Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

be512e871f...fc.apk

android-9-x86

7

be512e871f...fc.apk

android-10-x64

7

be512e871f...fc.apk

android-11-x64

7

Analysis

  • max time kernel
    47s
  • max time network
    141s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    10/01/2025, 03:54 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    be512e871fc1871314794ea0e83f70ebe6cd9e537883aca6ca41440b3032dbfc.apk

  • Size

    2.1MB

  • MD5

    546f45d13c9fec7c6f868758f698de38

  • SHA1

    8e7667971fd60f3973713f14ad12d809dbeb718f

  • SHA256

    be512e871fc1871314794ea0e83f70ebe6cd9e537883aca6ca41440b3032dbfc

  • SHA512

    1df39b5a44e7ba8f4c3adf75c399752d9d4e533d3d1dac7039b45bd48230c39f4e1024d4b356e1b05d8b901467690adb10582b740e7821eaad49b51bbeb480d9

  • SSDEEP

    49152:HVcdmzfrsVxjjx1Il4UwIfoCW6Zg28g00AD3Lt5nTKE0C:HJzfrsfjDUwIvW6l0tbtjl

Score
7/10
bankercollectioncredential_accessdiscoveryevasionimpact

Malware Config

Signatures

Processes

  • la.lasecurity.trbanking
    1⤵
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Performs UI accessibility actions on behalf of the user
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Checks CPU information
    • Checks memory information
    PID:4626

Network

  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.187.206
  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
    Response
    ssl.google-analytics.com
    IN A
    216.58.213.8
  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
  • flag-us
    DNS
    t.me
    Remote address:
    1.1.1.1:53
    Request
    t.me
    IN A
    Response
    t.me
    IN A
    149.154.167.99
  • flag-nl
    GET
    https://t.me/anbsh26
    Remote address:
    149.154.167.99:443
    Request
    GET /anbsh26 HTTP/2.0
    host: t.me
    accept-encoding: gzip
    user-agent: okhttp/4.10.0
    Response
    HTTP/2.0 200
    server: nginx/1.18.0
    date: Fri, 10 Jan 2025 03:55:04 GMT
    content-type: text/html; charset=utf-8
    content-length: 4463
    set-cookie: stel_ssid=31c0ef8e6d74cc490d_11370631715155154397; expires=Sat, 11 Jan 2025 03:55:04 GMT; path=/; samesite=None; secure; HttpOnly
    pragma: no-cache
    cache-control: no-store
    x-frame-options: ALLOW-FROM https://web.telegram.org
    content-security-policy: frame-ancestors https://web.telegram.org
    content-encoding: gzip
    strict-transport-security: max-age=35768000
  • flag-us
    DNS
    tonymayisayininfilancagunu.info
    Remote address:
    1.1.1.1:53
    Request
    tonymayisayininfilancagunu.info
    IN A
    Response
    tonymayisayininfilancagunu.info
    IN A
    172.67.138.198
    tonymayisayininfilancagunu.info
    IN A
    104.21.70.187
  • flag-us
    GET
    https://tonymayisayininfilancagunu.info/sk
    Remote address:
    172.67.138.198:443
    Request
    GET /sk HTTP/1.1
    Upgrade: websocket
    Connection: Upgrade
    Sec-WebSocket-Key: 4TNfnDvqp4pYhxGTjkUZmg==
    Sec-WebSocket-Version: 13
    Sec-WebSocket-Extensions: permessage-deflate
    Host: tonymayisayininfilancagunu.info
    Accept-Encoding: gzip
    User-Agent: okhttp/4.10.0
    Response
    HTTP/1.1 101 Switching Protocols
    Date: Fri, 10 Jan 2025 03:55:05 GMT
    Connection: upgrade
    upgrade: websocket
    sec-websocket-accept: MPG5jnDOzXyNxjdzC1I+8i9IcnU=
    cf-cache-status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kOHLmYsUza2RUFuSIgl2RfqNZYK9gpDWknG2c1PnObDwnRhnmhBMrvbWqgw1IU%2Fo9P3atFYTNBqd94Shn5tP6zvZEV1Do57MQgHmyIFYOm2DaZ0M4bVphvMvWarhwv8n6waafkuwFFJSHap8MLrScBiS"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8ff9babe3f1fecfd-LHR
    alt-svc: h3=":443"; ma=86400
    server-timing: cfL4;desc="?proto=TCP&rtt=47517&min_rtt=47397&rtt_var=13541&sent=6&recv=6&lost=0&retrans=0&sent_bytes=3170&recv_bytes=871&delivery_rate=84171&cwnd=252&unsent_bytes=0&cid=5789a6f9f8261c7b&ts=242&x=0"
  • 142.250.187.206:443
    tls, https
    1.5kB
     40 B
     1
    1
  • 142.250.187.206:443
    tls, https
    1.5kB
     40 B
     1
    1
  • 142.250.187.206:443
    android.apis.google.com
    tls
    4.9kB
     8.1kB
     22
    20
  • 216.58.213.8:443
    ssl.google-analytics.com
    tls
    1.5kB
     6.9kB
     11
    9
  • 149.154.167.99:443
    https://t.me/anbsh26
    tls, http2
    1.8kB
     12.2kB
     17
    19

    HTTP Request

    GET https://t.me/anbsh26

    HTTP Response

    200
  • 172.67.138.198:443
    https://tonymayisayininfilancagunu.info/sk
    tls, http
    4.2kB
     7.1kB
     28
    28

    HTTP Request

    GET https://tonymayisayininfilancagunu.info/sk

    HTTP Response

    101
  • 142.250.179.228:443
    tls, https
    937 B
     40 B
     3
    1
  • 142.250.179.228:443
    www.google.com
    tls
    13.8kB
     12.1kB
     30
    34
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.187.206

  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    140 B
     86 B
     2
    1

    DNS Request

    ssl.google-analytics.com

    DNS Request

    ssl.google-analytics.com

    DNS Response

    216.58.213.8

  • 1.1.1.1:53
    t.me
    dns
    50 B
     66 B
     1
    1

    DNS Request

    t.me

    DNS Response

    149.154.167.99

  • 1.1.1.1:53
    tonymayisayininfilancagunu.info
    dns
    77 B
     109 B
     1
    1

    DNS Request

    tonymayisayininfilancagunu.info

    DNS Response

    172.67.138.198
    104.21.70.187

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

1
T1628

User Evasion

1
T1628.002

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

1
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.