Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

GoodYear.apk

android-9-x86

1

GoodYear.apk

android-10-x64

1

GoodYear.apk

android-11-x64

1

childapp.apk

android-9-x86

7

childapp.apk

android-10-x64

7

childapp.apk

android-11-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    142s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    07/11/2024, 18:51 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    childapp.apk

  • Size

    20.3MB

  • MD5

    008ec09f044eec72d1305f66637e06cd

  • SHA1

    b8738bc279e3ec972bd6ee4a42e7c67125cbcaf7

  • SHA256

    182598d5b557600faff22dc8f6dd713348ad79e96ddd994280b4b1267e809e2f

  • SHA512

    684ba9fbd4848da542499b440100d401408cb7599c4a45cb95643581eccd409d7c25b86196ba0df209cbab37ad428121fb21a8822154ed1e251213418806370c

  • SSDEEP

    98304:YSzBzTRmz4tQGvm86p0U6XeADO8KbFmRKER+0twB+UJzT5iBCoyCOP0L3ix:tUz4tQGu8qOXen8WFmUEnw4ozToXOkO

Score
7/10
bankercollectioncredential_accessdiscoveryevasionexecutionpersistence

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 11 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • ja.pipes.educated
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:4255
    • ping -c 1 -W 15 191.243.161.232
      2⤵
        PID:4395
      • ping -c 1 -W 15 191.243.161.232
        2⤵
          PID:4457

      Network

      • flag-us
        DNS
        semanticlocation-pa.googleapis.com
        Remote address:
        1.1.1.1:53
        Request
        semanticlocation-pa.googleapis.com
        IN A
        Response
        semanticlocation-pa.googleapis.com
        IN A
        142.250.180.10
        semanticlocation-pa.googleapis.com
        IN A
        142.250.187.202
        semanticlocation-pa.googleapis.com
        IN A
        172.217.16.234
        semanticlocation-pa.googleapis.com
        IN A
        216.58.212.234
        semanticlocation-pa.googleapis.com
        IN A
        142.250.187.234
        semanticlocation-pa.googleapis.com
        IN A
        142.250.200.10
        semanticlocation-pa.googleapis.com
        IN A
        142.250.178.10
        semanticlocation-pa.googleapis.com
        IN A
        172.217.169.10
        semanticlocation-pa.googleapis.com
        IN A
        216.58.201.106
        semanticlocation-pa.googleapis.com
        IN A
        216.58.204.74
        semanticlocation-pa.googleapis.com
        IN A
        216.58.213.10
        semanticlocation-pa.googleapis.com
        IN A
        142.250.179.234
        semanticlocation-pa.googleapis.com
        IN A
        142.250.200.42
      • flag-us
        DNS
        232.161.243.191.in-addr.arpa
        Remote address:
        1.1.1.1:53
        Request
        232.161.243.191.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        android.apis.google.com
        Remote address:
        1.1.1.1:53
        Request
        android.apis.google.com
        IN A
        Response
        android.apis.google.com
        IN CNAME
        clients.l.google.com
        clients.l.google.com
        IN A
        142.250.200.14
      • 191.243.161.232:5009
        28.2kB
         61.4kB
         45
        61
      • 142.250.200.46:443
        tls, https
        858 B
         40 B
         1
        1
      • 142.250.200.14:443
        android.apis.google.com
        tls
        4.7kB
         8.6kB
         14
        20
      • 224.0.0.251:5353
        3.7kB
         11
      • 1.1.1.1:53
        semanticlocation-pa.googleapis.com
        dns
        80 B
         288 B
         1
        1

        DNS Request

        semanticlocation-pa.googleapis.com

        DNS Response

        142.250.180.10
        142.250.187.202
        172.217.16.234
        216.58.212.234
        142.250.187.234
        142.250.200.10
        142.250.178.10
        172.217.169.10
        216.58.201.106
        216.58.204.74
        216.58.213.10
        142.250.179.234
        142.250.200.42

      • 1.1.1.1:53
        232.161.243.191.in-addr.arpa
        dns
        74 B
         134 B
         1
        1

        DNS Request

        232.161.243.191.in-addr.arpa

      • 1.1.1.1:53
        android.apis.google.com
        dns
        69 B
         109 B
         1
        1

        DNS Request

        android.apis.google.com

        DNS Response

        142.250.200.14

      MITRE ATT&CK Mobile v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /storage/emulated/0/AppData/meta_data0
        Filesize

        7KB

        MD5

        effbc10b41f027e5c2130835d524c99d

        SHA1

        affb65361d7a36d00e402ad869696578b5ac3259

        SHA256

        566fb91b6bf186c05c4ec051aa2e2802961cbb158df24a8fecaa0678febece84

        SHA512

        b2ddd0142a80663097e9b71d8d654d88382ef8f765c92f0c8fbf600f1174cb1b1e9e61088f954e609e6d2402fd4750b88945af7c1080018b991f2e6e6d9ad52a

