Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1fc6c7f55ac3ccee96713dcc3cbd38760a3a6ccfa692d5e6effcf0bc567c8602
-
Size
9.3MB
-
Sample
250321-vx6bfsxpz3
-
MD5
13067d771e306d0918894e3e1aeb32b6
-
SHA1
7c923df60cbe659d6d3c9ef02cf6a76abe731c3e
-
SHA256
1fc6c7f55ac3ccee96713dcc3cbd38760a3a6ccfa692d5e6effcf0bc567c8602
-
SHA512
07659b9d3ce91f318c38f68d102e29b7cec7fc8b2c402dc9b2dde626a09640b50788f7bbe24bbb47ff6e2e9e05166e71f5bd79628559e9d1a17beb9dbc4fa6e0
-
SSDEEP
196608:2uKK5F7JTUKRzHBmH4AGK+8ZWFNp8hJHVuW:D5JFRLBmH9GqcFsjVj
Static task
static1
Behavioral task
behavioral1
Sample
1fc6c7f55ac3ccee96713dcc3cbd38760a3a6ccfa692d5e6effcf0bc567c8602.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral2
Sample
1fc6c7f55ac3ccee96713dcc3cbd38760a3a6ccfa692d5e6effcf0bc567c8602.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral3
Sample
base.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral4
Sample
base.apk
Resource
android-x86-arm-20240910-en
Malware Config
Extracted
hydra
http://chililiki0101.com
Targets
-
-
Target
1fc6c7f55ac3ccee96713dcc3cbd38760a3a6ccfa692d5e6effcf0bc567c8602
-
Size
9.3MB
-
MD5
13067d771e306d0918894e3e1aeb32b6
-
SHA1
7c923df60cbe659d6d3c9ef02cf6a76abe731c3e
-
SHA256
1fc6c7f55ac3ccee96713dcc3cbd38760a3a6ccfa692d5e6effcf0bc567c8602
-
SHA512
07659b9d3ce91f318c38f68d102e29b7cec7fc8b2c402dc9b2dde626a09640b50788f7bbe24bbb47ff6e2e9e05166e71f5bd79628559e9d1a17beb9dbc4fa6e0
-
SSDEEP
196608:2uKK5F7JTUKRzHBmH4AGK+8ZWFNp8hJHVuW:D5JFRLBmH9GqcFsjVj
Score10/10-
TangleBot
TangleBot is an Android SMS malware first seen in September 2021.
-
TangleBot payload
-
Tanglebot family
-
-
-
Target
base.apk
-
Size
4.7MB
-
MD5
97582d8e33578e7dd5f7667bde68f6c3
-
SHA1
71356471f1fc8cccd4288deb577d63041e1faea1
-
SHA256
f190b0887265d7e7fbef7ce328180aa11925295e0fe335efe526747acb64449e
-
SHA512
e624188eeb55dc230a9bc32b60965331a3f60cf8a05eb5cadc25147ca672ea3a863617dc0dcc1fba0cb57c06b1fbadd1ebb6b87ece49cc57ad1982e2bbde9ab1
-
SSDEEP
98304:/H7JYwx4LmDPN5WWs5s5GShHjq35Uf6X9HsgIFrBCbg+jccUr6Abk03LbUg+:/exw5WWsjH8Mg+k+
-
Hydra family
-
Hydra payload
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Reads the contacts stored on the device.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries information about active data network
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Impair Defenses
1Prevent Application Removal
1Input Injection
1