Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e150184e76ef3742a8c9300b8d2585e4bf1f77046e0a0b662a2d89357914f52e.bin

  • Size

    807KB

  • Sample

    250131-1y283szqfl

  • MD5

    04997458dec372e59dfe505e25a14130

  • SHA1

    9df4db4487c5d6cfff161cf38e72229c1bed1b0b

  • SHA256

    e150184e76ef3742a8c9300b8d2585e4bf1f77046e0a0b662a2d89357914f52e

  • SHA512

    b3b11f4a7d4a7add6c1a8d42d44aa6d8a40272e1c183d8b06e8331dddd3003149de5ba30e734e64b81573182705dcb2255d080eb03d5b50e353b1b3cea772aa6

  • SSDEEP

    12288:FvCEa1a8LVe+xXzvLiQ6cTHXv5WmpYshXZPbGwidNpgdS:FKEa1aKegXzjiQ66Xv5WmD9idNp3

Malware Config

Extracted

Family

spynote

C2

learning-concerned.gl.at.ply.gg:40463

Targets

    • Target

      e150184e76ef3742a8c9300b8d2585e4bf1f77046e0a0b662a2d89357914f52e.bin

    • Size

      807KB

    • MD5

      04997458dec372e59dfe505e25a14130

    • SHA1

      9df4db4487c5d6cfff161cf38e72229c1bed1b0b

    • SHA256

      e150184e76ef3742a8c9300b8d2585e4bf1f77046e0a0b662a2d89357914f52e

    • SHA512

      b3b11f4a7d4a7add6c1a8d42d44aa6d8a40272e1c183d8b06e8331dddd3003149de5ba30e734e64b81573182705dcb2255d080eb03d5b50e353b1b3cea772aa6

    • SSDEEP

      12288:FvCEa1a8LVe+xXzvLiQ6cTHXv5WmpYshXZPbGwidNpgdS:FKEa1aKegXzjiQ66Xv5WmD9idNp3

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Requests enabling of the accessibility settings.

    • Tries to add a device administrator.

MITRE ATT&CK Mobile v15

Tasks