Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

40aa6f9689...d2.apk

android-9-x86

8

40aa6f9689...d2.apk

android-10-x64

8

40aa6f9689...d2.apk

android-11-x64

8

Analysis

  • max time kernel
    23s
  • max time network
    152s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    16/10/2024, 22:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    40aa6f968973ce35adf461872d5aa44fd64bd35c6bc50f6d4e7228239c22c0d2.apk

  • Size

    4.4MB

  • MD5

    963b8373e3ab385651cfbe4d0d226d19

  • SHA1

    7587a27b6ebabf7e56b75c4e931851295cd39007

  • SHA256

    40aa6f968973ce35adf461872d5aa44fd64bd35c6bc50f6d4e7228239c22c0d2

  • SHA512

    46cef2cfd195c6c1bd110fcf33219f6c9117e0788f69e9969c2cb5e77c356e778a9be6d4090a17fc844e5a5b6648e053fa0d09fa118df483a63d1e49939abf7b

  • SSDEEP

    98304:ZHfrbzjXCFpZpKmqk5sjcstp0ZU05uZEpSYcNQ6i2infseJjPUYl:1Skk5sjXcoZiFIOsyMk

Score
8/10
bankercollectioncredential_accessdiscoveryevasionexecutionpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 3 IoCs
    stealthtrojanevasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
    collection
  • Reads the content of the calendar entry data. 1 TTPs 1 IoCs
    collection
  • Reads the content of the call log. 1 TTPs 1 IoCs
    collection
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • com.tencent.mm
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Queries account information for other applications stored on the device
    • Reads the contacts stored on the device.
    • Reads the content of the calendar entry data.
    • Reads the content of the call log.
    • Requests cell location
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Schedules tasks to execute at a specified time
    PID:4799

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Execution Guardrails

1
T1627

Geofencing

1
T1627.001

Foreground Persistence

1
T1541

Hide Artifacts

3
T1628

Suppress Application Icon

1
T1628.001

User Evasion

2
T1628.002

Input Injection

1
T1516

Credential Access

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Location Tracking

1
T1430

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Network Configuration Discovery

1
T1422

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Location Tracking

1
T1430

Protected User Data

3
T1636

Calendar Entries

1
T1636.001

Call Log

1
T1636.002

Contact List

1
T1636.003

Screen Capture

1
T1513

Stored Application Data

1
T1409

Command and Control

Exfiltration

Impact

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.tencent.mm/databases/Dname
    Filesize

    32KB

    MD5

    1854505a3f6d683ed7eb81612934370c

    SHA1

    4f710add9a652d2fb92b7ce45589e27bf03f0b2a

    SHA256

    8100330a266f3027b929ea1bde99440ce4a544c9d9a0abb2ef0d1a73aa4cd9a4

    SHA512

    104a6e9c840b1fddd22ae579624a549c911abfbb48dc4454d3d231619c41a9abbf22f0dc5362a80c8c8245cc18566661f3645ac48c61259132886d4bf4678962

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    512B

    MD5

    928f0feb2c2e233f407903da6b4b7738

    SHA1

    22413c456983fbb47a0ef40aaaf69995d58fed7e

    SHA256

    030525b3015f92da72599a903c4fd0de6b0410bb2cb05cc7ea5df129dd7e61a8

    SHA512

    8c398795aff636ba5bb5bc3743331bf491084ba7850e275897225d55ebc41d7c6d3ae62995b5cd28af0ef1a57f10b67f7cc466af55000c054e3adb1f59d693d3

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    ef3dd0264ee3683418ede3392f25d319

    SHA1

    2b629ae80c2e1d362c05ac5c151db6aa0f77073a

    SHA256

    3abd231b4745c0e7cc00b865222947a84ff7fc91047c28c274de6c7605b296ca

    SHA512

    bf47c091d79f52c9720065c425d51436bf359e0953c0766e7e87ce866df3d86095cd29740685b83f0af5572800ce64a5fca140e52b9634c5fcf582038360d66b

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    ddc80132ae8d19a2a487c3bb25fb93c4

    SHA1

    c3162865bf57cd8e65718aa3423399c59fcddea9

    SHA256

    e9f6415166f3073351f620f4a28efea56c39f6850fc11859b062810928e24d62

    SHA512

    15b756d911f945cb9b931f8bf7f4c2a2bb8426b928f089dbaaed87063ffe3ec2c49e9ed495a3038fc3fe58eebedffabe1f6c6c27c4db05725da6b55cbc0562a3

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    b87bc0b2899602ae0bafb68b818a0301

    SHA1

    c15d310b96579a99f54fe430c6346df119dbbf41

    SHA256

    9d082761a7e72d602f106bc85fc6dc8e923f01840e646ff395905cd6a8733873

    SHA512

    0fe523a8db97d2b7a5b4b328f90197343641da68574a2693125c6e7114d67fb82708e6beba5b738be478448335dc1acb66a3ddc77eb9b46fb9c27b6f23730f12

    Download Submit

  • /data/user/0/com.tencent.mm/databases/Dname-journal
    Filesize

    8KB

    MD5

    40a60fec1dcd6e579c7eea4064834749

    SHA1

    0a3ded36ac84fd831eb823ecf95caae21df268c5

    SHA256

    dfcd7b7f053902351f27528cdea86c7eb2fab345fa05c4dd923fd0ef536affb3

    SHA512

    92e983b444a82c11b069bf9bfa955dd0c2ed94a14e27c96ea44ca0167e623d252d004f0e5a35e19fcc61a68b34e1a4afcbf512bc903c797d4a35a21be819970b

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db
    Filesize

    16KB

    MD5

    51f773aa05a01eb469a7e5654a455afb

    SHA1

    4ed95c615dbea5cbbcc1c7c774e0e0b30b931d00

    SHA256

    4d05e07e62192abd564e8cb16811e6b66a8af503987a9e0425c60177355b07c2

    SHA512

    8259e847c23632ebb33b187510de0def13516fe2bca49961c4bd7a73bcc5aa55d762e0dd4a6a13f086efd0e92b2ade23836ba4871f1c45a069f47bcf4f78d05a

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    512B

    MD5

    f124f870132119a30326d4bad6d9f07d

    SHA1

    a12e0e8c9a81b5264cdde52a5a5e2b4c3baf2fb1

    SHA256

    d6caa7e2b5b508243482f37a384adafa77545b48672bf4f2943ac4b4b808c3ae

    SHA512

    ec2cea0b577e44f9d595106249e9fa5c93fbf0a1609f548da86a92b04432a6952dde82c6f3e3ed8de67633f0576c9639934da17037db28e8f02e8c0b94d11dae

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    2b7045c6b516e0c41d8b377672d82393

    SHA1

    e79ae09613592a30149e95188d7ef2604e6a4a87

    SHA256

    9ba222876480899d8421847d77870f2677f3445546157c4440435ee7a722bff0

    SHA512

    8da302021e9b3517889b0b167d62364d1c23bbf0884eae73fe4781280015f1e77b12fde3d87e7be8e4428c0696e983a62d8ee96aba514c2a12cf220c7ef42acb

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    d991915448d9b7d0087158dc68ae4aad

    SHA1

    2fdebd47726a61c266e4ee437580832ad1e742b3

    SHA256

    99016f4d3b14b2594b4db2dc7ecb384e27dee6fda334c59e6f2e844d30522354

    SHA512

    a15f900855b400b9ade63122fbd5dcd01443785fcae98992022aa6f9de9b403a8102ece4321fa7683ec252ddaf410a3e1b387e5fdfd6a319cc7e404a6a4b0e23

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    f6bfa411962c4ed04a2c722aab1c5e03

    SHA1

    f4fc0f9ee858b7e2260b449ad371cd656d24497d

    SHA256

    1d7d5ceee40c942011903009279f5f66471c5c025a50433ba926b5a02bf3794c

    SHA512

    19915a68f8c35bf00e8b597b4b7e3e6b870fff2ee5bbdf2633c9f7aeaabff35c5806345294d18b29bb2619f0cdfb196686917771253729f746b8227df203e896

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    34a1430bc831ea62fea27a44b005e273

    SHA1

    b7498b7876369efdb3885489604c68f9f8085068

    SHA256

    8db14a4914785c11385125422945412d87c27206133485d14803a88b02abd4cb

    SHA512

    e0fb187f3d2d4f428a7e306b010775130569beb20a03dfa3a3255838ad8a5f94ac5c9d0f5a14b641deeb89d4994cc1a035eaccf1906b935fdba9f5051c93f748

    Download Submit

  • /data/user/0/com.tencent.mm/databases/evernote_jobs.db-journal
    Filesize

    8KB

    MD5

    17d93522dd70d27d11f0c211ee8d1183

    SHA1

    76466bafa28a3626f848aee1cce659b2b8f77daa

    SHA256

    65fd99b13ec3f2c00c17576e4f5058c95c5cdb48a0560fad728b1451445fdbe9

    SHA512

    2209425b46df15c81ce038cba28f65a5ec80702daa4ef2f8110db6fb47939db7dda8ef48dfbbf1024783cb3bc701e877e70eab787dce0a9e35e9a47666b2ce77

