Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
27/02/2025, 17:35 UTC
250227-v6hlravmy7 1014/01/2025, 05:44 UTC
250114-gfjt8szrbn 1014/01/2025, 05:43 UTC
250114-ge4g9aykgt 1014/01/2025, 05:39 UTC
250114-gctj9szqep 1014/01/2025, 05:35 UTC
250114-f993vazqak 1014/01/2025, 05:34 UTC
250114-f9l11szpgq 1014/01/2025, 05:31 UTC
250114-f76yeayjcw 1014/01/2025, 05:30 UTC
250114-f68evayjas 1014/01/2025, 05:29 UTC
250114-f6m4xazpcq 10Analysis
-
max time kernel
179s -
max time network
132s -
platform
android_x64 -
resource
android-33-x64-arm64-20240624-en -
resource tags
-
submitted
14/01/2025, 05:35 UTC
General
-
Target
insta_followers.apk
-
Size
4.6MB
-
MD5
51064cc8676f45813dec4c5a1c1ce150
-
SHA1
e9d2c7b278c98f85481176c6089b2a74120c6b56
-
SHA256
e232bbfa86980003e46cd2019243e2579b15c844957cd21e70f8d4300ce25f78
-
SHA512
e380e740f4a91013e07e05848ebc4e64ac8278425697cd1da110ec940f6884402d4974302eff493ac685f6969d732e63e95304aaad9742e06f9d8fcd7da3d722
-
SSDEEP
98304:SjbFZKFifcyWk4D+zfro+Pr0hOR6G21GB/EjJ9:IhsFTkP4h8F8b
Score
7/10
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Performs UI accessibility actions on behalf of the user 1 TTPs 53 IoCs
Application may abuse the accessibility service to prevent their removal.
-
Requests enabling of the accessibility settings. 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes
-
com.test.accessibility1⤵
- Loads dropped Dex/Jar
- Performs UI accessibility actions on behalf of the user
- Requests enabling of the accessibility settings.
- Uses Crypto APIs (Might try to encrypt user data)
Network
-
DNSrcs-acs-tmo-us.jibe.google.comRemote address:1.1.1.1:53Requestrcs-acs-tmo-us.jibe.google.comIN AResponsercs-acs-tmo-us.jibe.google.comIN A216.239.36.155 -
DNSremoteprovisioning.googleapis.comRemote address:1.1.1.1:53Requestremoteprovisioning.googleapis.comIN AResponseremoteprovisioning.googleapis.comIN A142.250.180.10remoteprovisioning.googleapis.comIN A142.250.179.234remoteprovisioning.googleapis.comIN A142.250.200.42remoteprovisioning.googleapis.comIN A142.250.178.10remoteprovisioning.googleapis.comIN A142.250.187.234remoteprovisioning.googleapis.comIN A216.58.212.234remoteprovisioning.googleapis.comIN A216.58.213.10remoteprovisioning.googleapis.comIN A172.217.16.234remoteprovisioning.googleapis.comIN A216.58.212.202remoteprovisioning.googleapis.comIN A216.58.204.74remoteprovisioning.googleapis.comIN A142.250.200.10remoteprovisioning.googleapis.comIN A142.250.187.202remoteprovisioning.googleapis.comIN A172.217.169.10remoteprovisioning.googleapis.comIN A172.217.169.42remoteprovisioning.googleapis.comIN A216.58.201.106
-
DNSencrypted-tbn0.gstatic.comRemote address:1.1.1.1:53Requestencrypted-tbn0.gstatic.comIN AResponseencrypted-tbn0.gstatic.comIN A142.250.187.206
-
DNSgmscompliance-pa.googleapis.comRemote address:1.1.1.1:53Requestgmscompliance-pa.googleapis.comIN AResponsegmscompliance-pa.googleapis.comIN A216.58.204.74gmscompliance-pa.googleapis.comIN A172.217.169.10gmscompliance-pa.googleapis.comIN A142.250.178.10gmscompliance-pa.googleapis.comIN A216.58.212.234gmscompliance-pa.googleapis.comIN A172.217.169.42gmscompliance-pa.googleapis.comIN A172.217.169.74gmscompliance-pa.googleapis.comIN A142.250.179.234gmscompliance-pa.googleapis.comIN A142.250.180.10gmscompliance-pa.googleapis.comIN A142.250.187.202gmscompliance-pa.googleapis.comIN A172.217.16.234gmscompliance-pa.googleapis.comIN A216.58.201.106gmscompliance-pa.googleapis.comIN A142.250.200.10gmscompliance-pa.googleapis.comIN A142.250.200.42gmscompliance-pa.googleapis.comIN A216.58.212.202gmscompliance-pa.googleapis.comIN A142.250.187.234
-
216.58.201.100:443 -
216.58.201.100:443www.google.comtls
-
216.58.204.78:443tls, https
-
216.58.204.78:443android.apis.google.comtls
-
216.239.36.155:443rcs-acs-tmo-us.jibe.google.comtls
-
172.64.41.3:443tls, https
-
172.64.41.3:443chrome.cloudflare-dns.comtls
-
142.250.179.227:443update.googleapis.comtls
-
142.250.179.227:443update.googleapis.comtls
-
216.58.201.100:443www.google.comtls
-
142.250.200.36:443
-
142.250.200.36:443www.google.comtls
-
142.250.187.238:443tls, https
-
142.250.187.206:443encrypted-tbn0.gstatic.comtls
-
216.58.204.74:443gmscompliance-pa.googleapis.comtls
-
224.0.0.251:5353 -
216.58.201.100:443https
-
216.58.204.78:443https
-
1.1.1.1:53rcs-acs-tmo-us.jibe.google.comdns
DNS Request
rcs-acs-tmo-us.jibe.google.com
DNS Response
216.239.36.155
-
1.1.1.1:53remoteprovisioning.googleapis.comdns
DNS Request
remoteprovisioning.googleapis.com
DNS Response
142.250.180.10142.250.179.234142.250.200.42142.250.178.10142.250.187.234216.58.212.234216.58.213.10172.217.16.234216.58.212.202216.58.204.74142.250.200.10142.250.187.202172.217.169.10172.217.169.42216.58.201.106
-
172.64.41.3:443https
-
142.250.179.227:443https
-
216.58.201.100:443https
-
142.250.200.36:443https
-
1.1.1.1:53encrypted-tbn0.gstatic.comdns
DNS Request
encrypted-tbn0.gstatic.com
DNS Response
142.250.187.206
-
1.1.1.1:53gmscompliance-pa.googleapis.comdns
DNS Request
gmscompliance-pa.googleapis.com
DNS Response
216.58.204.74172.217.169.10142.250.178.10216.58.212.234172.217.169.42172.217.169.74142.250.179.234142.250.180.10142.250.187.202172.217.16.234216.58.201.106142.250.200.10142.250.200.42216.58.212.202142.250.187.234
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.5MB
MD58b5230cead615f005f2171207699d8aa
SHA11fa3764bdda3aa85f0481f8d63d96517c2638e3e
SHA256b6f3c778f8411b88897f99b57e4c9c5c2ed6102527dd816147f4ca28de8d4498
SHA5124d1b05e242d151fdfed77f7fa92bcc211cd23e28af134aaa5b403607b2ded7db6b6fb1fcbd134ecf31170e874f1e3ffb9d028e6ea8328441a678b725a180f22c