Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    04/02/2025, 22:01

General

  • Target

    42501d49c099a24117935ba09d6d0215822cd91235bdaa58103b4ffbc9aa6256.apk

  • Size

    3.4MB

  • MD5

    6be085d3e5a3dcb5cd34d0dcf0aa9dfc

  • SHA1

    34d3ff8c273efdd7a92bf3f1f6a7bab42f8674c8

  • SHA256

    42501d49c099a24117935ba09d6d0215822cd91235bdaa58103b4ffbc9aa6256

  • SHA512

    631235f0c753bd6d789e050653fe97bf015097084575cf8fe7cb5be540a95d57c202dc1ec23a21bca7863dac7922618b1de11858d36afd162af9b66279f087cc

  • SSDEEP

    98304:su8dhQVYtH2TYTtMnoFKq9sjGKRQBX2M8zNwcsa1Yuzembzr:Bqu0rapiuze2r

Malware Config

Extracted

Family

octo

C2

https://kkcanertarihcesi.xyz/MzhiMTg0NTAwOTY5S/

https://tutmlhizmetleri.xyz/MzhiMTg0NTAwOTY5S/

https://tutmlsistemleri.xyz/MzhiMTg0NTAwOTY5S/

https://tutmlplatformlari.xyz/MzhiMTg0NTAwOTY5S/

https://tutmlhaberportali.xyz/MzhiMTg0NTAwOTY5S/

https://tutmlguncelveriler.xyz/MzhiMTg0NTAwOTY5S/

https://tutmlteknolojidunyasi.xyz/MzhiMTg0NTAwOTY5S/

https://tutmlgelismeler.xyz/MzhiMTg0NTAwOTY5S/

https://tutmlarsivkayitlari.xyz/MzhiMTg0NTAwOTY5S/

https://tutmlprojelerplatformu.xyz/MzhiMTg0NTAwOTY5S/

https://tutmlbilgipaylasimi.xyz/MzhiMTg0NTAwOTY5S/

https://tutmliletisimagaci.xyz/MzhiMTg0NTAwOTY5S/

https://tutmlanalizverileri.xyz/MzhiMTg0NTAwOTY5S/

https://tutmlstratejiplani.xyz/MzhiMTg0NTAwOTY5S/

https://tutmlsistemyonetimi.xyz/MzhiMTg0NTAwOTY5S/

https://tutmlvizyonrehberi.xyz/MzhiMTg0NTAwOTY5S/

https://tutmlgeleceksenaryosu.xyz/MzhiMTg0NTAwOTY5S/

https://tutmlsosyalkullanimi.xyz/MzhiMTg0NTAwOTY5S/

https://tutmlonlinetoplum.xyz/MzhiMTg0NTAwOTY5S/

https://tutmlodaklisisim.xyz/MzhiMTg0NTAwOTY5S/

rc4.plain

Extracted

Family

octo

C2

https://kkcanertarihcesi.xyz/MzhiMTg0NTAwOTY5S/

https://tutmlhizmetleri.xyz/MzhiMTg0NTAwOTY5S/

https://tutmlsistemleri.xyz/MzhiMTg0NTAwOTY5S/

https://tutmlplatformlari.xyz/MzhiMTg0NTAwOTY5S/

https://tutmlhaberportali.xyz/MzhiMTg0NTAwOTY5S/

https://tutmlguncelveriler.xyz/MzhiMTg0NTAwOTY5S/

https://tutmlteknolojidunyasi.xyz/MzhiMTg0NTAwOTY5S/

https://tutmlgelismeler.xyz/MzhiMTg0NTAwOTY5S/

https://tutmlarsivkayitlari.xyz/MzhiMTg0NTAwOTY5S/

https://tutmlprojelerplatformu.xyz/MzhiMTg0NTAwOTY5S/

https://tutmlbilgipaylasimi.xyz/MzhiMTg0NTAwOTY5S/

https://tutmliletisimagaci.xyz/MzhiMTg0NTAwOTY5S/

https://tutmlanalizverileri.xyz/MzhiMTg0NTAwOTY5S/

https://tutmlstratejiplani.xyz/MzhiMTg0NTAwOTY5S/

https://tutmlsistemyonetimi.xyz/MzhiMTg0NTAwOTY5S/

https://tutmlvizyonrehberi.xyz/MzhiMTg0NTAwOTY5S/

https://tutmlgeleceksenaryosu.xyz/MzhiMTg0NTAwOTY5S/

https://tutmlsosyalkullanimi.xyz/MzhiMTg0NTAwOTY5S/

https://tutmlonlinetoplum.xyz/MzhiMTg0NTAwOTY5S/

https://tutmlodaklisisim.xyz/MzhiMTg0NTAwOTY5S/

Attributes
  • target_apps

    at.spardat.bcrmobile

    at.spardat.netbanking

    com.bankaustria.android.olb

    com.bmo.mobile

    com.cibc.android.mobi

    com.rbc.mobile.android

    com.scotiabank.mobile

    com.td

    cz.airbank.android

    eu.inmite.prj.kb.mobilbank

    com.bankinter.launcher

    com.kutxabank.android

    com.rsi

    com.tecnocom.cajalaboral

    es.bancopopular.nbmpopular

    es.evobanco.bancamovil

    es.lacaixa.mobile.android.newwapicon

    com.dbs.hk.dbsmbanking

    com.FubonMobileClient

    com.hangseng.rbmobile

    com.MobileTreeApp

    com.mtel.androidbea

    com.scb.breezebanking.hk

    hk.com.hsbc.hsbchkmobilebanking

    com.aff.otpdirekt

    com.ideomobile.hapoalim

    com.infrasofttech.indianBank

    com.mobikwik_new

    com.oxigen.oxigenwallet

    jp.co.aeonbank.android.passbook

AES_key

Signatures

Processes

  • com.museum.dove
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests modifying system settings.
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4217

