Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

file.apk

android-9-x86

10

file.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    21/01/2025, 06:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.apk

  • Size

    7.0MB

  • MD5

    7d8fb6cb1e66d8f17f300c266cc3cf6d

  • SHA1

    7d3a61e2b7b55d9324700385afb58bec5b47d0a2

  • SHA256

    7f55cb53761950397f3355e01ea76d57792c69993cbef296eb93cc2fd9b7afde

  • SHA512

    8dc523b7f911ebf4cb483b44d87f825afca41e3c6465a15cd6efe995d814db93af415b06a6b8498ebc80713efbe5c15336b87a76d2bfb573ec3af972431c00db

  • SSDEEP

    98304:4HrK2nzwaCSXMe3WItCRs75iSRGY8mm3XIVKBb:4He4zRCJRcrKD3XIUd

Score
10/10
octobankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

octo

C2

https://0bd477c5ce1e4720fe216256ff4615f3.top

AES_key
AES_key

Signatures

Processes

  • com.taggearback21
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries the mobile country code (MCC)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4774

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

1
T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Software Discovery

1
T1418

Security Software Discovery

1
T1418.001

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.taggearback21/.global.com.taggearback21
    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

    Download Submit

  • /data/data/com.taggearback21/app_deposit/HBqmp.json
    Filesize

    1014B

    MD5

    2bf3903e2ec614513e21e0e33dd42c8a

    SHA1

    3ada7c7d2f83bda6544777e8228cd2fdeb218514

    SHA256

    79c095e98feffca402004d7b149633d49157083049377df42c73d1fe8b0957ed

    SHA512

    87a637a77912151fa68cbea17cd16c62f9a515aec0485ef3ed46922e6cc5dfcd9c120dc28b841584fd98cfe526534d06fb6cd691fb8f4dd68d47fe9aa6d9a917

    Download Submit

  • /data/data/com.taggearback21/app_deposit/HBqmp.json
    Filesize

    1014B

    MD5

    2a33ff08b2498230eaa433bd872fd462

    SHA1

    d6296213407519ffbd0dfa8ec5086bf5c3aa4181

    SHA256

    0d9a6181c82e4a4647d4610bb4d8b12ab574d66cd9b691eb27b7e1d41426e3a5

    SHA512

    65dac93e1b1bd7fe8f3b8d668ac48ee60e2f84cb356e4dec303d92c0e98aa1110b11a5e2bd4b63e241049d8cfd159ab506a1d59f794c8989914c2d21be3c1235

    Download Submit

  • /data/data/com.taggearback21/files/.k
    Filesize

    322KB

    MD5

    77dc50489b9323274732d27dc8a4e803

    SHA1

    0e02a3595b62489d0739d771881da8604d117c65

    SHA256

    c5684e792d1ebefea6aac09fed45911703fd58c899f8a08133d49dd91429a820

    SHA512

    0684a92f3e9c525384cfa53f531afba61e5930e1c27032a7e27e3315f72761b62e122dc34768d8162ba08f9bed53d148aa8dc034b46456bdd211f230637eba58

    Download Submit

  • /data/data/com.taggearback21/oat/x86_64/[email protected]
    Filesize

    471B

    MD5

    8f4678f223dd6bbdf482707812b1fc26

    SHA1

    e195ac4aefd798837c351f8efeefbe965cc56aef

    SHA256

    f059d764d6a0665ab5437b8098e2369bee8d8c92c1c1d4532448be74758d4e5c

    SHA512

    19e122939fe82f119052b46a365ae93aa018d2d6e40f72b675458f7bf719f6e7539885ad00670cd70bd6160486dfcd1f2ab63fa550513cf9b853d6ecccb69258

    Download Submit

  • /data/user/0/com.taggearback21/[email protected]
    Filesize

    525KB

    MD5

    44bffe81ac1d2e0eaeb70a4739ce9dc5

    SHA1

    faaa501fdb1efad50fa28888daca094b6f56ade6

    SHA256

    0887612b46e4118be7d8932d38934a3456fa1d01ed361bfe853355bb84ee3f23

    SHA512

    5af9a744716d1d5c3784c0f2e9981d1cf9b735e4d772c1b314cdad381b2be67d0056d9778cf6a0feea83189f5d9700a713af3368985305aae96ec4bdb447ffe6

    Download Submit

  • /data/user/0/com.taggearback21/app_deposit/HBqmp.json
    Filesize

    1KB

    MD5

    906f6518665fcdae2b61d011bd046306

    SHA1

    f4f8a9ed0e681d9f6e9177329c8dd2da97b4cbb4

    SHA256

    c3cbf0b7023908ac8c05491e1bdd0a1f1eb25dfccd20ad5b95fee63471a9fb58

    SHA512

    82fae05579dde82ff24302807cbc20c6136a35e95f766fd07499b0c7f2994af4031fce8b1ced682697117179a80a771d635bdb1db4a9210219cf522353c0c7f6

    Download Submit