Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Instagrams...py.apk

android-9-x86

8

Instagrams...py.apk

android-10-x64

8

Instagrams...py.apk

android-11-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    InstagramsrcsignCopy.apk

  • Size

    5.5MB

  • Sample

    240925-y2vmasyfjg

  • MD5

    a64b52af666ac8508f0c414de3284813

  • SHA1

    6490034e0f75fa4da9cbeeb378e6142e69ae3c21

  • SHA256

    0edae656db4b5626b6dde1786af67d455a843d8fa6059a5a88eeb2b0ae214aa2

  • SHA512

    71bd20bbf513faf86022d0c2ac30fcb7725884f7aab73ce6b13fbce3cf8301158fb8582ca6889d22dd3bd113545a8b15a85c3dd1cc2a6084c058dd45da902f03

  • SSDEEP

    98304:NwubXW62AALy6GqYZpcQb788aGg82Qr9pzbuV7zphCIJaL31M8UofrFF3NP2:NrXZJ6nicQHNaf8/IXrJaD1B3V2

Score
10/10
airavatandroidcollectioncredential_accessdiscoveryevasionimpactpersistence

Malware Config

Extracted

Family

airavat

C2

https://sigma-abc9a-default-rtdb.firebaseio.com

Targets

    • Target

      InstagramsrcsignCopy.apk

    • Size

      5.5MB

    • MD5

      a64b52af666ac8508f0c414de3284813

    • SHA1

      6490034e0f75fa4da9cbeeb378e6142e69ae3c21

    • SHA256

      0edae656db4b5626b6dde1786af67d455a843d8fa6059a5a88eeb2b0ae214aa2

    • SHA512

      71bd20bbf513faf86022d0c2ac30fcb7725884f7aab73ce6b13fbce3cf8301158fb8582ca6889d22dd3bd113545a8b15a85c3dd1cc2a6084c058dd45da902f03

    • SSDEEP

      98304:NwubXW62AALy6GqYZpcQb788aGg82Qr9pzbuV7zphCIJaL31M8UofrFF3NP2:NrXZJ6nicQHNaf8/IXrJaD1B3V2

    Score
    8/10
    collectioncredential_accessdiscoveryevasionpersistenceimpact

    • Checks if the Android device is rooted.

      evasion

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Queries the mobile country code (MCC)

      discovery

    • Requests accessing notifications (often used to intercept notifications before users become aware).

      collectioncredential_access

    • Requests enabling of the accessibility settings.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks