Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

0191d1e5b9...78.apk

android-9-x86

6

0191d1e5b9...78.apk

android-10-x64

4

0191d1e5b9...78.apk

android-11-x64

4

up.apk

android-9-x86

7

up.apk

android-10-x64

7

up.apk

android-11-x64

7

Resubmissions

07/11/2024, 02:58 UTC

241107-dgnm2asrcs 10

05/11/2024, 22:06 UTC

241105-1z69eszgmm 10

Analysis

  • max time kernel
    124s
  • max time network
    134s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    07/11/2024, 02:58 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    up.apk

  • Size

    3.9MB

  • MD5

    2ed7172c2d16942755e5c70843ab1a0b

  • SHA1

    4d910437d7e43ab967b7ccf1a38bcc5343dc6dcf

  • SHA256

    9f4fecd99a17e6a5edf6741921f0954542144e0803e11482be3e31c643bdc2d7

  • SHA512

    460c986bce5729e4147b05f87676c8fa55333ff8ff7cd9ac92a47f8e3dacc355a8fe3c2dfe1c3d1bba3a076cc1869fac3b6a313ed541794f536572aa1e31be0f

  • SSDEEP

    98304:mefcmgFINmsyjYS2cJHKJgFukMsgzS5Gya1/ewLuRF+LlX8YrNz0r:mTmgxsD6oJglgz3NbyREZ8Ezw

Score
7/10
collectioncredential_accessevasionimpactpersistence

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.omnibusriding.wallon
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4510

Network

  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    172.217.16.238
  • flag-us
    DNS
    t.me
    Remote address:
    1.1.1.1:53
    Request
    t.me
    IN A
    Response
    t.me
    IN A
    149.154.167.99
  • flag-nl
    GET
    https://t.me/zamukosaremopas
    Remote address:
    149.154.167.99:443
    Request
    GET /zamukosaremopas HTTP/2.0
    host: t.me
    user-agent: Mozilla/5.0 (Linux; Android 14; SMA155F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.88 Safari/537.36
    accept-encoding: gzip
    Response
    HTTP/2.0 200
    server: nginx/1.18.0
    date: Thu, 07 Nov 2024 02:59:22 GMT
    content-type: text/html; charset=utf-8
    content-length: 4426
    set-cookie: stel_ssid=3042041be9639db222_14719495761798813801; expires=Fri, 08 Nov 2024 02:59:22 GMT; path=/; samesite=None; secure; HttpOnly
    pragma: no-cache
    cache-control: no-store
    x-frame-options: ALLOW-FROM https://web.telegram.org
    content-security-policy: frame-ancestors https://web.telegram.org
    content-encoding: gzip
    strict-transport-security: max-age=35768000
  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
    Response
    ssl.google-analytics.com
    IN A
    216.58.212.200
  • 142.250.187.206:443
    tls, https
    1.5kB
     40 B
     1
    1
  • 142.250.187.206:443
    tls, https
    1.5kB
     40 B
     1
    1
  • 172.217.16.238:443
    android.apis.google.com
    tls
    4.8kB
     7.7kB
     21
    19
  • 149.154.167.99:443
    https://t.me/zamukosaremopas
    tls, http2
    1.7kB
     11.9kB
     15
    15

    HTTP Request

    GET https://t.me/zamukosaremopas

    HTTP Response

    200
  • 216.58.212.200:443
    ssl.google-analytics.com
    tls
    1.3kB
     6.3kB
     8
    9
  • 142.250.187.228:443
    tls, https
    848 B
     40 B
     2
    1
  • 142.250.187.228:443
    www.google.com
    tls
    10.9kB
     9.8kB
     26
    34
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    172.217.16.238

  • 1.1.1.1:53
    t.me
    dns
    50 B
     66 B
     1
    1

    DNS Request

    t.me

    DNS Response

    149.154.167.99

  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    70 B
     86 B
     1
    1

    DNS Request

    ssl.google-analytics.com

    DNS Response

    216.58.212.200

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.