Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

8bf438f8b6...67.apk

android-9-x86

8bf438f8b6...67.apk

android-10-x64

8

8bf438f8b6...67.apk

android-11-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8bf438f8b6916c8abeddc380d835eb6849e7f2606fb487085dd0f6ed14db6d67.bin

  • Size

    3.5MB

  • Sample

    250302-1xqtnawyds

  • MD5

    d427e2c5e2802cdbc7cbd4cb65f890b0

  • SHA1

    3ce2d6093dbd45d239b68c267b815c9791759a3b

  • SHA256

    8bf438f8b6916c8abeddc380d835eb6849e7f2606fb487085dd0f6ed14db6d67

  • SHA512

    276ac493cc4028050ed2d87cee9d18fa1efa7cace9cf69ee8d4bea6bd968fc554d3c1a24c92c8cf34c89fe24584e4efa85ec59e5ab59221a0ed60e372ca99f22

  • SSDEEP

    98304:oQSyZo4DpCHrRdzxJV9uUj8Tr0nkeF22axCHpBUpF5sr8Tgkbn:oQzhIrRdVBuokqRHCnTdbn

Score
10/10
smswormandroidbankercollectioncredential_accessdefense_evasiondiscoveryimpactpersistence

Malware Config

Targets

    • Target

      8bf438f8b6916c8abeddc380d835eb6849e7f2606fb487085dd0f6ed14db6d67.bin

    • Size

      3.5MB

    • MD5

      d427e2c5e2802cdbc7cbd4cb65f890b0

    • SHA1

      3ce2d6093dbd45d239b68c267b815c9791759a3b

    • SHA256

      8bf438f8b6916c8abeddc380d835eb6849e7f2606fb487085dd0f6ed14db6d67

    • SHA512

      276ac493cc4028050ed2d87cee9d18fa1efa7cace9cf69ee8d4bea6bd968fc554d3c1a24c92c8cf34c89fe24584e4efa85ec59e5ab59221a0ed60e372ca99f22

    • SSDEEP

      98304:oQSyZo4DpCHrRdzxJV9uUj8Tr0nkeF22axCHpBUpF5sr8Tgkbn:oQzhIrRdVBuokqRHCnTdbn

    Score
    8/10
    bankerdefense_evasiondiscoverypersistencecollectioncredential_accessimpact

    • Checks if the Android device is rooted.

      defense_evasion

    • Checks Android system properties for emulator presence.

      defense_evasion

    • Checks known Qemu pipes.

      Checks for known pipes used by the Android emulator to communicate with the host.

      defense_evasion

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Queries information about active data network

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery

    • Requests cell location

      Uses Android APIs to to get current cell information.

      collectiondiscovery
    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks