Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    23/10/2024, 01:08

General

  • Target

    20287210b895881c40325a049469fd24d2c7ee5ef85b88365373560d93c66ed6.apk

  • Size

    565KB

  • MD5

    76e4485c5843b9351337aa571b547a89

  • SHA1

    8719a08fc2acab16ba4b1a8f1ae3d8f4a500a3fb

  • SHA256

    20287210b895881c40325a049469fd24d2c7ee5ef85b88365373560d93c66ed6

  • SHA512

    457a85063f2a25ab2e60dd2d56c3bfe1e67358c0af6da80829fc25ce809b046b579493b1cbc28f999f5763cbef9004ec4ac1aae238107a23619d44e8b66f6f22

  • SSDEEP

    12288:XlPneXRi2ZYdJPodteXB/vxS8ASacqMwNkPQSIydRBk0zTL7o9Hp:XlPneXRuPodteX5xS8fazCYyZ16

Malware Config

Extracted

Family

octo

C2

https://94.156.253.20/NzNlMDMzYWExMzk1/

https://staris7542352r23.net/NzNlMDMzYWExMzk1/

https://staris6442352r23.net/NzNlMDMzYWExMzk1/

https://staris5342352r23.net/NzNlMDMzYWExMzk1/

https://staris4242352r23.net/NzNlMDMzYWExMzk1/

https://staris3142352r23.net/NzNlMDMzYWExMzk1/

rc4.plain

Extracted

Family

octo

C2

https://94.156.253.20/NzNlMDMzYWExMzk1/

https://staris7542352r23.net/NzNlMDMzYWExMzk1/

https://staris6442352r23.net/NzNlMDMzYWExMzk1/

https://staris5342352r23.net/NzNlMDMzYWExMzk1/

https://staris4242352r23.net/NzNlMDMzYWExMzk1/

https://staris3142352r23.net/NzNlMDMzYWExMzk1/

AES_key

Signatures

Processes

  • com.staroutra
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4211

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.staroutra/cache/bgbormjclb

    Filesize

    450KB

    MD5

    624242a4adcbab67562e5a5a8679b48c

    SHA1

    5a5f811d12980a914a3ba07f6d8b75f87dc8fe83

    SHA256

    42c328cb6baa61759f25454dddfc3f4ce2907009f07040efbca6a40374780457

    SHA512

    a7dde54382486211a1bab953e9ab60ee8031f47bd57c065950bc01cd161732cfee6628cc047b9339e84642b64136d8d7cabbb0ddcd62187006b8474d06b481e0

  • /data/data/com.staroutra/cache/oat/bgbormjclb.cur.prof

    Filesize

    534B

    MD5

    f7e61cf9bb164a5f38ce2ee8ce7a7e13

    SHA1

    333cf498d864a4cb57ef1000adce7375a32da87a

    SHA256

    114014065b89bb0b9b377c4dd85372b510216b5d4b0af6991e5c37ca748e0e23

    SHA512

    c4cb67aa4110c2e7963a7f85d2575061dc121068a829d2fc84c130d7a1f1cc53f3941d4b0c74778a53ecd204afeb9fdc86514718eb00a2120d89ee95d432588f