Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    47s
  • max time network
    141s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    10/01/2025, 03:54 UTC

General

  • Target

    be512e871fc1871314794ea0e83f70ebe6cd9e537883aca6ca41440b3032dbfc.apk

  • Size

    2.1MB

  • MD5

    546f45d13c9fec7c6f868758f698de38

  • SHA1

    8e7667971fd60f3973713f14ad12d809dbeb718f

  • SHA256

    be512e871fc1871314794ea0e83f70ebe6cd9e537883aca6ca41440b3032dbfc

  • SHA512

    1df39b5a44e7ba8f4c3adf75c399752d9d4e533d3d1dac7039b45bd48230c39f4e1024d4b356e1b05d8b901467690adb10582b740e7821eaad49b51bbeb480d9

  • SSDEEP

    49152:HVcdmzfrsVxjjx1Il4UwIfoCW6Zg28g00AD3Lt5nTKE0C:HJzfrsfjDUwIvW6l0tbtjl

Malware Config

Signatures

Processes

  • la.lasecurity.trbanking
    1⤵
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Performs UI accessibility actions on behalf of the user
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Checks CPU information
    • Checks memory information
    PID:4626

Network

  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.187.206
  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
    Response
    ssl.google-analytics.com
    IN A
    216.58.213.8
  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
  • flag-us
    DNS
    t.me
    Remote address:
    1.1.1.1:53
    Request
    t.me
    IN A
    Response
    t.me
    IN A
    149.154.167.99
  • flag-nl
    GET
    https://t.me/anbsh26
    Remote address:
    149.154.167.99:443
    Request
    GET /anbsh26 HTTP/2.0
    host: t.me
    accept-encoding: gzip
    user-agent: okhttp/4.10.0
    Response
    HTTP/2.0 200
    server: nginx/1.18.0
    date: Fri, 10 Jan 2025 03:55:04 GMT
    content-type: text/html; charset=utf-8
    content-length: 4463
    set-cookie: stel_ssid=31c0ef8e6d74cc490d_11370631715155154397; expires=Sat, 11 Jan 2025 03:55:04 GMT; path=/; samesite=None; secure; HttpOnly
    pragma: no-cache
    cache-control: no-store
    x-frame-options: ALLOW-FROM https://web.telegram.org
    content-security-policy: frame-ancestors https://web.telegram.org
    content-encoding: gzip
    strict-transport-security: max-age=35768000
  • flag-us
    DNS
    tonymayisayininfilancagunu.info
    Remote address:
    1.1.1.1:53
    Request
    tonymayisayininfilancagunu.info
    IN A
    Response
    tonymayisayininfilancagunu.info
    IN A
    172.67.138.198
    tonymayisayininfilancagunu.info
    IN A
    104.21.70.187
  • flag-us
    GET
    https://tonymayisayininfilancagunu.info/sk
    Remote address:
    172.67.138.198:443
    Request
    GET /sk HTTP/1.1
    Upgrade: websocket
    Connection: Upgrade
    Sec-WebSocket-Key: 4TNfnDvqp4pYhxGTjkUZmg==
    Sec-WebSocket-Version: 13
    Sec-WebSocket-Extensions: permessage-deflate
    Host: tonymayisayininfilancagunu.info
    Accept-Encoding: gzip
    User-Agent: okhttp/4.10.0
    Response
    HTTP/1.1 101 Switching Protocols
    Date: Fri, 10 Jan 2025 03:55:05 GMT
    Connection: upgrade
    upgrade: websocket
    sec-websocket-accept: MPG5jnDOzXyNxjdzC1I+8i9IcnU=
    cf-cache-status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kOHLmYsUza2RUFuSIgl2RfqNZYK9gpDWknG2c1PnObDwnRhnmhBMrvbWqgw1IU%2Fo9P3atFYTNBqd94Shn5tP6zvZEV1Do57MQgHmyIFYOm2DaZ0M4bVphvMvWarhwv8n6waafkuwFFJSHap8MLrScBiS"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8ff9babe3f1fecfd-LHR
    alt-svc: h3=":443"; ma=86400
    server-timing: cfL4;desc="?proto=TCP&rtt=47517&min_rtt=47397&rtt_var=13541&sent=6&recv=6&lost=0&retrans=0&sent_bytes=3170&recv_bytes=871&delivery_rate=84171&cwnd=252&unsent_bytes=0&cid=5789a6f9f8261c7b&ts=242&x=0"
  • 142.250.187.206:443
    tls, https
    1.5kB
    40 B
    1
    1
  • 142.250.187.206:443
    tls, https
    1.5kB
    40 B
    1
    1
  • 142.250.187.206:443
    android.apis.google.com
    tls
    4.9kB
    8.1kB
    22
    20
  • 216.58.213.8:443
    ssl.google-analytics.com
    tls
    1.5kB
    6.9kB
    11
    9
  • 149.154.167.99:443
    https://t.me/anbsh26
    tls, http2
    1.8kB
    12.2kB
    17
    19

    HTTP Request

    GET https://t.me/anbsh26

    HTTP Response

    200
  • 172.67.138.198:443
    https://tonymayisayininfilancagunu.info/sk
    tls, http
    4.2kB
    7.1kB
    28
    28

    HTTP Request

    GET https://tonymayisayininfilancagunu.info/sk

    HTTP Response

    101
  • 142.250.179.228:443
    tls, https
    937 B
    40 B
    3
    1
  • 142.250.179.228:443
    www.google.com
    tls
    13.8kB
    12.1kB
    30
    34
  • 224.0.0.251:5353
    3.7kB
    11
  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
    109 B
    1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.187.206

  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    140 B
    86 B
    2
    1

    DNS Request

    ssl.google-analytics.com

    DNS Request

    ssl.google-analytics.com

    DNS Response

    216.58.213.8

  • 1.1.1.1:53
    t.me
    dns
    50 B
    66 B
    1
    1

    DNS Request

    t.me

    DNS Response

    149.154.167.99

  • 1.1.1.1:53
    tonymayisayininfilancagunu.info
    dns
    77 B
    109 B
    1
    1

    DNS Request

    tonymayisayininfilancagunu.info

    DNS Response

    172.67.138.198
    104.21.70.187

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.