Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

20a567a487...23.apk

android-9-x86

8

20a567a487...23.apk

android-11-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20a567a487c0f14bef235ee94c363bcdffc79dce6b82e3ed73e0455d2dc51a23.apk

  • Size

    2.9MB

  • Sample

    250107-ckb8qs1mbn

  • MD5

    cfc62e2d95de52f92299675c70ddc9fc

  • SHA1

    d07d2a50b5cc4dd449825b497cec45b3c0c80908

  • SHA256

    20a567a487c0f14bef235ee94c363bcdffc79dce6b82e3ed73e0455d2dc51a23

  • SHA512

    6a0185e9d4bba7bfe77de6fb2f951d454f89c34a615bcad05a9b297544c2eb071532df7d7eb9d307a65355b8c7c42f148c4f07bd98654fd4569423210b1a7dca

  • SSDEEP

    49152:jDxlyUV5Py/PYyg9Kqy6pIBlFROvqYDoQHwuA1UA7vb3+ez9TJVp8gKSlbc:CUV5aNpLyvqYDoQHwXvbuez9l8gKuc

Score
10/10
hermitandroidbankercollectiondiscoveryevasionpersistencestealthtrojan

Malware Config

Targets

    • Target

      20a567a487c0f14bef235ee94c363bcdffc79dce6b82e3ed73e0455d2dc51a23.apk

    • Size

      2.9MB

    • MD5

      cfc62e2d95de52f92299675c70ddc9fc

    • SHA1

      d07d2a50b5cc4dd449825b497cec45b3c0c80908

    • SHA256

      20a567a487c0f14bef235ee94c363bcdffc79dce6b82e3ed73e0455d2dc51a23

    • SHA512

      6a0185e9d4bba7bfe77de6fb2f951d454f89c34a615bcad05a9b297544c2eb071532df7d7eb9d307a65355b8c7c42f148c4f07bd98654fd4569423210b1a7dca

    • SSDEEP

      49152:jDxlyUV5Py/PYyg9Kqy6pIBlFROvqYDoQHwuA1UA7vb3+ez9TJVp8gKSlbc:CUV5aNpLyvqYDoQHwXvbuez9l8gKuc

    Score
    8/10
    bankercollectiondiscoveryevasionpersistencestealthtrojan

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Requests cell location

      Uses Android APIs to to get current cell location.

      collectiondiscoveryevasion

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Queries information about active data network

      discovery

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Reads information about phone network operator.

      discovery

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion
    behavioral1behavioral2

MITRE ATT&CK Mobile v15

Tasks