD5
b8a14321b08085b64e567d2dac916b59

SHA1
2c0c2b14ba210a788efaa2c5f5bd61251661d4ed

SHA256
431c8e85e6afd0c67d99798b804cd23d6939ae31a1db137d0063cad1c76021a8

SHA512
2168c42c84bd7272d8c968a0362378925f0eb6c567e0b5f0bc3a0f40e9bff4910848720b79fc5eaf7c36cac95743bab24772a61e34ecb276d2806e8b8ab28bb2

Download Submit
Anonymous-DexFile@0xc9bf4000-0xca34bb68
Filesize
7.3MB

MD5
f87552aebee9f715e580c7fbe9086658

SHA1
136f99767682dbe6647c73fc30d43af14d578e49

SHA256
e8d2788d7b8c397e0f4d4eb6a9036720f13f4ef0bf3a1cbcff8394dbc4ead1a1

SHA512
a8a3a861bb51b09dd04583eb86851a13c5e02e3605727570072a21ea48714060c9b08d318acbe55af439b2e225bbfe7e0c88b27e0e2787e706c3a70943c9043d

Download Submit
Anonymous-DexFile@0xca8c8000-0xcb2831a8
Filesize
9.7MB

MD5
ba13f7348788b7a919eb195e0d534ad2

SHA1
a31c509a309a377c2bea1367c4ed33491c0473b0

SHA256
3084a4bb5e746c59bcb80826e2ad0f095997a0ab503f8edc629ee6d313d7133e

SHA512
7de47e2388364b6891322f5c8bea87a3bf0bb6d9897b933da929865fd465dde55468a7a0fc723d4e0216e2518fef7bd5b17bfac6595325b73d08e1ea02aff899

Download Submit
Anonymous-DexFile@0xcb284000-0xcb4e6674
Filesize
2.4MB

MD5
ec00ebd12aea4f0ce3ff1ef93d0c8984

SHA1
13e014b3e7221860a7e6d96791ac682e6a6aa71a

SHA256
582515b0ed96ed17331ba6ca53e9f587ca7e283701131fab6219a17992a87582

SHA512
d7e616255a299309eaeaf1889026d8a54d42cf34dea53892d6003d6025b7858d9a463f3789cd1a39c14daae35adade1175e5e8999ec23dd106e7abddefa01b02

Download Submit
Anonymous-DexFile@0xcb4e7000-0xcbd4f384
Filesize
8.4MB

MD5
6693c37d2059551900c7ec7d103d50f5

SHA1
2e96d731abda9723f942b2f4be098ef54bac7554

SHA256
14b7c99c9be74f85c3348bea57df507ede75e08a2029fc0ac61fb554f81c13c4

SHA512
5fdaf553341fe1ec64fffe87aad08d8a36f91ca00bd9d648ffa1ad37eb4155d4c7de3f60962626d62d77a7339cef431a28879b47f71d5528b1646dfea5c4ea40

Download Submit
Anonymous-DexFile@0xcbd50000-0xcc3d0e94
Filesize
6.5MB

MD5
fecc543dde488dca204199d202f6bfa4

SHA1
23eeab73c79688a0668495444c299619c0f50200

SHA256
7a6d11c7e5191977451141d0cf672c46fac01cec1dd54912d66075ff655907a4

SHA512
756a21b7a6ebe7267fe5cd6ab180ea6ca88c3de187d70ab75103621cc8b9c9a131b8afd475266ebecdbbd9bbb908aa594a7b5f8c1cbb53a3fe011d733ca2a7b7

Download Submit
Anonymous-DexFile@0xd07ce000-0xd07dd428
Filesize
61KB

MD5
778081260e01ba35918899224245fd85

SHA1
35a01c2c327c38be716c0d1b5a00d91f8469dd74

SHA256
7acb508cc6d0a934e8c7bd45502ec404256a830732e0c57324ab432781927416

SHA512
9dd8b98661d8591c0a244349e07c377ceb8839cd9dd1e83c263d2137d89d0d4601fa517d571e3627c727d4c518d3773cfc614a9d04611883f0e4bf8f3a2d319e

Download Submit