        Download Submit

      • /storage/emulated/0/AppData/meta_data1
        Filesize

        4KB

        MD5

        3748dfbaeae0d43d38471f14e4321dcd

        SHA1

        a5a6dcb2e325479cb25a44cb66216e09a843666c

        SHA256

        4830f1d48d41c7725686901a2d4f93a8ea722f6160dfecc6815ac85598e361db

        SHA512

        bde4b86489abafb3a5aff955ce232367044b6fdf106ea02847c3dbd78e49a02dd7c63bf82c26a3b630962aad16a877ece85af74608909a37a89b0591e012625c

        Download Submit

      • /storage/emulated/0/AppData/meta_data1
        Filesize

        3KB

        MD5

        514d884ca8bb12d1b8f440f3e64c3f9f

        SHA1

        6242b72c85ce2a287e95fb2522afe1f559b277aa

        SHA256

        5a9b87d66daf4ad4791d980d9c3270c7806bc18c89e323472a500fb8ebfefc5e

        SHA512

        c18018ecb5742753f72dbe369c6f21b391b514a3d0dda2ef404cd53be299c42f3c774c7bec085d7c5713d42cf0fdb2f9e629d6cf5d635d3ca9271147e8420ac2

        Download Submit

      • /storage/emulated/0/AppData/meta_data2
        Filesize

        5KB

        MD5

        a6fcd52b6b66cecf6862b4f36341bc04

        SHA1

        8b21ceb4d264f40cf7da42ce630c991a0eea4090

        SHA256

        47bb8e56ea3c98e4a3a8b1e557e8b8d7683683e6657df223907b7c1ef085018f

        SHA512

        90ed714810ad62ef12e861506814f595db1c407aa5d2ee659e0bf5fb67cc1d8bcfc5bd776c82ea7fc0e6cdb21e25e4fc0399e90bfdf666a2296769bdfb0efce9

        Download Submit

      • /storage/emulated/0/AppData/meta_data2
        Filesize

        4KB

        MD5

        6b2bac966edac0048bac4336dd7ffdab

        SHA1

        4fa290b1ae3d09a70f29e05ac33701a937307a29

        SHA256

        9a0285c31c82617f5d5823210791ab57fa29c92ca8107b0fa0e7a7a35be96af8

        SHA512

        758a90200d4f08c263d52c931a2cdc9ce066d87c89f786e04b56cc90bdfce7918001db0349e7a037c5e79a7eeb9d3f6e43c661d37c0cdda43f7bf2853d63f4e2

        Download Submit

      • /storage/emulated/0/AppData/meta_data3
        Filesize

        28KB

        MD5

        458d9b8746910691b67826098a3aadde

        SHA1

        c12e70c872a435fc0077d4abd2f4bdff80576d57

        SHA256

        ef75d7f7c01e9cb9a48f38e08195e0597f751b0700fdd92c59113049a39682a8

        SHA512

        76c2107449a99f3f9ba69a9d4e39e58607e231fdc2e8daef7f8c3ab39d108f18d01a6eeaf7925581aa3f635fb75350209ca2c198db21fd6ca706457377cac76a

        Download Submit

      • /storage/emulated/0/AppData/meta_data4
        Filesize

        21KB

        MD5

        9c6503eafa45558f1eb5f125c542bb0f

        SHA1

        c8b67c7a056b96a7916fc97a597bff934e972fb0

        SHA256

        7406077989fdcda2109ab3e591efc15fabee97109355d94c09dbc0e951a191c4

        SHA512

        8234eab43a65e8714605541b3f970a4fc784b301e3c49a062d5f951a78135c98574d8c09419412187bcc4a5d8091d82889a4df7eb066db482a0fd87cfd36d0dc

        Download Submit

      • /storage/emulated/0/AppData/meta_data5
        Filesize

        7KB

        MD5

        1a26c5544e9f9f82b3c020c49162764a

        SHA1

        3689b5b26e85472785082c3f879da9bcbba22655

        SHA256

        d365285ec8822cc96ffa79d9596e03bb0fef3bcff4d2cf9b890340fec6458459

        SHA512

        d240e89ce386672b339d8c72b64bc41106b326b4d592ad2dd4aa3ac449a8e5d4930fb705d104f0ee8831ce188e54a644fbde0d3e2da1d788f83781bbb02a5f0f

