Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

6

0a2837dbcf...34.apk

android-9-x86

7

0a2837dbcf...34.apk

android-10-x64

7

0a2837dbcf...34.apk

android-11-x64

7

Analysis

  • max time kernel
    126s
  • max time network
    157s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    05/10/2024, 22:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0a2837dbcf44524256346dedcefe9faa83512cdfb0409ab97af059fac9e4f934.apk

  • Size

    78KB

  • MD5

    53285ac39a5024b36c7ef68aa7bdb7a9

  • SHA1

    9393f366a2b5f3e6449331085001f24e6790d303

  • SHA256

    0a2837dbcf44524256346dedcefe9faa83512cdfb0409ab97af059fac9e4f934

  • SHA512

    7338d55a3212782ecc04f961398c469270a939f5031cf715daa661bbc32ab82e49fa417e48db91f58ecc2e0037ca22cf30f8e01946c8f8af156f0a816b4b9dbe

  • SSDEEP

    1536:WbP9qmWHDW8Etc4WEFr9LsCweHdpf7KJ1AjQEKwi1UI8FNwyTtkMe+YYpL+oXN:MP90jWtcR8rZs5Kdpfi1AkEc1UTJkHB2

Score
7/10
collectioncredential_accessevasionpersistence

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion

Processes

  • com.spy.note.ecy
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    PID:4770

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.spy.note/[email protected]
    Filesize

    122KB

    MD5

    7d9ce10875dd6ab60e62e7433ccf5897

    SHA1

    fbb9ad1b47879bd6578634eb3d411e065acf4281

    SHA256

    e44d0f11a476f8c2a50c051e7804edf646cf016afd725bccbbdc133b452bae38

    SHA512

    7d79f1ad57a1ed890a3d6e79e8b313e9aa6a1b4bc9eec5242a6ca0205da14959f9f1793afe1ebc86e039d2946f1a7917123c001ed31f233229cf225698aec53e

    Download Submit

  • /data/user/0/com.spy.note/files/Factory/Plugins/oat/classes.dex.cur.prof
    Filesize

    184B

    MD5

    9dcd9cfcc048febff6e0d390ec780a42

    SHA1

    b6d0ef3e4686e124beccfd4b1a1055f202b705f6

    SHA256

    9c8d334e7ace5657a533fa7d4bb5b5a9aeb9a1b09ceed7d25dfcb53d3580d4af

    SHA512

    c6c662edc3157a7ae7d1e0456261f9af4243f96ab8444ff39d896d0fee2478ff89a02ecb10990e4980ec55bb2c54d568b723c03fccebb7a739576cb742258a8f

    Download Submit