Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

0191d1e5b9...78.apk

android-9-x86

1

0191d1e5b9...78.apk

android-10-x64

4

0191d1e5b9...78.apk

android-11-x64

4

up.apk

android-9-x86

7

up.apk

android-10-x64

6

up.apk

android-11-x64

6

Resubmissions

07/11/2024, 02:58 UTC

241107-dgnm2asrcs 10

05/11/2024, 22:06 UTC

241105-1z69eszgmm 10

Analysis

  • max time kernel
    124s
  • max time network
    152s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    05/11/2024, 22:06 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    up.apk

  • Size

    3.9MB

  • MD5

    2ed7172c2d16942755e5c70843ab1a0b

  • SHA1

    4d910437d7e43ab967b7ccf1a38bcc5343dc6dcf

  • SHA256

    9f4fecd99a17e6a5edf6741921f0954542144e0803e11482be3e31c643bdc2d7

  • SHA512

    460c986bce5729e4147b05f87676c8fa55333ff8ff7cd9ac92a47f8e3dacc355a8fe3c2dfe1c3d1bba3a076cc1869fac3b6a313ed541794f536572aa1e31be0f

  • SSDEEP

    98304:mefcmgFINmsyjYS2cJHKJgFukMsgzS5Gya1/ewLuRF+LlX8YrNz0r:mTmgxsD6oJglgz3NbyREZ8Ezw

Score
7/10
collectioncredential_accessevasionimpactpersistence

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.omnibusriding.wallon
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4369

Network

  • flag-us
    DNS
    t.me
    Remote address:
    1.1.1.1:53
    Request
    t.me
    IN A
    Response
    t.me
    IN A
    149.154.167.99
  • flag-nl
    GET
    https://t.me/zamukosaremopas
    Remote address:
    149.154.167.99:443
    Request
    GET /zamukosaremopas HTTP/2.0
    host: t.me
    user-agent: Mozilla/5.0 (Linux; Android 14; SMA155F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.88 Safari/537.36
    accept-encoding: gzip
    Response
    HTTP/2.0 200
    server: nginx/1.18.0
    date: Tue, 05 Nov 2024 22:06:29 GMT
    content-type: text/html; charset=utf-8
    content-length: 4426
    set-cookie: stel_ssid=651cead0771eb9d4f7_16571940646610824987; expires=Wed, 06 Nov 2024 22:06:29 GMT; path=/; samesite=None; secure; HttpOnly
    pragma: no-cache
    cache-control: no-store
    x-frame-options: ALLOW-FROM https://web.telegram.org
    content-security-policy: frame-ancestors https://web.telegram.org
    content-encoding: gzip
    strict-transport-security: max-age=35768000
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    216.58.204.78
  • 149.154.167.99:443
    https://t.me/zamukosaremopas
    tls, http2
    1.5kB
     11.7kB
     18
    19

    HTTP Request

    GET https://t.me/zamukosaremopas

    HTTP Response

    200
  • 172.217.16.238:443
    468 B
     9
  • 172.217.16.238:443
    52 B
     1
  • 216.58.212.238:443
    tls, https
    689 B
     40 B
     1
    1
  • 216.58.204.78:443
    android.apis.google.com
    tls
    3.6kB
     6.9kB
     12
    15
  • 172.217.169.74:443
    tls, https
    2.3kB
     40 B
     1
    1
  • 224.0.0.251:5353
    3.9kB
     13
  • 1.1.1.1:53
    t.me
    dns
    50 B
     66 B
     1
    1

    DNS Request

    t.me

    DNS Response

    149.154.167.99

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    216.58.204.78

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.