Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

7e792ff227...a7.apk

android-9-x86

10

7e792ff227...a7.apk

android-10-x64

10

7e792ff227...a7.apk

android-11-x64

10

base.apk

android-9-x86

10

base.apk

android-10-x64

10

Analysis

  • max time kernel
    44s
  • max time network
    161s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    01/12/2024, 22:25 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    base.apk

  • Size

    7.9MB

  • MD5

    9b4bff2a39ecf16e27b0a072f48384ee

  • SHA1

    05ba498022cc77aa32cff8dcd5cc85b002ceedca

  • SHA256

    7de51c2775e3de444c5a12fcc1b92ba178e3205041c132fc4c47792252092a51

  • SHA512

    06ba420cf8779e11f72d57c774efe7f74012c4c1583946ae91fb16e8b21c3fd474d7ad073bf3ec7bb14534843ac4c81041bd3e74e8f3506b74e0c0e4fa0dc3af

  • SSDEEP

    98304:ECJIYdaOT0eY5iSRGd839J5FrRswXizj7qVKiQj1Qe35/Qcmc3:j7Ir5r5FrRZ2j7qUVjv/Q+3

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://156350786312d7feba2b1c9b7577097b.com

AES_key
1
66336331633134346632633034623135
AES_key
1
61636437613361626634666661306661

Signatures

Processes

  • com.ckservice74_access
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:5005

