Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
38s -
max time network
142s -
platform
android_x64 -
resource
android-x64-arm64-20240221-en -
resource tags
-
submitted
03/05/2024, 07:56
General
-
Target
1007c2561c3bef9d7ec27365e550dff5_JaffaCakes118.apk
-
Size
2.7MB
-
MD5
1007c2561c3bef9d7ec27365e550dff5
-
SHA1
01354f7af002d4aa22106d378b838a0e3d51e47f
-
SHA256
86c8a6b7589dee4accf3561f75ab61e0414c68a3fbc9b5d827bfd8d297007e15
-
SHA512
a9120d6354b7831bed18e9c028fedf916964e1c21a7d939eec6400645ae8ba7cd16a3553f8984351873236319fcc7b803f152aa16f1f97a2ae517c561d4db98a
-
SSDEEP
49152:sDswxLJF48ZBj6ZIx9mxuYZWaY33Xwosx8nbCt46kQjOVRzXjh/x1DWQJT4dtMq:sD9ZXjhbaY33AoFmB6VRzXfPBOf
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Prevents application removal 1 TTPs 1 IoCs
Application may abuse the framework's APIs to prevent removal.
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Requests accessing notifications (often used to intercept notifications before users become aware). 1 TTPs 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 4 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests enabling of the accessibility settings. 1 IoCs
-
Acquires the wake lock 1 IoCs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes
-
pefxyoqegqwtr.gzdpycagaibsukmbanztuxepele.pyiipzohcilxrfiiuxe1⤵
- Makes use of the framework's Accessibility service
- Prevents application removal
- Removes its main activity from the application launcher
- Requests accessing notifications (often used to intercept notifications before users become aware).
- Loads dropped Dex/Jar
- Makes use of the framework's foreground persistence service
- Requests enabling of the accessibility settings.
- Acquires the wake lock
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Schedules tasks to execute at a specified time
- Listens for changes in the sensor environment (might be used to detect emulation)
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
3Suppress Application Icon
1User Evasion
2Impair Defenses
1Prevent Application Removal
1Input Injection
1Credential Access
Access Notifications
1Input Capture
2GUI Input Capture
1Keylogging
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.9MB
MD5b9bca0f72d45a3a7e1aff9e60d1abbec
SHA19b7c5a59b56c7b6f47a407de6b7af621450b3a63
SHA256531c3de4d5ea9ded038b36446749e53db1ef6330bfefa40c6a7a50aa61a2a20f
SHA5123d4c97ae55eff2260365e9a16903a951ab43080109694787fa387c2df746a3150ede1aacc0741c556040278f6bcf4c7c8952c1a6e8a2364ec37a2033c88814b4
-
Filesize
1.9MB
MD511edc9b16beea04bea73ad0d60bb6088
SHA1a65da654f252d6e4b2deca769410a56b07d06c60
SHA25683b4999f7cef130c0c3d56a4a592a0e832b463c5553974eef6abf37c5b60e8da
SHA512a48d2d24a359eeb0d18af1d7c4a15a6cca1d61596e01c9655693cb418f4740da01b760ab09cbdd387b5d37b378adcf381d0664e9d12cde93a14558764571de82