triada | 2f6bf7eb8abe957ed6b03afcf083be8df33f68fde44d4fddeba1d62ef45de04d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

WALITEX_1....AL.apk

android-9-x86

8

Sharing

General

Target

WALITEX_1.70.0_OFFICIAL.apk
Size

98.2MB
Sample

250303-bcpcna1px4
MD5

c428dc3e8ca2fe4e8a3363cc19c2cd2a
SHA1

58cf3f4b8b1075030d952c3c5d276dae50212a4c
SHA256

2f6bf7eb8abe957ed6b03afcf083be8df33f68fde44d4fddeba1d62ef45de04d
SHA512

b46c8f1fea5cc13b76d1c61de28b46544f273c58f4debf37dac746efe7cc778507e8cc41a169f5751ecbed04e9e5ab18f1023424034156249e479cfcb722fe63
SSDEEP

1572864:HCJNk/GrJrm6MaQVL1EC5zI3vCuKhWrDGaC:HWm/GrkPVLPlIquKhWXGaC

Score

10^/10

triada android defense_evasion discovery execution impact persistence upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

WALITEX_1.70.0_OFFICIAL.apk

Resource

android-x86-arm-20240910-en

defense_evasion discovery execution impact persistence upx

android-9-x86

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  WALITEX_1.70.0_OFFICIAL.apk
- Size
  
  98.2MB
- MD5
  
  c428dc3e8ca2fe4e8a3363cc19c2cd2a
- SHA1
  
  58cf3f4b8b1075030d952c3c5d276dae50212a4c
- SHA256
  
  2f6bf7eb8abe957ed6b03afcf083be8df33f68fde44d4fddeba1d62ef45de04d
- SHA512
  
  b46c8f1fea5cc13b76d1c61de28b46544f273c58f4debf37dac746efe7cc778507e8cc41a169f5751ecbed04e9e5ab18f1023424034156249e479cfcb722fe63
- SSDEEP
  
  1572864:HCJNk/GrJrm6MaQVL1EC5zI3vCuKhWrDGaC:HWm/GrkPVLPlIquKhWXGaC
Score

8^/10

defense_evasion discovery execution impact persistence upx
- Patched UPX-packed file
  Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  defense_evasion persistence
- Queries information about active data network
  discovery
- Reads information about phone network operator.
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Broadcast Receivers

Foreground Persistence

Scheduled Task/Job

Privilege Escalation

Defense Evasion

Foreground Persistence

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryexecutionimpactpersistenceupx

© 2018-2025

Terms | Privacy