Network

  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
    Response
    ssl.google-analytics.com
    IN A
    172.217.169.40
  • flag-us
    DNS
    fc218b26ecc036dd530fe66b864602fa.info
    Remote address:
    1.1.1.1:53
    Request
    fc218b26ecc036dd530fe66b864602fa.info
    IN A
    Response
  • flag-us
    DNS
    156350786312d7feba2b1c9b7577097b.com
    Remote address:
    1.1.1.1:53
    Request
    156350786312d7feba2b1c9b7577097b.com
    IN A
    Response
    156350786312d7feba2b1c9b7577097b.com
    IN A
    45.77.249.79
    156350786312d7feba2b1c9b7577097b.com
    IN A
    104.131.68.180
    156350786312d7feba2b1c9b7577097b.com
    IN A
    178.62.201.34
  • flag-sg
    POST
    https://156350786312d7feba2b1c9b7577097b.com/
    Remote address:
    45.77.249.79:443
    Request
    POST / HTTP/2.0
    host: 156350786312d7feba2b1c9b7577097b.com
    cache-control: no-cache
    packets-sent: 8089956513
    content-type: application/octet-stream; charset=utf-8
    content-length: 8351
    accept-encoding: gzip
    user-agent: okhttp/4.12.0
    Response
    HTTP/2.0 200
    content-length: 0
    date: Sun, 01 Dec 2024 22:26:03 GMT
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.200.14
  • flag-sg
    POST
    https://156350786312d7feba2b1c9b7577097b.com/
    Remote address:
    45.77.249.79:443
    Request
    POST / HTTP/2.0
    host: 156350786312d7feba2b1c9b7577097b.com
    cache-control: no-cache
    packets-sent: 0407806513
    content-type: application/octet-stream; charset=utf-8
    content-length: 8351
    accept-encoding: gzip
    user-agent: okhttp/4.12.0
    Response
    HTTP/2.0 200
    content-length: 0
    date: Sun, 01 Dec 2024 22:26:16 GMT
  • flag-sg
    POST
    https://156350786312d7feba2b1c9b7577097b.com/
    Remote address:
    45.77.249.79:443
    Request
    POST / HTTP/2.0
    host: 156350786312d7feba2b1c9b7577097b.com
    cache-control: no-cache
    packets-sent: 0407806513
    content-type: application/octet-stream; charset=utf-8
    content-length: 8351
    accept-encoding: gzip
    user-agent: okhttp/4.12.0
    Response
    HTTP/2.0 200
    content-length: 0
    date: Sun, 01 Dec 2024 22:26:29 GMT
  • flag-us
    DNS
    www.google.com
    Remote address:
    1.1.1.1:53
    Request
    www.google.com
    IN A
    Response
    www.google.com
    IN A
    142.250.179.228
  • flag-us
    DNS
    g.tenor.com
    Remote address:
    1.1.1.1:53
    Request
    g.tenor.com
    IN A
    Response
    g.tenor.com
    IN CNAME
    tenor.googleapis.com
    tenor.googleapis.com
    IN A
    172.217.169.10
    tenor.googleapis.com
    IN A
    216.58.213.10
    tenor.googleapis.com
    IN A
    142.250.178.10
    tenor.googleapis.com
    IN A
    216.58.212.202
    tenor.googleapis.com
    IN A
    142.250.200.10
    tenor.googleapis.com
    IN A
    216.58.212.234
    tenor.googleapis.com
    IN A
    216.58.204.74
    tenor.googleapis.com
    IN A
    142.250.187.234
    tenor.googleapis.com
    IN A
    172.217.169.42
    tenor.googleapis.com
    IN A
    142.250.187.202
    tenor.googleapis.com
    IN A
    216.58.201.106
    tenor.googleapis.com
    IN A
    172.217.16.234
    tenor.googleapis.com
    IN A
    142.250.180.10
    tenor.googleapis.com
    IN A
    142.250.200.42
    tenor.googleapis.com
    IN A
    172.217.169.74
    tenor.googleapis.com
    IN A
    142.250.179.234
  • flag-us
    DNS
    accounts.google.com
    Remote address:
    1.1.1.1:53
    Request
    accounts.google.com
    IN A
    Response
    accounts.google.com
    IN A
    64.233.184.84
  • flag-us
    DNS
    accounts.google.com
    Remote address:
    1.1.1.1:53
    Request
    accounts.google.com
    IN A
    Response
    accounts.google.com
    IN A
    74.125.133.84
  • flag-us
    DNS
    semanticlocation-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    semanticlocation-pa.googleapis.com
    IN A
    Response
    semanticlocation-pa.googleapis.com
    IN A
    142.250.179.234
    semanticlocation-pa.googleapis.com
    IN A
    142.250.180.10
    semanticlocation-pa.googleapis.com
    IN A
    142.250.187.202
    semanticlocation-pa.googleapis.com
    IN A
    142.250.187.234
    semanticlocation-pa.googleapis.com
    IN A
    216.58.213.10
    semanticlocation-pa.googleapis.com
    IN A
    142.250.178.10
    semanticlocation-pa.googleapis.com
    IN A
    142.250.200.42
    semanticlocation-pa.googleapis.com
    IN A
    142.250.200.10
    semanticlocation-pa.googleapis.com
    IN A
    172.217.169.42
    semanticlocation-pa.googleapis.com
    IN A
    216.58.204.74
    semanticlocation-pa.googleapis.com
    IN A
    216.58.212.234
    semanticlocation-pa.googleapis.com
    IN A
    172.217.16.234
    semanticlocation-pa.googleapis.com
    IN A
    216.58.201.106
    semanticlocation-pa.googleapis.com
    IN A
    216.58.212.202
  • 172.217.169.40:443
    ssl.google-analytics.com
    tls
    1.5kB
     6.3kB
     12
    10
  • 45.77.249.79:443
    https://156350786312d7feba2b1c9b7577097b.com/
    tls, http2
    10.1kB
     2.2kB
     15
    20

    HTTP Request

    POST https://156350786312d7feba2b1c9b7577097b.com/

    HTTP Response

    200
  • 142.250.179.238:443
    tls, https
    857 B
     40 B
     1
    1
  • 142.250.200.14:443
    android.apis.google.com
    tls
    2.9kB
     6.8kB
     13
    15
  • 45.77.249.79:443
    https://156350786312d7feba2b1c9b7577097b.com/
    tls, http2
    10.1kB
     2.2kB
     16
    19

    HTTP Request

    POST https://156350786312d7feba2b1c9b7577097b.com/

    HTTP Response

    200
  • 45.77.249.79:443
    https://156350786312d7feba2b1c9b7577097b.com/
    tls, http2
    10.1kB
     2.1kB
     15
    18

