Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    16/12/2024, 22:08

General

  • Target

    7d70450a895147e49d12fd4f7017c016d145b852966d8dab151738bdbe5a0164.apk

  • Size

    4.8MB

  • MD5

    77ead137753adb31c0a047d77638b818

  • SHA1

    296d1258f52975fc73ec32a28b44378d13702742

  • SHA256

    7d70450a895147e49d12fd4f7017c016d145b852966d8dab151738bdbe5a0164

  • SHA512

    78a395ff4df3b5b080db68a2f2d94d6d442a312d440338e5444dad3473246023dc56cd726ef1571c70739b8855b595b43934d1173efa73900e5e675324c2de95

  • SSDEEP

    49152:PRsEXtEbRTmKms3XUt45iS7xrGiQE1rfpjVKSceOTQBeghG8Wnk0ESrPh:PRsh9Tmjs3Xl5iSRGmRVKLyovnknSh

Malware Config

Extracted

Family

octo

C2

https://b52747db136759d3a2c076344fe27f68.shop

Attributes
  • target_apps

    at.spardat.bcrmobile

    at.spardat.netbanking

    com.bankaustria.android.olb

    com.bmo.mobile

    com.infinigru.police.phishingeyes

    com.cibc.android.mobi

    com.estsoft.alyac

    com.ahnlab.v3mobilesecurity.soda

    com.rbc.mobile.android

    com.scotiabank.mobile

    com.td

    cz.airbank.android

    eu.inmite.prj.kb.mobilbank

    com.bankinter.launcher

    com.kutxabank.android

    com.rsi

    com.tecnocom.cajalaboral

    es.bancopopular.nbmpopular

    es.evobanco.bancamovil

    es.lacaixa.mobile.android.newwapicon

    com.dbs.hk.dbsmbanking

    com.FubonMobileClient

    com.hangseng.rbmobile

    com.MobileTreeApp

    com.mtel.androidbea

    com.scb.breezebanking.hk

    hk.com.hsbc.hsbchkmobilebanking

    com.aff.otpdirekt

    com.ideomobile.hapoalim

    com.infrasofttech.indianBank

AES_key
AES_key
AES_key
AES_key
AES_key
AES_key
AES_key
AES_key
AES_key
AES_key
AES_key
AES_key
AES_key
AES_key

Signatures

Processes

  • com.ajstar71providerssmart
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries the mobile country code (MCC)
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4222

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.ajstar71providerssmart/.global.com.ajstar71providerssmart

    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

  • /data/data/com.ajstar71providerssmart/files/.m

    Filesize

    307KB

    MD5

    4e73947cabb5db3f92ca85004981b754

    SHA1

    6d9667fdb0280ed2dcb782b4683e422a51bdc601

    SHA256

    6db94232e756b90ed437f1bc87dc38cf20fb2e7c7a19a5e40c6c17254b7e234c

    SHA512

    be8b500a7070af1dfb53b0cf1a7b327dadc4e163a6dad905496ac228c58cd1ed87b054533917924455d35e9b300683ae33e1bcdd91935a5dbae1d693c3e13d69

  • Anonymous-DexFile@0xc7d78000-0xc7dfbba0

    Filesize

    526KB

    MD5

    b5f04762c6592c5b7975a5e0acdd7aa7

    SHA1

    504b8c1d9b3f7acc247a707f7f31eaed8d4b5f4d

    SHA256

    515497f6df8d7e14844c72d28426f8b1dfd82d960edeb522da94aa6bbb526bdf

    SHA512

    da3089eb2a6121f4dc8f3b24d02dd8c5147b74de6c7193a5f6d6f61ce84637e5618f007b818fe9f52039ac54eea4d15fe1839934d39a3408bed97d2814a706f6