Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a5d940a7ef795253474f554c0c7298ca46f2097ada21963dfb7fe09c0a9732b6.bin

  • Size

    1.1MB

  • Sample

    241027-1ykn2a1mak

  • MD5

    31b9bb86325e4780ac15839b49f3e932

  • SHA1

    0eb27492069645bac5a8a8530c078174182800de

  • SHA256

    a5d940a7ef795253474f554c0c7298ca46f2097ada21963dfb7fe09c0a9732b6

  • SHA512

    609c07ffda97b9b3e8c20e68f67d43edce26bb0c09063da4c905f0609f9ba8dada2621b755380612eb9239222510a794428f6b443caefb87455aa040012595e4

  • SSDEEP

    24576:t+se2lOIgVKmMYqEOuR6K0TaOUivtl+5jPWojybAjg/REb2/:tNsIghMYrO+0TaOPvtlZXbAjg/j/

Malware Config

Extracted

Family

hook

C2

http://127.0.0.1:3434

AES_key
1
3141317a5031655035514765666932444d505466544c35534c6d763744697666

Targets

    • Target

      a5d940a7ef795253474f554c0c7298ca46f2097ada21963dfb7fe09c0a9732b6.bin

    • Size

      1.1MB

    • MD5

      31b9bb86325e4780ac15839b49f3e932

    • SHA1

      0eb27492069645bac5a8a8530c078174182800de

    • SHA256

      a5d940a7ef795253474f554c0c7298ca46f2097ada21963dfb7fe09c0a9732b6

    • SHA512

      609c07ffda97b9b3e8c20e68f67d43edce26bb0c09063da4c905f0609f9ba8dada2621b755380612eb9239222510a794428f6b443caefb87455aa040012595e4

    • SSDEEP

      24576:t+se2lOIgVKmMYqEOuR6K0TaOUivtl+5jPWojybAjg/REb2/:tNsIghMYrO+0TaOPvtlZXbAjg/j/

    • Hook

      Hook is an Android malware that is based on Ermac with RAT capabilities.

    • Hook family

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries the phone number (MSISDN for GSM devices)

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.