Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

094bd054f9...7d.apk

android-9-x86

10

094bd054f9...7d.apk

android-13-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    136s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    17/12/2024, 22:12 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    094bd054f9bd13ece421402bb500b7b5cd461b800a47c1de10390d933567217d.apk

  • Size

    321KB

  • MD5

    02db11799e8e407606298584c1f29ec4

  • SHA1

    bc8ccf1d440ac6a02d63d1147237311d9c1f1e80

  • SHA256

    094bd054f9bd13ece421402bb500b7b5cd461b800a47c1de10390d933567217d

  • SHA512

    d8330da7d76acfd7f671fa4545e8fbb5dff8f0528c90fca58e2617c424074f03ffbf26e6e052d775884f16317658df1ee02afa49a7a1f843fee1c5194c20eb2a

  • SSDEEP

    6144:KdzY4GCnYbBiHHDU62Cd0SCrWAyWj6Rg0OaaNUurty/EuG4m:KpYCYtuHDU62Cd0BkLg07aNVtOna

Score
10/10
octobankercollectioncredential_accessdiscoveryevasionimpactinfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

octo

C2

https://fakalersokakkal.xyz/M2I2ZjI1MzMxMmMx/

https://sarocakasaxe.xyz/M2I2ZjI1MzMxMmMx/

https://saxamaszuseko.xyz/M2I2ZjI1MzMxMmMx/

https://rasfakstumahoxexe.xyz/M2I2ZjI1MzMxMmMx/

https://sadasurapsomyivano.xyz/M2I2ZjI1MzMxMmMx/

https://yasasananas.xyz/M2I2ZjI1MzMxMmMx/

https://rasddassadazexe.xyz/M2I2ZjI1MzMxMmMx/

https://trasafsakaasassuheno.xyz/M2I2ZjI1MzMxMmMx/

https://zalizadsasasa2a.xyz/M2I2ZjI1MzMxMmMx/
AES_key
1
3534353639643261616165373137363333356136376266373265383637333666

Signatures

Processes

  • com.nameown12
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests modifying system settings.
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4257

Network

  • flag-us
    DNS
    semanticlocation-pa.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    semanticlocation-pa.googleapis.com
    IN A
    Response
    semanticlocation-pa.googleapis.com
    IN A
    172.217.169.10
    semanticlocation-pa.googleapis.com
    IN A
    142.250.200.42
    semanticlocation-pa.googleapis.com
    IN A
    216.58.201.106
    semanticlocation-pa.googleapis.com
    IN A
    216.58.212.202
    semanticlocation-pa.googleapis.com
    IN A
    142.250.180.10
    semanticlocation-pa.googleapis.com
    IN A
    216.58.204.74
    semanticlocation-pa.googleapis.com
    IN A
    142.250.187.234
    semanticlocation-pa.googleapis.com
    IN A
    142.250.179.234
    semanticlocation-pa.googleapis.com
    IN A
    172.217.169.74
    semanticlocation-pa.googleapis.com
    IN A
    172.217.169.42
    semanticlocation-pa.googleapis.com
    IN A
    142.250.178.10
    semanticlocation-pa.googleapis.com
    IN A
    216.58.212.234
    semanticlocation-pa.googleapis.com
    IN A
    172.217.16.234
    semanticlocation-pa.googleapis.com
    IN A
    216.58.213.10
    semanticlocation-pa.googleapis.com
    IN A
    142.250.200.10
    semanticlocation-pa.googleapis.com
    IN A
    142.250.187.202
  • flag-us
    DNS
    sarocakasaxe.xyz
    Remote address:
    1.1.1.1:53
    Request
    sarocakasaxe.xyz
    IN A
    Response
  • flag-us
    DNS
    rasfakstumahoxexe.xyz
    Remote address:
    1.1.1.1:53
    Request
    rasfakstumahoxexe.xyz
    IN A
    Response
  • flag-us
    DNS
    www.ip-api.com
    Remote address:
    1.1.1.1:53
    Request
    www.ip-api.com
    IN A
    Response
    www.ip-api.com
    IN A
    208.95.112.1
  • flag-us
    DNS
    yasasananas.xyz
    Remote address:
    1.1.1.1:53
    Request
    yasasananas.xyz
    IN A
    Response
  • flag-us
    GET
    http://www.ip-api.com/json
    Remote address:
    208.95.112.1:80
    Request
    GET /json HTTP/1.1
    Host: www.ip-api.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Tue, 17 Dec 2024 22:13:26 GMT
    Content-Type: application/json; charset=utf-8
    Content-Length: 291
    Access-Control-Allow-Origin: *
    X-Ttl: 13
    X-Rl: 39
  • flag-us
    DNS
    rasddassadazexe.xyz
    Remote address:
    1.1.1.1:53
    Request
    rasddassadazexe.xyz
    IN A
    Response
  • flag-us
    DNS
    saxamaszuseko.xyz
    Remote address:
    1.1.1.1:53
    Request
    saxamaszuseko.xyz
    IN A
    Response
  • flag-us
    DNS
    zalizadsasasa2a.xyz
    Remote address:
    1.1.1.1:53
    Request
    zalizadsasasa2a.xyz
    IN A
    Response
  • flag-us
    DNS
    trasafsakaasassuheno.xyz
    Remote address:
    1.1.1.1:53
    Request
    trasafsakaasassuheno.xyz
    IN A
    Response
  • flag-us
    DNS
    fakalersokakkal.xyz
    Remote address:
    1.1.1.1:53
    Request
    fakalersokakkal.xyz
    IN A
    Response
  • flag-us
    DNS
    sadasurapsomyivano.xyz
    Remote address:
    1.1.1.1:53
    Request
    sadasurapsomyivano.xyz
    IN A
    Response
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.187.238
  • 142.250.200.42:443
    tls, https
    202 B
     40 B
     1
    1
  • 208.95.112.1:80
    http://www.ip-api.com/json
    http
    328 B
     600 B
     6
    3