        Download Submit

      • /storage/emulated/0/AppData/meta_data5
        Filesize

        9KB

        MD5

        29b80b15673d46bfda32d7beaf2457b6

        SHA1

        cda13c92638243b9116d3ddeb49c792a6b5369bd

        SHA256

        2b111730487405bef3ad063f3bad8bcbe409fac4ee00c08ce6122b27c6298254

        SHA512

        1810eeb08a7fc3be4ea0648aae082cea2bca5987972d65f82bd427025fe055c4c1942f2c045a9a95cbfaa60f64d436d6528337f34602c63362ed895c0d92210c

        Download Submit

      • /storage/emulated/0/AppData/meta_data6
        Filesize

        5KB

        MD5

        42602d32a96f59366c36ca9dac5ce28d

        SHA1

        9690c0c6510cb5c7be9182d41dad381a1262065b

        SHA256

        e15552b3ab0824370ff36e1ee461251d72fef39ab75722a56064259049370b3e

        SHA512

        ded18e20f4b4353ee5e65f96a0d8297dc1f7f5802a18332de7fa3aaf6f4cb9b81982cb266c6779e9b1c4791aaa4eb8e04e3214b792c0a98b69a41654158684bb

        Download Submit

      • /storage/emulated/0/AppData/meta_data6
        Filesize

        3KB

        MD5

        b0fb4b4b85453c7413ce34f558dde399

        SHA1

        e64d0e87b0baf84cc2c7e4c4dc1cfe8adcf9376f

        SHA256

        ad712097c583f970a7490dcd56f6c85fb3398dc6a5922b8477617fb741385eb0

        SHA512

        a02ddb7cccd7a820f059c9aa0869d1258d6cd4e1772dbda41d50c967f0da934223d304c4d4ec914b2dfc6b3fb0edbc40b45b2bce68915a312dc0140358dfd036

        Download Submit

      • /storage/emulated/0/AppData/meta_data7
        Filesize

        4KB

        MD5

        24187c8d4a921022947272a9803b3f41

        SHA1

        1620aadbdbcd4adebe67316e89e8c65d1f61b8c4

        SHA256

        5468034e8a0355df93f6b070a8025304900219588f6c946f4ad37ba5750a53c0

        SHA512

        aa1ecef797d063e091c0e149747f331b90051c007cedaee72407f0c533e25086f2a6bdcc3ea4a6686ca595ab9ef577ef11bcd14c0fc26daa5f8f76ab513a3978

        Download Submit

      • /storage/emulated/0/AppData/meta_data7
        Filesize

        3KB

        MD5

        36d7729b8cc8ace6afcc472b3f1220db

        SHA1

        3f1d7cb1dd721cad2cf955303872e3bec883968e

        SHA256

        58d71a9c91d09e4a5e3cbf4c543daf97e8f2ce31295efb6547d3eb535bd9a148

        SHA512

        e98135aee684654d62bccac9014d8d15b6d1cddcf303aef10c31d9352ed3fde35c922341ce5d7245e38d8d53c022ecb7953a59632873915af211df90784fa621

        Download Submit

      • /storage/emulated/0/Config/sys/apps/log/log-2024-11-07.txt
        Filesize

        13B

        MD5

        de2c41a51ee9246eb1708f65b511add0

        SHA1

        2f442d634c8a18760a232c8829d4b5d74a52f074

        SHA256

        ad2d914ca347cd1930e32f21c6d5448c34104bea181b93abc85ec518985653ab

        SHA512

        7cdfbd001594503644e9ed80ae852f90ef9e841a8382e2eec6979e149a2c400a3b83055d205b4d1d66e1600e5127482932d5127eb5800d35a4ee5673fe34d84a

        Download Submit

      • /storage/emulated/0/Config/sys/apps/log/log-2024-11-07.txt
        Filesize

        29B

        MD5

        56c4bf5e71d265a47ea3d08932f2a4fa

        SHA1

        ede5eaa4e5864ad90c5c5c3d8ff7b78c75d337d4

        SHA256

        fb6951fc96122cea09272da6676d80df0922ce9a047bfb349e8c7bf792e97755

        SHA512

        65472e667d165ba2ae96941dc40bd481345b9e1781f38ff05e5f3532dec31b32f1beab564afd22f1fe95bc29b0e8c33ea3a60f2fdf519bda3496d80ec9693c4a

        Download Submit

      • /storage/emulated/0/Config/sys/apps/log/log-2024-11-07.txt
        Filesize

        25B

        MD5

        bdb821a955117250611e94cd23842584

        SHA1

        81edcea1b44f94cfc140710c8410d0696b760c67

        SHA256

        076eb89055ff3d929eb732e1002a0105652e628682a741151388ce1df3b6ec9d

        SHA512

        e52ffed4ee84acc414c530c239c8876d9e99c1f2b2c7626c0ed7fbe0c59b9cb8f8a5e9e983541bea3dfdb849dd3b9593df054c2482ed8bcda7c70ebd960ca268

        Download Submit

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.