    HTTP Request

    POST https://156350786312d7feba2b1c9b7577097b.com/

    HTTP Response

    200
  • 216.58.201.98:443
    520 B
     10
  • 172.217.169.46:443
    520 B
     10
  • 142.250.180.4:443
    520 B
     10
  • 142.250.178.3:443
    520 B
     10
  • 142.250.110.188:5228
    468 B
     9
  • 216.239.32.223:443
    520 B
     10
  • 216.239.32.223:443
    520 B
     10
  • 142.250.179.228:443
    www.google.com
    tls
    10.1kB
     13.9kB
     36
    52
  • 142.250.200.14:443
    android.apis.google.com
    tls
    2.8kB
     6.9kB
     10
    15
  • 74.125.133.84:443
    accounts.google.com
    tls
    1.9kB
     7.3kB
     15
    14
  • 142.250.179.234:443
    semanticlocation-pa.googleapis.com
    tls
    1.7kB
     5.9kB
     10
    11
  • 45.77.249.79:443
    156350786312d7feba2b1c9b7577097b.com
    tls
    10.2kB
     2.2kB
     16
    19
  • 45.77.249.79:443
    156350786312d7feba2b1c9b7577097b.com
    tls
    10.1kB
     2.3kB
     15
    21
  • 45.77.249.79:443
    156350786312d7feba2b1c9b7577097b.com
    tls
    10.2kB
     2.3kB
     16
    22
  • 45.77.249.79:443
    156350786312d7feba2b1c9b7577097b.com
    tls
    10.2kB
     2.4kB
     16
    23
  • 45.77.249.79:443
    156350786312d7feba2b1c9b7577097b.com
    tls
    10.1kB
     2.2kB
     15
    20
  • 45.77.249.79:443
    156350786312d7feba2b1c9b7577097b.com
    tls
    10.2kB
     2.2kB
     16
    20
  • 45.77.249.79:443
    156350786312d7feba2b1c9b7577097b.com
    tls
    10.1kB
     2.3kB
     15
    22
  • 45.77.249.79:443
    156350786312d7feba2b1c9b7577097b.com
    tls
    681 B
     1.0kB
     3
    3
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    70 B
     86 B
     1
    1

    DNS Request

    ssl.google-analytics.com

    DNS Response

    172.217.169.40

  • 1.1.1.1:53
    fc218b26ecc036dd530fe66b864602fa.info
    dns
    83 B
     162 B
     1
    1

    DNS Request

    fc218b26ecc036dd530fe66b864602fa.info

  • 1.1.1.1:53
    156350786312d7feba2b1c9b7577097b.com
    dns
    82 B
     130 B
     1
    1

    DNS Request

    156350786312d7feba2b1c9b7577097b.com

    DNS Response

    45.77.249.79
    104.131.68.180
    178.62.201.34

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.200.14

  • 1.1.1.1:53
    www.google.com
    dns
    60 B
     76 B
     1
    1

    DNS Request

    www.google.com

    DNS Response

    142.250.179.228

  • 1.1.1.1:53
    g.tenor.com
    dns
    57 B
     344 B
     1
    1

    DNS Request

    g.tenor.com

    DNS Response

    172.217.169.10
    216.58.213.10
    142.250.178.10
    216.58.212.202
    142.250.200.10
    216.58.212.234
    216.58.204.74
    142.250.187.234
    172.217.169.42
    142.250.187.202
    216.58.201.106
    172.217.16.234
    142.250.180.10
    142.250.200.42
    172.217.169.74
    142.250.179.234

  • 1.1.1.1:53
    accounts.google.com
    dns
    65 B
     81 B
     1
    1

    DNS Request

    accounts.google.com

    DNS Response

    64.233.184.84

  • 1.1.1.1:53
    accounts.google.com
    dns
    65 B
     81 B
     1
    1

    DNS Request

    accounts.google.com

    DNS Response

    74.125.133.84

  • 1.1.1.1:53
    semanticlocation-pa.googleapis.com
    dns
    80 B
     304 B
     1
    1

