Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

532232fb96...00.apk

android-9-x86

10

532232fb96...00.apk

android-10-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    08/11/2024, 22:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    532232fb96e9bcfe28456e5c8a9334ece123883c875306019699efce68c71900.apk

  • Size

    541KB

  • MD5

    467ebaebd4a7521494b71af941834f2b

  • SHA1

    354954c4a5f2655e418d46c7be58d1dd87016366

  • SHA256

    532232fb96e9bcfe28456e5c8a9334ece123883c875306019699efce68c71900

  • SHA512

    55e909f8e2bfd5650e3944ed4f3bc320e2c699cdcf80fa25e4a1df93b3d1a7a9833aba1cf1a94e50242f80d66e01427e9cd59ddb4a0c7ad013cf48c62d6b0566

  • SSDEEP

    12288:OrIF05sjAwlCPPetkOED6qJviOuffiaCUoL8Nz0lFk1xashEdqm48YZb:OLahlCH7OeviOuf6MoC4cxaBdqmzYR

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://213.109.202.154/MWMxNzg0YzJjZTVh/

https://yamacreklam232.net/MWMxNzg0YzJjZTVh/

https://y3macreklam232.net/MWMxNzg0YzJjZTVh/

https://y4macreklam232.net/MWMxNzg0YzJjZTVh/

https://y5macreklam232.net/MWMxNzg0YzJjZTVh/

https://y7macreklam232.net/MWMxNzg0YzJjZTVh/

https://y8macreklam232.net/MWMxNzg0YzJjZTVh/
rc4.plain

Extracted

Family

octo

C2

https://213.109.202.154/MWMxNzg0YzJjZTVh/

https://yamacreklam232.net/MWMxNzg0YzJjZTVh/

https://y3macreklam232.net/MWMxNzg0YzJjZTVh/

https://y4macreklam232.net/MWMxNzg0YzJjZTVh/

https://y5macreklam232.net/MWMxNzg0YzJjZTVh/

https://y7macreklam232.net/MWMxNzg0YzJjZTVh/

https://y8macreklam232.net/MWMxNzg0YzJjZTVh/
AES_key

Signatures

Processes

  • com.windspecial6
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:5055

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.windspecial6/cache/kurqfatg
    Filesize

    450KB

    MD5

    5808706f629e747ad9a2df9ada4b8893

    SHA1

    31e0e62ffb7da0a37002df34f422f38bc1c3a366

    SHA256

    aec9d784060c29065c9f354bb06e9752d39506c8b7d89c0600125013fe5e0efa

    SHA512

    2d5eab388c41c886cebbce058bb146c28f145212ccd241ae198022052d09667a5d564680f0c2efd4d1c0f41ac1de5afbd8fdd3211e3015d0eff328be59eb5c43

    Download Submit

  • /data/data/com.windspecial6/cache/oat/kurqfatg.cur.prof
    Filesize

    424B

    MD5

    dd4fbf1a499738928bdb28022936e390

    SHA1

    4cab444a4aebe24e350f3b22e0d34210cd5843a7

    SHA256

    0d22d8a9c7690375abb57a044ec6e98e13c4b56e58302cbd53a25347f1e5f3af

    SHA512

    2038d1fe063f255b720da87e87d5fc514799e8f7244aa47344346b16fe519dbf0c393a524fad43474bcf5e0a709b70d7461fb665f69dfd6e1e6e5d056c352a01

    Download Submit

  • /data/data/com.windspecial6/kl.txt
    Filesize

    28B

    MD5

    6311c3fd15588bb5c126e6c28ff5fffe

    SHA1

    ce81d136fce31779f4dd62e20bdaf99c91e2fc57

    SHA256

    8b82f6032e29a2b5c96031a3630fb6173d12ff0295bc20bb21b877d08f0812d8

    SHA512

    2975fe2e94b6a8adc9cfc1a865ad113772b54572883a537b02a16dd2d029c0f7d9cca3b154fd849bdfe978e18b396bcf9fa6e67e7c61f92bdc089a29a9c355c6

    Download Submit

  • /data/data/com.windspecial6/kl.txt
    Filesize

    235B

    MD5

    ea840614f31922b5a4d890f1fdf40b28

    SHA1

    127258082b1223c901fbc005db7cffbaaf40be41

    SHA256

    95514dd38a93350f2571a92a211ae577e05f3baacf0cbed57994e2aded6750b9

    SHA512

    e60b3b8a62302ff938a581eee503e52c888f12559f58713dd1b24210e0478d94e287d2e619f60fe574f0939807621a1ffbe518b440fe24e76076204687d7022b

    Download Submit

  • /data/data/com.windspecial6/kl.txt
    Filesize

    53B

    MD5

    dd4d8c2c599c6316b8997ae9e7254c39

    SHA1

    c58be8d020bdfde3aae6614d1d02fd6c42972951

    SHA256

    bda30085cc4a96069643144e624cc3fcf883395eda3fb836cc5af3bde5f4ed7e

    SHA512

    14baa5d729a64576e67ded58b8ba69c4ff9c6dd7a1f6a635ffc239b182b3181353be1ecbcbfe4d41097cc8cde2599db910f0d8d5e746ab8b1517d4cb85d161a3

    Download Submit

  • /data/data/com.windspecial6/kl.txt
    Filesize

    63B

    MD5

    dfc16954a1880a2aabefcfb236d33aef

    SHA1

    f32e6b314a079fc898c04e8e15256d4994c1460c

    SHA256

    cbe30b571e65342fb00bd422f076e170042b67465e9ec8cbce4dbb805f0d5af7

    SHA512

    fa79b5e9bc0cff4960b4f00129770fb85e8650ebc9b7798c069cbcf23da3940090eca94c260f98e5222b49b2baf28ccc4ceec90e343fe41c751966477b4e76c4

    Download Submit

  • /data/data/com.windspecial6/kl.txt
    Filesize

    433B

    MD5

    3434fc40a7cba529bd8f291cebc1abaa

    SHA1

    cbc6ad57ef898d91067fe21b52fbe6757cbd50ec

    SHA256

    a5b2e931ccc38ff3b18bd868cbac14d665bc6748cbc26eb8a521c4030fa55f16

    SHA512

    8cb8451c40adf09cdbe2d614edf082248344049541e33865adfaede6f6b9e12b29bc772a072fc811bf73a0efdba5b1d8640a3f16dc8e87a50493e5a7d9aaff8d

    Download Submit