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.museum.dove/.qcom.museum.dove

    Filesize

    48B

    MD5

    046a414913add6f5bb60072c7db819b6

    SHA1

    451ee4f6809260aec622d772fd329c7d0297a842

    SHA256

    b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a

    SHA512

    4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

  • /data/data/com.museum.dove/app_marine/ZxJwsU.json

    Filesize

    153KB

    MD5

    fbd597fe3575c9eab47fe351410dc86d

    SHA1

    fbd7ae682659c834907bdc43ded2ec477e672fca

    SHA256

    beb8c34717052955c27753a54f8acb456fad0c5924da54d8e56bc334fd4b9a85

    SHA512

    43d808aca6b6f5ac0e042c47b70ceb33cae069839f2438e1ce863b4ef94ebb987beb567098271647bc58fbc676573ccf959b83ae41abfe6d642447141cc0a391

  • /data/data/com.museum.dove/app_marine/ZxJwsU.json

    Filesize

    153KB

    MD5

    13fa8d1d3b1b93704db9d50fca081e58

    SHA1

    67f6dbc50464132e9a749952bcd56960fedb6014

    SHA256

    f69be5cdba19a22321e81e84a990fc168f8d5281e495f412d5a217b2c4e16383

    SHA512

    4debb5d44fd009a7813b152628f05ed8398886daef969082bd5ab506506ecdcd23e043b491962b4228aee51d9a571a64276cc55d7d4813d311cd4e06018bfde8

  • /data/data/com.museum.dove/kl.txt

    Filesize

    45B

    MD5

    2c3238ad224c2277819dd5feefb81f77

    SHA1

    4a8517415e31f0b42b25aa789b14820d97fa5018

    SHA256

    d736e44e054cd2c46561691905da08fcb7afcd85742fb74802d36c54fa3d3433

    SHA512

    d177a8af75040d5b3db1f342ad49c6f2c15588bd230a11f088f1ce93b2d204d8fe70bed98bf5fe0738434ba7283cbaff6722226c666b050b47ed52ac9fe70ce8

  • /data/data/com.museum.dove/kl.txt

    Filesize

    423B

    MD5

    c331a8bd30f6e3a5b68cb03ce80ebfa8

    SHA1

    30e5bd813a925e168a9d7dcbb8e2cc9e556c2ade

    SHA256

    731ce8e550912e463f5b742beb06f954ffacba11f0850742ee48e71457012949

    SHA512

    69c381e3cc9bfb1ff1cbd5283708b6d1a76c26a1fda59fba521c64ea5af4c3c7fb8ed19f3e02f7ff21774bd77b427ba1153271691a6e87b9626e2f8db1076c66

  • /data/data/com.museum.dove/kl.txt

    Filesize

    230B

    MD5

    98f91ebfe953037a0be1f963336c2ec5

    SHA1

    44c3681278c986ce733f63f13cece95494598451

    SHA256

    2bca56b15ed6e8af8cbace3c140525845cde4e7bdff8910685f48721d87faee0

    SHA512

    a797e68a4ed1d5a4f72a3b38d7fd21993e2576a643c5a3b813cfedfd5d4ce07ee63d89f14453908f8cfa78b36f76e70489bffb43f37952b18a3ced84ac603364

  • /data/data/com.museum.dove/kl.txt

    Filesize

    54B

    MD5

    c49e5aac47b2b085f6eff5969fc2a19e

    SHA1

    77c7c707d05448a544d91c3afb355867febc51f9

    SHA256

    23e995cad38fdbfc80b6883d1c6085f1da933b1ab65a766351103ec10bf484d9

    SHA512

    357cd982889b167affce8714ca52a4791efda28b59d23ddd029c5839c2ac58bee87b743b69f67e268718d7f93f9b304d8d3cdd749e311937f1d1a0849cee2c6a

  • /data/data/com.museum.dove/kl.txt

    Filesize

    63B

    MD5

    65946b353c057e316fb1ebefc4d5d450

    SHA1

    a2a4a02b3d68c28021e00767270e9a2107342b38

    SHA256

    08d13afd41dbd2582eea9a74bb7a47145471c90bddc2ac6ef1b61201ccbeeafb

    SHA512

    28b1ab8b2c741c82f065e88799d4898e8060f358d982dd772cbf31b60e983dd2ef837d96c0711e603e08c307e471745269435b2e17bc697cb03222b96c70c6f4

  • /data/user/0/com.museum.dove/app_marine/ZxJwsU.json

    Filesize

    450KB

    MD5

    c063b9db1247190f2c89cd1d319c2890

    SHA1

    8b802017440b8066df75a2af09a0d8b78032a9d3

    SHA256

    2e8f906c4640ba969509becdc22381fc513d5bd99d761167d9d9f95a48b7a916

    SHA512

    b4af92b6d78de6fe070a1e5fe9fcacd94e502ff09481507abaf00401e041b537c8c962a02a382a25ce1e82dd4b43fd410cd1db8295b69dc9dc2f7e9f6a7fb8ba