Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
87s -
max time network
93s -
platform
android-13_x64 -
resource
android-33-x64-arm64-20240910-en -
resource tags
arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system -
submitted
23/03/2025, 21:42
Behavioral task
behavioral1
Sample
Wireshark for android.apk
Resource
android-33-x64-arm64-20240910-en
General
-
Target
Wireshark for android.apk
-
Size
7.1MB
-
MD5
ef14bc95b96003e9b9bafa819ee7443f
-
SHA1
8bfe3f71cc9521a9d40feb16f8250fc3c4d93a58
-
SHA256
9604b2b15ca36ba7e5cf8ef5b0ea9f5f43dfc6b92207a3c11a54033844658c42
-
SHA512
8a7e3f5da878fa7c3896307a91cd320851bec2c19d5c91365b03143d3fcd4a77b4c368983e29886205ffd5a218efe77de984ea966a77e4f51b00272c6b59b705
-
SSDEEP
196608:cBe3RGRqHEDSwhn+deSu/WALr3vVU6lIYEmQ75XdGHPd/hVt2V8:MwRGRqHEDSwZSKP326lIKU5XedtP
Malware Config
Signatures
-
888RAT
888RAT is an Android remote administration tool.
-
888Rat family
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.example.dat.a8andoserverx -
Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs
Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).
description ioc Process Framework service call android.content.pm.IPackageManager.canRequestPackageInstalls com.example.dat.a8andoserverx -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.example.dat.a8andoserverx -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.example.dat.a8andoserverx -
Requests allowing to install additional applications from unknown sources. 1 TTPs 1 IoCs
description ioc Process Intent action android.settings.MANAGE_UNKNOWN_APP_SOURCES com.example.dat.a8andoserverx -
Requests dangerous framework permissions 3 IoCs
description ioc Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE -
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
description ioc Process Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.example.dat.a8andoserverx -
Requests enabling of the accessibility settings. 1 IoCs
description ioc Process Intent action android.settings.ACCESSIBILITY_SETTINGS com.example.dat.a8andoserverx -
Tries to add a device administrator. 2 TTPs 1 IoCs
description ioc Process Intent action android.app.action.ADD_DEVICE_ADMIN com.example.dat.a8andoserverx
Processes
-
com.example.dat.a8andoserverx1⤵
- Acquires the wake lock
- Checks the application is allowed to request package installs through the package installer
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Requests allowing to install additional applications from unknown sources.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Requests enabling of the accessibility settings.
- Tries to add a device administrator.
PID:4438
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.1MB
MD5fa213789356b159498dcb3784e7af57f
SHA1d85690e778aaab00c791525b084f4f1ab6c9db7b
SHA2563f4cf7768b2ad4288db3660577f6e39552fd9a76d2827e3b14f587397d0945f3
SHA5125956b66e67e179f989298c0f221e5c19e3bc764b8b4920e1371f7e8cc4a9772f3aebc4403c61c7c779ce765e7735a74e5cf4efe922fdcbdfa7a53d70a4a782e8