Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    38s
  • max time network
    142s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240221-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
  • submitted
    03/05/2024, 07:56

General

  • Target

    1007c2561c3bef9d7ec27365e550dff5_JaffaCakes118.apk

  • Size

    2.7MB

  • MD5

    1007c2561c3bef9d7ec27365e550dff5

  • SHA1

    01354f7af002d4aa22106d378b838a0e3d51e47f

  • SHA256

    86c8a6b7589dee4accf3561f75ab61e0414c68a3fbc9b5d827bfd8d297007e15

  • SHA512

    a9120d6354b7831bed18e9c028fedf916964e1c21a7d939eec6400645ae8ba7cd16a3553f8984351873236319fcc7b803f152aa16f1f97a2ae517c561d4db98a

  • SSDEEP

    49152:sDswxLJF48ZBj6ZIx9mxuYZWaY33Xwosx8nbCt46kQjOVRzXjh/x1DWQJT4dtMq:sD9ZXjhbaY33AoFmB6VRzXfPBOf

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Prevents application removal 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to prevent removal.

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 4 IoCs

    Runs executable file dropped to the device during analysis.

  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

Processes

  • pefxyoqegqwtr.gzdpycagaibsukmbanztuxepele.pyiipzohcilxrfiiuxe
    1⤵
    • Makes use of the framework's Accessibility service
    • Prevents application removal
    • Removes its main activity from the application launcher
    • Requests accessing notifications (often used to intercept notifications before users become aware).
    • Loads dropped Dex/Jar
    • Makes use of the framework's foreground persistence service
    • Requests enabling of the accessibility settings.
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Schedules tasks to execute at a specified time
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:4685

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/pefxyoqegqwtr.gzdpycagaibsukmbanztuxepele.pyiipzohcilxrfiiuxe/app_DynamicOptDex/FJmoZd.json

    Filesize

    1.9MB

    MD5

    b9bca0f72d45a3a7e1aff9e60d1abbec

    SHA1

    9b7c5a59b56c7b6f47a407de6b7af621450b3a63

    SHA256

    531c3de4d5ea9ded038b36446749e53db1ef6330bfefa40c6a7a50aa61a2a20f

    SHA512

    3d4c97ae55eff2260365e9a16903a951ab43080109694787fa387c2df746a3150ede1aacc0741c556040278f6bcf4c7c8952c1a6e8a2364ec37a2033c88814b4

  • /data/user/0/pefxyoqegqwtr.gzdpycagaibsukmbanztuxepele.pyiipzohcilxrfiiuxe/app_DynamicOptDex/FJmoZd.json

    Filesize

    1.9MB

    MD5

    11edc9b16beea04bea73ad0d60bb6088

    SHA1

    a65da654f252d6e4b2deca769410a56b07d06c60

    SHA256

    83b4999f7cef130c0c3d56a4a592a0e832b463c5553974eef6abf37c5b60e8da

    SHA512

    a48d2d24a359eeb0d18af1d7c4a15a6cca1d61596e01c9655693cb418f4740da01b760ab09cbdd387b5d37b378adcf381d0664e9d12cde93a14558764571de82