Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    04/02/2025, 22:09

General

  • Target

    4011730bc122f39bec71c84bd6eaafd9a65ddc6551028a00536dc9cc87bf5629.apk

  • Size

    2.4MB

  • MD5

    718daac83507c0d783b2263aa778242e

  • SHA1

    723c5ca9c6ed1cf3fde79d5909834711ef15dd29

  • SHA256

    4011730bc122f39bec71c84bd6eaafd9a65ddc6551028a00536dc9cc87bf5629

  • SHA512

    856bccd955f8a804cff20840a4201d6db18177c9ef3681001166c4b1451cdbc25a653dc0a2c4366d5db4125a919a2562a73a2b983064b9b24331313327de37b8

  • SSDEEP

    49152:bx0gqcfbO4RBvB5E27CpKvcgh4RxWYYnAb+tWuwktSDOjQ3xSJSdyhpR+YfsGe8W:OODO4XF7CpKEDqDA6AuwOSDO034JTXLa

Malware Config

Extracted

Family

octo

C2

https://91.202.233.164/NzcxZWQ4MWEzZjRk/

https://694b64c9229d92124125w2.com/NzcxZWQ4MWEzZjRk/

https://694b64c9229d921s23532adsw2.com/NzcxZWQ4MWEzZjRk/

https://694b64c99d921s3532sw2.com/NzcxZWQ4MWEzZjRk/

https://694b64c9229d9e2adsw2.com/NzcxZWQ4MWEzZjRk/

https://694b64c922153256dsw2.com/NzcxZWQ4MWEzZjRk/

https://694b64c9229d954362sw2.com/NzcxZWQ4MWEzZjRk/

https://694b64c9229151312dsw2.com/NzcxZWQ4MWEzZjRk/

https://694b64c9229135131dsw2.com/NzcxZWQ4MWEzZjRk/

https://694b64c9229d94663sw2.com/NzcxZWQ4MWEzZjRk/

rc4.plain

Extracted

Family

octo

C2

https://91.202.233.164/NzcxZWQ4MWEzZjRk/

https://694b64c9229d92124125w2.com/NzcxZWQ4MWEzZjRk/

https://694b64c9229d921s23532adsw2.com/NzcxZWQ4MWEzZjRk/

https://694b64c99d921s3532sw2.com/NzcxZWQ4MWEzZjRk/

https://694b64c9229d9e2adsw2.com/NzcxZWQ4MWEzZjRk/

https://694b64c922153256dsw2.com/NzcxZWQ4MWEzZjRk/

https://694b64c9229d954362sw2.com/NzcxZWQ4MWEzZjRk/

https://694b64c9229151312dsw2.com/NzcxZWQ4MWEzZjRk/

https://694b64c9229135131dsw2.com/NzcxZWQ4MWEzZjRk/

https://694b64c9229d94663sw2.com/NzcxZWQ4MWEzZjRk/

AES_key

Signatures

Processes

  • com.restsouthj
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests modifying system settings.
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4268

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.restsouthj/cache/mqwchww

    Filesize

    2.3MB

    MD5

    1ec7f057130fd90066aa724596af29b2

    SHA1

    15013863eb580f1c1227b3c06cfa6a540bcb370c

    SHA256

    2d33b8dccf6b2dc273570ae3173b3e8eedaf5e7631d8e1b1c6bc1408875505d6

    SHA512

    d723858309e2483ceba3a9f62b3f4ac7fa6ffb65c95a8f91c1296bcd572c5864fe05a017322435613ace1c7bcf3baae72943895af961e7d52cc1b036ca89529d

  • /data/data/com.restsouthj/cache/oat/mqwchww.cur.prof

    Filesize

    501B

    MD5

    8e3eecb3daef28099abb8c23fbdbef77

    SHA1

    6d11727c23330ec54f80d2a8e4dec31365541c8b

    SHA256

    af4e76d9fc0ecda4aa7bdcda308dbbb9e21c86bc83f343dae689e6400b82d9c0

    SHA512

    16e2c05f783a418bb7635b68cf156952f58c7fc250954dc396e232bdc206df039a210caf6503986df4d056fcd2177c46d72707eb2b3a5f682a607034ec5b0e84