Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

6

0a2837dbcf...34.apk

android-9-x86

7

0a2837dbcf...34.apk

android-10-x64

7

0a2837dbcf...34.apk

android-11-x64

7

Analysis

  • max time kernel
    128s
  • max time network
    150s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    05/10/2024, 22:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0a2837dbcf44524256346dedcefe9faa83512cdfb0409ab97af059fac9e4f934.apk

  • Size

    78KB

  • MD5

    53285ac39a5024b36c7ef68aa7bdb7a9

  • SHA1

    9393f366a2b5f3e6449331085001f24e6790d303

  • SHA256

    0a2837dbcf44524256346dedcefe9faa83512cdfb0409ab97af059fac9e4f934

  • SHA512

    7338d55a3212782ecc04f961398c469270a939f5031cf715daa661bbc32ab82e49fa417e48db91f58ecc2e0037ca22cf30f8e01946c8f8af156f0a816b4b9dbe

  • SSDEEP

    1536:WbP9qmWHDW8Etc4WEFr9LsCweHdpf7KJ1AjQEKwi1UI8FNwyTtkMe+YYpL+oXN:MP90jWtcR8rZs5Kdpfi1AkEc1UTJkHB2

Score
7/10
collectioncredential_accessevasionpersistence

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence

Processes

  • com.spy.note.ecy
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4959

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.spy.note/files/Factory/Plugins/oat/classes.dex.cur.prof
    Filesize

    173B

    MD5

    aca23e2d3cda1500bc27e71c9b4089df

    SHA1

    d613ca0b9e7f95974536ba7d1fe95265a7262762

    SHA256

    b51472aeb7cfb88030ea59b6b11e52e3f0d56362e88ea9571b2df64f3923e810

    SHA512

    5722229d2e526655d372c2e532790f80648cc8161f33eff42f5f378a3aa584eafe8da746fceed1060fbc011439443fe13a8cda1a9ffb23d4fe0624735155a51a

    Download Submit

  • /data/user/0/com.spy.note/[email protected]
    Filesize

    122KB

    MD5

    7d9ce10875dd6ab60e62e7433ccf5897

    SHA1

    fbb9ad1b47879bd6578634eb3d411e065acf4281

    SHA256

    e44d0f11a476f8c2a50c051e7804edf646cf016afd725bccbbdc133b452bae38

    SHA512

    7d79f1ad57a1ed890a3d6e79e8b313e9aa6a1b4bc9eec5242a6ca0205da14959f9f1793afe1ebc86e039d2946f1a7917123c001ed31f233229cf225698aec53e

    Download Submit