Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
38s -
max time network
149s -
platform
android_x64 -
resource
android-x64-20240221-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system -
submitted
03/05/2024, 07:56
Static task
static1
Behavioral task
behavioral1
Sample
1007c2561c3bef9d7ec27365e550dff5_JaffaCakes118.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
1007c2561c3bef9d7ec27365e550dff5_JaffaCakes118.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral3
Sample
1007c2561c3bef9d7ec27365e550dff5_JaffaCakes118.apk
Resource
android-x64-arm64-20240221-en
General
-
Target
1007c2561c3bef9d7ec27365e550dff5_JaffaCakes118.apk
-
Size
2.7MB
-
MD5
1007c2561c3bef9d7ec27365e550dff5
-
SHA1
01354f7af002d4aa22106d378b838a0e3d51e47f
-
SHA256
86c8a6b7589dee4accf3561f75ab61e0414c68a3fbc9b5d827bfd8d297007e15
-
SHA512
a9120d6354b7831bed18e9c028fedf916964e1c21a7d939eec6400645ae8ba7cd16a3553f8984351873236319fcc7b803f152aa16f1f97a2ae517c561d4db98a
-
SSDEEP
49152:sDswxLJF48ZBj6ZIx9mxuYZWaY33Xwosx8nbCt46kQjOVRzXjh/x1DWQJT4dtMq:sD9ZXjhbaY33AoFmB6VRzXfPBOf
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId pefxyoqegqwtr.gzdpycagaibsukmbanztuxepele.pyiipzohcilxrfiiuxe Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId pefxyoqegqwtr.gzdpycagaibsukmbanztuxepele.pyiipzohcilxrfiiuxe Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText pefxyoqegqwtr.gzdpycagaibsukmbanztuxepele.pyiipzohcilxrfiiuxe -
Prevents application removal 1 TTPs 1 IoCs
Application may abuse the framework's APIs to prevent removal.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction pefxyoqegqwtr.gzdpycagaibsukmbanztuxepele.pyiipzohcilxrfiiuxe -
pid Process 5046 pefxyoqegqwtr.gzdpycagaibsukmbanztuxepele.pyiipzohcilxrfiiuxe -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/pefxyoqegqwtr.gzdpycagaibsukmbanztuxepele.pyiipzohcilxrfiiuxe/app_DynamicOptDex/FJmoZd.json 5046 pefxyoqegqwtr.gzdpycagaibsukmbanztuxepele.pyiipzohcilxrfiiuxe /data/user/0/pefxyoqegqwtr.gzdpycagaibsukmbanztuxepele.pyiipzohcilxrfiiuxe/app_DynamicOptDex/FJmoZd.json 5046 pefxyoqegqwtr.gzdpycagaibsukmbanztuxepele.pyiipzohcilxrfiiuxe -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground pefxyoqegqwtr.gzdpycagaibsukmbanztuxepele.pyiipzohcilxrfiiuxe -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver pefxyoqegqwtr.gzdpycagaibsukmbanztuxepele.pyiipzohcilxrfiiuxe -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock pefxyoqegqwtr.gzdpycagaibsukmbanztuxepele.pyiipzohcilxrfiiuxe -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule pefxyoqegqwtr.gzdpycagaibsukmbanztuxepele.pyiipzohcilxrfiiuxe -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener pefxyoqegqwtr.gzdpycagaibsukmbanztuxepele.pyiipzohcilxrfiiuxe
Processes
-
pefxyoqegqwtr.gzdpycagaibsukmbanztuxepele.pyiipzohcilxrfiiuxe1⤵
- Makes use of the framework's Accessibility service
- Prevents application removal
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's foreground persistence service
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Schedules tasks to execute at a specified time
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:5046
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/pefxyoqegqwtr.gzdpycagaibsukmbanztuxepele.pyiipzohcilxrfiiuxe/app_DynamicOptDex/FJmoZd.json
Filesize1.9MB
MD5b9bca0f72d45a3a7e1aff9e60d1abbec
SHA19b7c5a59b56c7b6f47a407de6b7af621450b3a63
SHA256531c3de4d5ea9ded038b36446749e53db1ef6330bfefa40c6a7a50aa61a2a20f
SHA5123d4c97ae55eff2260365e9a16903a951ab43080109694787fa387c2df746a3150ede1aacc0741c556040278f6bcf4c7c8952c1a6e8a2364ec37a2033c88814b4
-
/data/data/pefxyoqegqwtr.gzdpycagaibsukmbanztuxepele.pyiipzohcilxrfiiuxe/app_DynamicOptDex/FJmoZd.json
Filesize1.9MB
MD511edc9b16beea04bea73ad0d60bb6088
SHA1a65da654f252d6e4b2deca769410a56b07d06c60
SHA25683b4999f7cef130c0c3d56a4a592a0e832b463c5553974eef6abf37c5b60e8da
SHA512a48d2d24a359eeb0d18af1d7c4a15a6cca1d61596e01c9655693cb418f4740da01b760ab09cbdd387b5d37b378adcf381d0664e9d12cde93a14558764571de82