Derp.ca
← All malware

9c4b5a4d8766b7afd264f9b0c5a50dfa9572516b3b09cab43846137c251a752a

Live Scan Result: Tria.ge
Score
10/10

Threat Level

Known Bad

Malware Families
ErmacMobileorderSlockerSpynoteWipelock

Last Seen Feb 28, 2026

TrojanBankerAndroidCollectionCredential AccessDefense EvasionDiscoveryEvasionImpactPersistencePrivilege Escalation

MITRE Behavior Map

Persistence (TA0003)

  • Registry Run Keys / Startup Folder (T1547.001)

Privilege Escalation (TA0004)

  • Registry Run Keys / Startup Folder (T1547.001)
  • Bypass User Account Control (T1548.002)

Defense Evasion (TA0005)

  • Modify Registry (T1112)
  • Bypass User Account Control (T1548.002)
  • Disable or Modify Tools (T1562.001)

Discovery (TA0007)

  • Query Registry (T1012)
  • System Information Discovery (T1082)
  • System Language Discovery (T1614.001)

Persistence (TA0028)

  • Foreground Persistence (T1541)
  • Broadcast Receivers (T1624.001)

Privilege Escalation (TA0029)

  • Device Administrator Permissions (T1626.001)

Defense Evasion (TA0030)

  • Download New Code at Runtime (T1407)
  • Foreground Persistence (T1541)
  • User Evasion (T1628.002)
  • System Checks (T1633.001)

Credential Access (TA0031)

  • Clipboard Data (T1414)

Discovery (TA0032)

  • Security Software Discovery (T1418.001)
  • System Network Connections Discovery (T1421)
  • System Network Configuration Discovery (T1422)
  • Process Discovery (T1424)
  • System Information Discovery (T1426)

Impact (TA0034)

  • Data Encrypted for Impact (T1471)
  • Account Access Removal (T1640)
  • Transmitted Data Manipulation (T1641.001)

Collection (TA0035)

  • Clipboard Data (T1414)

Hostnames

7
  1. 1.0.tcp.eu.ngrok.io
  2. 2.1.tcp.sa.ngrok.io
  3. 3.blackbeekey.com
  4. 4.for-nails.gl.at.ply.gg
  5. 5.k7k7.co
  6. 6.navigation-zones.gl.at.ply.gg
  7. 7.prev-labels.gl.at.ply.gg