Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
4b78996647b54de4c4031dcd6ff91e8eb64c26d023b7f059d03093ab89f11878.bin
-
Size
4.7MB
-
Sample
250118-14cklsxmar
-
MD5
ef7ec2c3dd53f5aafd902752b507661a
-
SHA1
4982225d87d94270763f0f4c817b560a9fc11aca
-
SHA256
4b78996647b54de4c4031dcd6ff91e8eb64c26d023b7f059d03093ab89f11878
-
SHA512
28b93b0a87abf48c29592e440fb81d29250824fa20076d4b0546e977c587ef9da2e4409800f62e796ef2a9f1329f26c4408ad1e0683608f2bc980d694a63be8f
-
SSDEEP
98304:1gl4mTKDbdbIi+/dslYg2LJy4qVUESvbGBJTcWREtObxp4:1y4FbWi+/Kl0k4CSyjTOtN
Malware Config
Targets
-
-
Target
4b78996647b54de4c4031dcd6ff91e8eb64c26d023b7f059d03093ab89f11878.bin
-
Size
4.7MB
-
MD5
ef7ec2c3dd53f5aafd902752b507661a
-
SHA1
4982225d87d94270763f0f4c817b560a9fc11aca
-
SHA256
4b78996647b54de4c4031dcd6ff91e8eb64c26d023b7f059d03093ab89f11878
-
SHA512
28b93b0a87abf48c29592e440fb81d29250824fa20076d4b0546e977c587ef9da2e4409800f62e796ef2a9f1329f26c4408ad1e0683608f2bc980d694a63be8f
-
SSDEEP
98304:1gl4mTKDbdbIi+/dslYg2LJy4qVUESvbGBJTcWREtObxp4:1y4FbWi+/Kl0k4CSyjTOtN
Score10/10-
Spynote
Spynote is a Remote Access Trojan first seen in 2017.
-
Spynote family
-
Spynote payload
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Input Injection
1