Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Список (4).apk

android-9-x86

8

Список (4).apk

android-10-x64

8

Список (4).apk

android-11-x64

8

Analysis

  • max time kernel
    59s
  • max time network
    45s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    31/10/2024, 04:24 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Список (4).apk

  • Size

    3.8MB

  • MD5

    c68a3f3e7dc1056afd3326a8dd17b3c1

  • SHA1

    3c457565ea413c24b8cbf839368addc31d5eb8ad

  • SHA256

    ea080ce2a0535d6e546a34ae383a59f0ae16c629f64c4167aa025f1fdb4858f6

  • SHA512

    00e4f6be8128465b854b304ac8556d1f01771048ba7f8aece8d573dc73ad7d24f4aebb8d5236f787f1ae5103233b7866de546758e8f2da632c804a47af8dd190

  • SSDEEP

    49152:tvENGNxV6dK5/5t+AH4/K55tJmzxzdGG/QTOa4UwYq30cghwXcikdr0:tFNxo85htTHG+5tJmzxzBYTQ0thw6r0

Score
8/10
bankercollectioncredential_accessdiscoveryevasionexecutionpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • jpeg.nitrogen.bomb
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:4245

Network

  • flag-us
    DNS
    semanticlocation-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    semanticlocation-pa.googleapis.com
    IN A
    Response
    semanticlocation-pa.googleapis.com
    IN A
    142.250.200.10
    semanticlocation-pa.googleapis.com
    IN A
    216.58.212.202
    semanticlocation-pa.googleapis.com
    IN A
    216.58.204.74
    semanticlocation-pa.googleapis.com
    IN A
    142.250.187.202
    semanticlocation-pa.googleapis.com
    IN A
    172.217.16.234
    semanticlocation-pa.googleapis.com
    IN A
    216.58.201.106
    semanticlocation-pa.googleapis.com
    IN A
    172.217.169.74
    semanticlocation-pa.googleapis.com
    IN A
    142.250.179.234
    semanticlocation-pa.googleapis.com
    IN A
    142.250.178.10
    semanticlocation-pa.googleapis.com
    IN A
    142.250.200.42
    semanticlocation-pa.googleapis.com
    IN A
    142.250.180.10
    semanticlocation-pa.googleapis.com
    IN A
    216.58.213.10
    semanticlocation-pa.googleapis.com
    IN A
    142.250.187.234
    semanticlocation-pa.googleapis.com
    IN A
    172.217.169.10
    semanticlocation-pa.googleapis.com
    IN A
    216.58.212.234
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.180.14
  • 216.58.204.74:443
    tls, https
    202 B
     40 B
     1
    1
  • 193.233.254.67:7777
    360 B
     6
  • 142.250.187.206:443
    tls, https
    858 B
     40 B
     1
    1
  • 142.250.180.14:443
    android.apis.google.com
    tls
    2.9kB
     6.8kB
     13
    16
  • 224.0.0.251:5353
    2.9kB
     9
  • 1.1.1.1:53
    semanticlocation-pa.googleapis.com
    dns
    80 B
     320 B
     1
    1

    DNS Request

    semanticlocation-pa.googleapis.com

    DNS Response

    142.250.200.10
    216.58.212.202
    216.58.204.74
    142.250.187.202
    172.217.16.234
    216.58.201.106
    172.217.169.74
    142.250.179.234
    142.250.178.10
    142.250.200.42
    142.250.180.10
    216.58.213.10
    142.250.187.234
    172.217.169.10
    216.58.212.234

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.180.14

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-31.txt
    Filesize

    29B

    MD5

    0ffca1a19a01f549b580d044540e497d

    SHA1

    8b9136527e2565cd02abf940a74720d84399c3ff

    SHA256

    7d21efff09f9906ab70f11700318139358fee2ad092af62f98c1124f4ad8fd6d

    SHA512

    7fed4ad3642476207c91c4873d0b82614b68f7ca3397e0932601df95101d4c062e3a8bfd2641610f7baa756f91eccebc7e9ed0e60560f2b6ce92ce372e226428

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-31.txt
    Filesize

    29B

    MD5

    ea2cd29c192da6b91c2d9c5ab7871659

    SHA1

    fbc2f5f7cba4581aa7788645826fc56b542f88e8

    SHA256

    f33d22e972838b1c4322a0bd77e1b0abe1b1a01bec7454fac71a698154749301

    SHA512

    7078fa705af06cff9072101120e9c6ff7454785bd564cafeb6f15825c3373887154a6ab2a18d2823ce0fc1d042d04de6aad87e7f682f246ca498b2fe5cf8cdfa

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-31.txt
    Filesize

    25B

    MD5

    ba30336bf53d54ed3c0ea69dd545de8c

    SHA1

    ce99c6724c75b93b7448e2d9fac16ca702a5711f

    SHA256

    2d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af

    SHA512

    eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-31.txt
    Filesize

    280B

    MD5

    205be25f51ab92e60374949b63feafc4

    SHA1

    3587af9c8327cfaaa2fa5f2df1c1cce63c77c6a0

    SHA256

    3afd98e907f188481a6a695fbd64d893413609c8a6e341dde9341880e403c669

    SHA512

    706c597de3af3d17ebb970a159de1443c3e494ba625319f2160ed7a4dfb7dd34eedc618f8d732bcaf52479216bc40c69ba8e3de7ba1b4ab517002a616f7bf198

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.