Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    143s
  • max time network
    155s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    07/01/2025, 02:07

General

  • Target

    20a567a487c0f14bef235ee94c363bcdffc79dce6b82e3ed73e0455d2dc51a23.apk

  • Size

    2.9MB

  • MD5

    cfc62e2d95de52f92299675c70ddc9fc

  • SHA1

    d07d2a50b5cc4dd449825b497cec45b3c0c80908

  • SHA256

    20a567a487c0f14bef235ee94c363bcdffc79dce6b82e3ed73e0455d2dc51a23

  • SHA512

    6a0185e9d4bba7bfe77de6fb2f951d454f89c34a615bcad05a9b297544c2eb071532df7d7eb9d307a65355b8c7c42f148c4f07bd98654fd4569423210b1a7dca

  • SSDEEP

    49152:jDxlyUV5Py/PYyg9Kqy6pIBlFROvqYDoQHwuA1UA7vb3+ez9TJVp8gKSlbc:CUV5aNpLyvqYDoQHwXvbuez9l8gKuc

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Reads information about phone network operator. 1 TTPs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

Processes

  • com.tencent.mobileqq
    1⤵
    • Queries information about running processes on the device
    • Requests cell location
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4519

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.tencent.mobileqq/databases/com.google.android.datatransport.events

    Filesize

    40KB

    MD5

    1cf3f63c021d755a21623e6d0e86dbc6

    SHA1

    e40e0f1faa61abcca7ba3394c54c92ff7334b49b

    SHA256

    100c67650ba652d547d8a1128edc550a8e95541a1d9268a199d1b924294d0895

    SHA512

    38d72e14f3513ffd26989cbda3df46ed3dd6e731bdfae56440eff6b64760cc13f91014281c9add61e018fe3529e49c63a6892ca22479515816c768b546244466

  • /data/user/0/com.tencent.mobileqq/databases/com.google.android.datatransport.events-journal

    Filesize

    512B

    MD5

    0180e45dd72c3b695a8e2c111eab28df

    SHA1

    127ab7878cd87617e83d79258ba4d88a5f68c90d

    SHA256

    ba9dea5e955fa5de808d1debec9661e27ad33a5826032a6bcec4093d86f75a23

    SHA512

    35bf72dcbe76edee25d4c60d4ff0e3e47763f341bf76f3137cde0080ff4cb57f1ab47a010cc2603306de956b32e58ee0f65c35ad00f92f2b1bb9e3cd546f0794

  • /data/user/0/com.tencent.mobileqq/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    7300282e5b92bc04ca873816d3481662

    SHA1

    1c24353d454f580379ba5b26a1d18fb7a1c6c6d7

    SHA256

    a0cbd7681b3d2dee2d9e598b0f23dd54e3d00acf93abb301eb1f7774bc5d201a

    SHA512

    d57243d3618a7a47d0c247e11db8ca78b0dc534ce16830d973b7b42d6c0cd7a99c065e0d7a20165ba21451f9974ea9ab14cbcc0d35a5fe6bc6eb529bf2455626

  • /data/user/0/com.tencent.mobileqq/databases/com.google.android.datatransport.events-journal

    Filesize

    8KB

    MD5

    8c36ecf0b5f7673fb2701293b02c10d9

    SHA1

    4500c793b0852e896f90b3efdf2b40bf06384efb

    SHA256

    2b86cd4feba09cfbeaf26b87e249a5f9b4c8e86801c25a254c93e82d08e4fd79

    SHA512

    86c8fbab58dac2c46e3d2993b455e4c38cdbe4aaf61dc20e4097fed2c1c757366f36f664fa95059a48e65bd2b9bc5660f4c49028e9bb9cc44a1cfb8e3fb3c5c6

  • /data/user/0/com.tencent.mobileqq/files/PersistedInstallation4625488717758105300tmp

    Filesize

    114B

    MD5

    551aab6eb91a05acdd77861732bdf60c

    SHA1

    0bdb10270e93bd66c7239b92faa0b24d23099257

    SHA256

    bd4b260f44e08d464039f89bcc77d041393e46edd1484d94a4e6160ff6780d63

    SHA512

    19be9efb077fe2664b70b6d0ebb96ca4126131d46b78be74a178265555efb0134ab5ce64e92df939092f756a3d9dd8356a38e0516e99e979582e665f2587269c

  • /data/user/0/com.tencent.mobileqq/files/PersistedInstallation4964977800110927610tmp

    Filesize

    90B

    MD5

    856e65db37dae1d519bf2ec3af2db4e9

    SHA1

    c981a281b5b4f99b4dd19fa8a82defe8c67f259e

    SHA256

    18634e8e91660a1db3f0b31aca14213669ff7351983ae7816e3285e3871c93f5

    SHA512

    253a0207d790ee4ef0cda4fca5e98fbec6379e6864a84fae6fffd42e60fd1068be7bf3ad459895451333ec971a56b414621b7058ca8e9a60c1f16123c9f4422c