    DNS Request

    semanticlocation-pa.googleapis.com

    DNS Response

    142.250.179.234
    142.250.180.10
    142.250.187.202
    142.250.187.234
    216.58.213.10
    142.250.178.10
    142.250.200.42
    142.250.200.10
    172.217.169.42
    216.58.204.74
    216.58.212.234
    172.217.16.234
    216.58.201.106
    216.58.212.202

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.ckservice74_access/.global.com.ckservice74_access
    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

    Download Submit

  • /data/data/com.ckservice74_access/app_village/erLYgyN.json
    Filesize

    1016B

    MD5

    b9f2667d60e0ff924be4d7a8c00f38ae

    SHA1

    54efeebc7f3e87bbb7d94da31aef9cf58f397045

    SHA256

    253a6a55480343d24230113512b99d7c6321a11c1d2043d4a06a7b69b841bd6b

    SHA512

    5dd89323edd89c051259fa42a8a277fab78683a5a87456b2e9881f2fdcc165ffddb5fdcf0b3e1a6c46f55d2cd6893d926ea5dc5dd4793053b4333bf5a98ab80a

    Download Submit

  • /data/data/com.ckservice74_access/app_village/erLYgyN.json
    Filesize

    1016B

    MD5

    7f8db5e827c319f55b2692240fc2a920

    SHA1

    a0bbd3c0b5223801e96bc88f74a191a16c53882f

    SHA256

    e33ff6b08c970b6f85e3c0e764195e8e68f6f5fa81de6f72c02a8e1c2b376389

    SHA512

    bc71d1ff3d795a9f27223bca51393b8564c67162af5b0449ad6a48c22856faa88ad8806eeba96d7eb1b4f892ce629345cf4ea3cf49322cc86b5564b932d84fd9

    Download Submit

  • /data/data/com.ckservice74_access/files/.p
    Filesize

    322KB

    MD5

    77dc50489b9323274732d27dc8a4e803

    SHA1

    0e02a3595b62489d0739d771881da8604d117c65

    SHA256

    c5684e792d1ebefea6aac09fed45911703fd58c899f8a08133d49dd91429a820

    SHA512

    0684a92f3e9c525384cfa53f531afba61e5930e1c27032a7e27e3315f72761b62e122dc34768d8162ba08f9bed53d148aa8dc034b46456bdd211f230637eba58

    Download Submit

  • /data/data/com.ckservice74_access/oat/x86_64/Anonymous-DexFile@813651493.vdex
    Filesize

    299B

    MD5

    76e917ddbba414caa9972ba1ceaba9c5

    SHA1

    31e7b05596d3f21a839a3bd02e18e3aa37e688da

    SHA256

    fc2c861c1f3e1b9d3b8621d2ab08d2a112c7b87c7a66c15e1858ef924419e6f2

    SHA512

    6b6640cebccdf215c3499138b6236aa3302dfe88aabaaeea3ea200178f96c9480ce088b822f164154d0d1d4db5e89f01061296da301331946b378edd350ee8f1

    Download Submit

  • /data/user/0/com.ckservice74_access/Anonymous-DexFile@813651493.jar
    Filesize

    525KB

    MD5

    84ec3d750815bdd25a99df5c8af0549f

    SHA1

    bbed13cece979438f26695ae55b74321a91b653f

    SHA256

    9e1c828daee14326d29814bee4ff6ac0f8c356137239245590f415eba536f7e4

    SHA512

    0f1f4f0fb054d13e394811738740623fbcda78a3dff6d772a42533f2d6367087c2acbbb0b5dc6d3004eaf8f26b38f858d57a3475ed3a373ae30f6168fd62eba9

    Download Submit

  • /data/user/0/com.ckservice74_access/app_village/erLYgyN.json
    Filesize

    1KB

    MD5

    1f4c4d517b3b589cd240752e494f4298

    SHA1

    c5726c9cbd7095d77824f16ffaf52fd3df074627

    SHA256

    125862702261cbcbcdfdb65acdffb9b1deab83e7592dded13f8aa49150218689

    SHA512

    ee97e6263b377c07588359cc5b6b47827cafdac19f05cc3b587158ca2dd8470b7ca7c11fdc73e54e76a351e88400981f1b4b09bf2f8346d89bec5d1d23d4d357

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.