    Download Submit

  • /data/user/0/com.tencent.mm/files/CallLogs.txt
    Filesize

    3B

    MD5

    58e0494c51d30eb3494f7c9198986bb9

    SHA1

    cd0d4cc32346750408f7d4f5e78ec9a6e5b79a0d

    SHA256

    37517e5f3dc66819f61f5a7bb8ace1921282415f10551d2defa5c3eb0985b570

    SHA512

    b7a9336ed3a424b5d4d59d9b20d0bbc33217207b584db6b758fddb9a70b99e7c8c9f8387ef318a6b2039e62f09a3a2592bf5c76d6947a6ea1d107b924d7461f4

    Download Submit

  • /data/user/0/com.tencent.mm/files/GP.txt
    Filesize

    108B

    MD5

    a3fe15e9d50a72f7774aeecac06328c6

    SHA1

    4321aa848755720fa3b12bba72e8a02e64e0bfb1

    SHA256

    a0292b1b29849b7c91bfc42485af0188d5b25e77bfbcbe2dd746df1cd4778cdb

    SHA512

    78910649eba31980c48542bd2e6d280d97afd132bf72abbdf088b68ea9881f236ed39eca2f647e940dbff8da296fc64e47f5d77fd63bbe534e49f8be4bdf4988

    Download Submit

  • /data/user/0/com.tencent.mm/files/Tree.txt
    Filesize

    566B

    MD5

    bd21ca4431bf2d52e01aaa6158d781bc

    SHA1

    322dae85d9d702df53d9a20233a6fcb6ac444897

    SHA256

    1bcb53046b8afa5efa06b4d7704c601612715a7e9926791827c0475f5121a327

    SHA512

    43e1898ba876233ce823dfa061dbd5420e71c550e3a479b2d20ee7b9f26e45696e41e22597faf9c9107e903d6cef7f603a8482d64e84968d412873a08c917329

    Download Submit

  • /data/user/0/com.tencent.mm/files/accounts.txt
    Filesize

    2B

    MD5

    d751713988987e9331980363e24189ce

    SHA1

    97d170e1550eee4afc0af065b78cda302a97674c

    SHA256

    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

    SHA512

    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

    Download Submit

  • /data/user/0/com.tencent.mm/files/netinfo.txt
    Filesize

    854B

    MD5

    0c9fd8888ec909ad75fe06c2a7587850

    SHA1

    ee48384e3065e5a20d7a928c96e97029586b05dd

    SHA256

    58ff6c25046a35f21e00d834d3fbb6a94bb96a66350df3f57e8f05ca2db54c16

    SHA512

    b5febb883a553ae0e6512c001106043367a40c5c783edda14d8a103e332b9a489c18cf2628206ad0adff1440fe04280b4179ad4cd38d22808be4cae325234fc5

    Download Submit

  • /data/user/0/com.tencent.mm/files/pkinfo.txt
    Filesize

    10KB

    MD5

    b593d0594fc2e98f60b0288475ba950b

    SHA1

    1c10ef393a2666d7640ca45e663321019a5675fb

    SHA256

    49e287b4855336cc22b24d4f912538f43d226ddca9b322d769fb3ef0306d9411

    SHA512

    7ba2ceeddfbc8efee39b6a5d9f81001cca3e07d6d6311ae16e0eff38fd395567fa3236aa7f7b59def32a5a7ed27d24cd852b3936d32bd05b467dbd1ed8dcd40b

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-16.txt
    Filesize

    287B

    MD5

    f71d26c015959f0c79cb055fcb92ac07

    SHA1

    dd2e82c12346374a4faa64810b3e42a7c25691b3

    SHA256

    21b5f967e60f22e7cfee323aa08fe39c78f6b7d5c07d75f02faeb64f3ca6f116

    SHA512

    c402685a8985130ca1e8d5bfda821e35e87346a9e97e50529531d4a0c6540ba62356e80e8a3d4f984318aad4bc87b1e7480ec4f75eae0743904a3070cf0523ac

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-16.txt
    Filesize

    32B

    MD5

    2645a22ef836e09fa68c45107ec71b41

    SHA1

    fb78bf6cb7a2a04b7a0cf7f2046847f9a994c3b0

    SHA256

    965a834278b9e32d974557cbb26a7c6d783b0631ea85f2447f9eca791edf5409

    SHA512

    ee5c668a6f10bfa5a30c937c3b190549bb3f989cb0367af233df610f1ec3efd251a69ff6b3ef6398d6420689c990d2691fdcdc5d4bda73a237e1ff1cf72dcfd0

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-16.txt
    Filesize

    12B

    MD5

    a9256f55737b655c8cff95418411997c

    SHA1

    d81a4e85ecef3a4f08d50da9c75c49a3c64ffe24

    SHA256

    bad705c44807d12463fb587087c4e9eb24769d82981229ac8b74abc9b1a44412

    SHA512

    10d10a6498973ed65d47c74ba6d8831dad94213a5071353dc445de46e021689284fbbf4accf5ba1f97a0675a7652ec069ac70f38d63ba36b8595a8caf8d37574

    Download Submit