Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

20/11/2024, 10:40

241120-mqrkqavgja 10

12/10/2024, 22:03

241012-1yvt1atejh 10

General

  • Target

    437e9e03add8620bbaa60bafef93dd0c62a6c4897225431a4e36ad88baa9ea17.bin

  • Size

    4.3MB

  • Sample

    241120-mqrkqavgja

  • MD5

    48f932bb31e422704fd463f73cdad524

  • SHA1

    7e4b17021fe450b7b7eeae08b9988afb84bf9245

  • SHA256

    437e9e03add8620bbaa60bafef93dd0c62a6c4897225431a4e36ad88baa9ea17

  • SHA512

    e98433cc4d23155cc545a9370a84a18716c8d4da66d782837b5848e253a44e9098e20afbfba0904abd0aed48c4c4051c908790af73ebe42b603598364ef66813

  • SSDEEP

    98304:G9ax8Tx8QDAVQnxd11D6Yw9hEfA8iOahOYB+37C4lQT4q44YyBrMbCdiR:618QZnxleYw94AO7H7ZQTk4YyRUSu

Malware Config

Targets

    • Target

      437e9e03add8620bbaa60bafef93dd0c62a6c4897225431a4e36ad88baa9ea17.bin

    • Size

      4.3MB

    • MD5

      48f932bb31e422704fd463f73cdad524

    • SHA1

      7e4b17021fe450b7b7eeae08b9988afb84bf9245

    • SHA256

      437e9e03add8620bbaa60bafef93dd0c62a6c4897225431a4e36ad88baa9ea17

    • SHA512

      e98433cc4d23155cc545a9370a84a18716c8d4da66d782837b5848e253a44e9098e20afbfba0904abd0aed48c4c4051c908790af73ebe42b603598364ef66813

    • SSDEEP

      98304:G9ax8Tx8QDAVQnxd11D6Yw9hEfA8iOahOYB+37C4lQT4q44YyBrMbCdiR:618QZnxleYw94AO7H7ZQTk4YyRUSu

    • Android SoumniBot payload

    • SoumniBot

      SoumniBot is an Android banking trojan first seen in April 2024.

    • Soumnibot family

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries account information for other applications stored on the device

      Application may abuse the framework's APIs to collect account information stored on the device.

    • Queries the phone number (MSISDN for GSM devices)

    • Reads the contacts stored on the device.

    • Reads the content of photos stored on the user's device.

    • Reads the content of the MMS message.

    • Reads the content of the SMS messages.

    • Acquires the wake lock

    • Queries information about active data network

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Checks the presence of a debugger

MITRE ATT&CK Mobile v15

Tasks