    HTTP Request

    GET http://www.ip-api.com/json

    HTTP Response

    200
  • 216.58.204.78:443
    tls, https
    858 B
     40 B
     1
    1
  • 142.250.187.238:443
    android.apis.google.com
    tls
    4.7kB
     8.5kB
     14
    22
  • 172.217.169.10:443
    semanticlocation-pa.googleapis.com
    tls
    1.8kB
     5.9kB
     12
    10
  • 142.250.179.234:443
    semanticlocation-pa.googleapis.com
    tls, https
    1.2kB
     40 B
     1
    1
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    semanticlocation-pa.googleapis.com
    dns
    80 B
     336 B
     1
    1

    DNS Request

    semanticlocation-pa.googleapis.com

    DNS Response

    172.217.169.10
    142.250.200.42
    216.58.201.106
    216.58.212.202
    142.250.180.10
    216.58.204.74
    142.250.187.234
    142.250.179.234
    172.217.169.74
    172.217.169.42
    142.250.178.10
    216.58.212.234
    172.217.16.234
    216.58.213.10
    142.250.200.10
    142.250.187.202

  • 1.1.1.1:53
    sarocakasaxe.xyz
    dns
    62 B
     127 B
     1
    1

    DNS Request

    sarocakasaxe.xyz

  • 1.1.1.1:53
    rasfakstumahoxexe.xyz
    dns
    67 B
     132 B
     1
    1

    DNS Request

    rasfakstumahoxexe.xyz

  • 1.1.1.1:53
    www.ip-api.com
    dns
    60 B
     76 B
     1
    1

    DNS Request

    www.ip-api.com

    DNS Response

    208.95.112.1

  • 1.1.1.1:53
    yasasananas.xyz
    dns
    61 B
     126 B
     1
    1

    DNS Request

    yasasananas.xyz

  • 1.1.1.1:53
    rasddassadazexe.xyz
    dns
    65 B
     130 B
     1
    1

    DNS Request

    rasddassadazexe.xyz

  • 1.1.1.1:53
    saxamaszuseko.xyz
    dns
    63 B
     128 B
     1
    1

    DNS Request

    saxamaszuseko.xyz

  • 1.1.1.1:53
    zalizadsasasa2a.xyz
    dns
    65 B
     130 B
     1
    1

    DNS Request

    zalizadsasasa2a.xyz

  • 1.1.1.1:53
    trasafsakaasassuheno.xyz
    dns
    70 B
     135 B
     1
    1

    DNS Request

    trasafsakaasassuheno.xyz

  • 1.1.1.1:53
    fakalersokakkal.xyz
    dns
    65 B
     130 B
     1
    1

    DNS Request

    fakalersokakkal.xyz

  • 1.1.1.1:53
    sadasurapsomyivano.xyz
    dns
    68 B
     133 B
     1
    1

    DNS Request

    sadasurapsomyivano.xyz

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.187.238

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

1
T1541

Hide Artifacts

2
T1628

Suppress Application Icon

1
T1628.001

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Credential Access

Access Notifications

1
T1517

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Network Configuration Discovery

4
T1422

Lateral Movement

Collection

Access Notifications

1
T1517

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.