Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

24/01/2025, 19:11

250124-xwferatlgy 10

24/01/2025, 17:18

250124-vveqqazrbp 10

Analysis

  • max time kernel
    34s
  • max time network
    40s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    24/01/2025, 17:18

General

  • Target

    ELECTRICITY Bill.-__.apk

  • Size

    4.6MB

  • MD5

    1a615c0aebf2d958181b727de8815736

  • SHA1

    54800a51c1ebc3aa4cdbe37b7b3cbc9314bdb22a

  • SHA256

    2a33c6347c4b4c95e2437075a025a8b9337291d48500224b954e32cb395df678

  • SHA512

    bb0c3dcefb04a64d0d08f4f36cf381c226c6577db49f98246394624b9b958d4c1dfd7a6b20938dd6af562b5eb61dab9dc03db1f980f113b44e1a0af2f8166fa5

  • SSDEEP

    98304:sUAWRjSD2kDiHAkLk4t6TVOHrcuVorbgxoJhEhkNUGBQp:rSD2kDvSk4IpOHrchbgkEhkvw

Malware Config

Signatures

  • Spynote

    Spynote is a Remote Access Trojan first seen in 2017.

  • Spynote family
  • Spynote payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

Processes

  • national.curves.carrier
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:5050

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/national.curves.carrier/files/arm/classes.dex

    Filesize

    5.1MB

    MD5

    6b3798690a1a3c1118677c092bee7873

    SHA1

    5bb6b26c47eae99cfa6534d2c973cfd913b91a54

    SHA256

    d359ae31274c94a88857cb8d2042814406f26535730eb2d2c9f9a210fbe6cb2e

    SHA512

    4f7a4539af96b71535ad98279165f68cd713d3363afa2609ec1845cc952957bab352c33539b9017d54b82920ddc5e93a9dbd459188dad65201ae8603ecd2a790

  • /storage/emulated/0/Config/sys/apps/log/log-2025-01-24.txt

    Filesize

    13B

    MD5

    de2c41a51ee9246eb1708f65b511add0

    SHA1

    2f442d634c8a18760a232c8829d4b5d74a52f074

    SHA256

    ad2d914ca347cd1930e32f21c6d5448c34104bea181b93abc85ec518985653ab

    SHA512

    7cdfbd001594503644e9ed80ae852f90ef9e841a8382e2eec6979e149a2c400a3b83055d205b4d1d66e1600e5127482932d5127eb5800d35a4ee5673fe34d84a

  • /storage/emulated/0/Config/sys/apps/log/log-2025-01-24.txt

    Filesize

    33B

    MD5

    248307c7368c4e4a7c1937725ce314d0

    SHA1

    a649525aaf2a839dbe1ab3e8973f6651061f525e

    SHA256

    25e2623a965a981b7f23dba54440691c3b6cd16b2c104cde7c06bc13d4d8d2ed

    SHA512

    3af93bd9fb0724528b165adb97f6b160f19e6f05ffafb83a2e1e7aecaa7d225e93c9bb723a26159f4e350a88b0cfa7bd987597b0a26072fe6a999d5b6b4e93bc

  • /storage/emulated/0/Config/sys/apps/log/log-2025-01-24.txt

    Filesize

    130B

    MD5

    4edbee5efc653edf6bb71f284741bf56

    SHA1

    b6f9f3ea3c1c37ecc941d9ae8d7870e20998c97f

    SHA256

    8e00ccbb9ff4730ec895943e5251befaa3734fb695e3cc6b5aa158a927249e6a

    SHA512

    699d9e686fab5d9771bc6b3d75e657852e076cf2a04ef017aef61939dc612c9b582c604aa9dd22ecd7800a2565da7efe960848b1d67bef8def20c0862a84a935