Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Vavada.apk

android-9-x86

7

Vavada.apk

android-10-x64

7

Vavada.apk

android-11-x64

7

Analysis

  • max time kernel
    59s
  • max time network
    65s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    30/10/2024, 23:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Vavada.apk

  • Size

    3.8MB

  • MD5

    d83333cf8add0987d3b3e5ebb98ff12c

  • SHA1

    41ded4b0f5efb4ccfbe34e6ca43a07fa39ec9a43

  • SHA256

    5b4fa3c6c80e071c55defa741ae1d95e5d19566f1a8c8bc326f1c7cd85289416

  • SHA512

    0d95e8a203a2c4f7c6a957e57d252a8773e15dae3a52e852e98cfab660d077b0f0774950cadc939d3ed1fbb8c4fb5ec5a9d99f09488d69fd6fb4f9a8bca55998

  • SSDEEP

    49152:inFc7vtaOUX4O6R+AHmB81kUdc1wmzZzdGGpQTOT3UBYqu0cghQ9jikGK:2q7v4H4O58fCwmzZzBmTg0thQcK

Score
7/10
bankercollectioncredential_accessdiscoveryevasionexecutionpersistence

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 8 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • matrix.predicted.indicates
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about active data network
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Schedules tasks to execute at a specified time
    PID:4478

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-30.txt
    Filesize

    21B

    MD5

    e655070f957ff868db65ecf5588b8cb5

    SHA1

    310516fed2cdc5326a1b55b7c8db2ab9a4fca87e

    SHA256

    c376a3aa3d1b45f05e19e708bd71a8bb7bc5eeced1475a273e2dd173cba216d7

    SHA512

    f1c833dac18a35e4e8c946473e3e252816613129f1a9c7407a6df612a1c479fa092239706996f70c73ef2836c13c730046c15121c75977366d063080af627676

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-30.txt
    Filesize

    21B

    MD5

    a321fc986b2570a7b24effe9e6475da9

    SHA1

    84fb8302687d1bf7e971f85b7ad80098c033fe2d

    SHA256

    4e7076ecf79121835420f9c2cc90c3155fcd7f943695e54e8ec57218d2398abf

    SHA512

    3b5249fdd93e67d625b1c45234a81979d3a34b9338a6c3c8960366ba9a5c26007364247c1da45f1f82391043d4c13fa060723b93e809170859a276d57c46ec4e

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-30.txt
    Filesize

    25B

    MD5

    ba30336bf53d54ed3c0ea69dd545de8c

    SHA1

    ce99c6724c75b93b7448e2d9fac16ca702a5711f

    SHA256

    2d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af

    SHA512

    eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-30.txt
    Filesize

    276B

    MD5

    c2a95dc4c1a3b16df3bde4d745a73420

    SHA1

    83599d7528e0db420b0a6f94300058c2dd15f31b

    SHA256

    665b7ef669873a2f647f613c29c5bd8619102b2f5c4e2922bf22269c3a4c3590

    SHA512

    45ef20068665d8d29f8612ade2892efe793e0b022f0d6376e17217ff1456874c6caf915a01acf3adf4f9946f843830b110c53213469e1146b24a8f7d44a375ee

    Download Submit