Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
126s -
max time network
157s -
platform
android-11_x64 -
resource
android-x64-arm64-20240910-en -
resource tags
arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system -
submitted
05/10/2024, 22:09
Static task
static1
Behavioral task
behavioral1
Sample
0a2837dbcf44524256346dedcefe9faa83512cdfb0409ab97af059fac9e4f934.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
0a2837dbcf44524256346dedcefe9faa83512cdfb0409ab97af059fac9e4f934.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
0a2837dbcf44524256346dedcefe9faa83512cdfb0409ab97af059fac9e4f934.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
0a2837dbcf44524256346dedcefe9faa83512cdfb0409ab97af059fac9e4f934.apk
-
Size
78KB
-
MD5
53285ac39a5024b36c7ef68aa7bdb7a9
-
SHA1
9393f366a2b5f3e6449331085001f24e6790d303
-
SHA256
0a2837dbcf44524256346dedcefe9faa83512cdfb0409ab97af059fac9e4f934
-
SHA512
7338d55a3212782ecc04f961398c469270a939f5031cf715daa661bbc32ab82e49fa417e48db91f58ecc2e0037ca22cf30f8e01946c8f8af156f0a816b4b9dbe
-
SSDEEP
1536:WbP9qmWHDW8Etc4WEFr9LsCweHdpf7KJ1AjQEKwi1UI8FNwyTtkMe+YYpL+oXN:MP90jWtcR8rZs5Kdpfi1AkEc1UTJkHB2
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.spy.note/[email protected] 4770 com.spy.note.ecy /data/user/0/com.spy.note/files/Factory/Plugins/classes.dex 4770 com.spy.note.ecy /data/user/0/com.spy.note/files/Factory/Plugins/classes.dex 4770 com.spy.note.ecy -
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.spy.note.ecy -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.spy.note.ecy -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.spy.note.ecy -
Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs
Application may abuse the accessibility service to prevent their removal.
ioc Process android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.spy.note.ecy
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/com.spy.note/[email protected]
Filesize122KB
MD57d9ce10875dd6ab60e62e7433ccf5897
SHA1fbb9ad1b47879bd6578634eb3d411e065acf4281
SHA256e44d0f11a476f8c2a50c051e7804edf646cf016afd725bccbbdc133b452bae38
SHA5127d79f1ad57a1ed890a3d6e79e8b313e9aa6a1b4bc9eec5242a6ca0205da14959f9f1793afe1ebc86e039d2946f1a7917123c001ed31f233229cf225698aec53e
-
Filesize
184B
MD59dcd9cfcc048febff6e0d390ec780a42
SHA1b6d0ef3e4686e124beccfd4b1a1055f202b705f6
SHA2569c8d334e7ace5657a533fa7d4bb5b5a9aeb9a1b09ceed7d25dfcb53d3580d4af
SHA512c6c662edc3157a7ae7d1e0456261f9af4243f96ab8444ff39d896d0fee2478ff89a02ecb10990e4980ec55bb2c54d568b723c03fccebb7a739576cb742258a8f