Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

21ef9f627c...18.apk

android-9-x86

8

21ef9f627c...18.apk

android-11-x64

8

kyx_data.apk

android-9-x86

kyx_data.apk

android-10-x64

kyx_data.apk

android-11-x64

AdServer.apk

android-9-x86

analytics_core.apk

android-9-x86

1

gdtadv2.apk

android-9-x86

gdtadv2.apk

android-10-x64

gdtadv2.apk

android-11-x64

Analysis

  • max time kernel
    14s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240506-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
  • submitted
    07/05/2024, 22:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    21ef9f627c66c4f6251acc77d77a9184_JaffaCakes118.apk

  • Size

    28.3MB

  • MD5

    21ef9f627c66c4f6251acc77d77a9184

  • SHA1

    db95724ed1f48091d5bfe5e06b0596fb1c3fc31d

  • SHA256

    5c52b85f7fe918be44cf6a6a94b6c976ea479c47531594cbb5a699ebb1a73a60

  • SHA512

    a54ca1aa75ba56140bbd53af2640ebef8bb52714ab02fd85dbd0d04b88e06220d5a1a66913241fe237c42938db3ef155df2d6f650e6f5edccac74423ca71bb4e

  • SSDEEP

    786432:espzy53PGH4odQD35ziCJh9Vip+e9/mNSV6rAqJI5LLHH/:S3YfEgCT9h2/mBI5Lb

Score
8/10
bankercollectiondiscoveryevasionpersistence

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Requests cell location 1 TTPs 1 IoCs

    Uses Android APIs to to get current cell information.

    collectiondiscovery

Processes

  • ru.kes.chasinglight
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Requests cell location
    PID:4288
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/ru.kes.chasinglight/files/kuaiyouxi/datas/res/1326/dex.jar --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/ru.kes.chasinglight/files/kuaiyouxi/datas/res/1326/oat/x86/dex.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4318

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/ru.kes.chasinglight/databases/0M3006CS7U0ZC2K3-access.db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/ru.kes.chasinglight/databases/0M3006CS7U0ZC2K3-access.db-journal
    Filesize

    512B

    MD5

    e29e59c94cc33942624d429b521df3c4

    SHA1

    92b54c2c69589417071f31b3b43aabfbdd51ac84

    SHA256

    5719f72d062bc5e9eaed5d271968abd6d0cb85cccc6b8c2413e66f3225f396c0

    SHA512

    05b390a5a52d794fb4789c64c424d52f8f8623dbd213d7ecb3903b2cca092e71392dc00969d07796748fa37df65a3bcbb27fda761c30550429b713652450c3f8

    Download Submit

  • /data/data/ru.kes.chasinglight/databases/0M3006CS7U0ZC2K3-access.db-shm
    Filesize

    28KB

    MD5

    cf845a781c107ec1346e849c9dd1b7e8

    SHA1

    b44ccc7f7d519352422e59ee8b0bdbac881768a7

    SHA256

    18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

    SHA512

    4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

    Download Submit

  • /data/data/ru.kes.chasinglight/databases/0M3006CS7U0ZC2K3-access.db-wal
    Filesize

    32KB

    MD5

    0c1f8577ebc22c87a72cdb7e4f441041

    SHA1

    92fa3d09df88aae9d33d7a4c4b177aaad65191e5

    SHA256

    88c5e7d64d9bb60486b94c12c509b7d9e47bf8132cdd3c603b7b9b07c070f8ac

    SHA512

    423aa4e42b5a614eaba863e7015ab5e25c3a4451e1208c18ffcd988c3af7599a2b28549e9e1716d9fa6d6bc54c9ae9733581386ebab59046686c3ea154ce4c98

    Download Submit

  • /data/data/ru.kes.chasinglight/files/kuaiyouxi/datas/mzw_dsp/1326/md5
    Filesize

    32B

    MD5

    437081af6b886101f6d20847d9255d33

    SHA1

    c41bb118063b377c76d713265d01fae7b3587592

    SHA256

    022f8b359131f50ca2a79344e12105070679fce10ef25a67f29f4160d6b4057b

    SHA512

    df05c86c194a41ccbf5ecd78b3f1931ba2f6aaf0278e5e00fd0efad5a32e48fe4566d8a45af05234929730a5194fdadac5e7f95eef712afdce25504707b5c36b

    Download Submit

  • /data/data/ru.kes.chasinglight/files/kuaiyouxi/datas/mzw_dsp/1326/update
    Filesize

    3.6MB

    MD5

    7b303ed0278ecd45e9dfd24ac7585fe6

    SHA1

    618a10ab980dbf76a90c09d3e7579aafccf85040

    SHA256

    a5d7512b741107d6279d08556ad5baee40efac5e0ca0259f0f434daa0e5efdce

    SHA512

    c6d3b08d7f2deebd3a816ee6e61da1562ceb4460bd26c1ee4945824affc9710996fde7a16b0d9ce5241f3010b89d4c1d5ccebabea2809f87ee448b83b5fecc0a

    Download Submit

  • /data/data/ru.kes.chasinglight/files/kuaiyouxi/datas/mzw_dsp/checkupdate
    Filesize

    8B

    MD5

    dfeaf097fe158c5a6badb9eec5315a01

    SHA1

    361839c4d21a90266d67481a8168ef76bf1fdd63

    SHA256

    d51a6b475c9c72577254694b67962111dad1d079dac4a8e93cbfd733f6b7fd44

    SHA512

    bf85c3d8d4684347753a2c247e34852ff2f09de80112f47dd094fa940ce41575cfdaf16c3e838190dd761a9e21e9e731e5318acbdd7beca7ab30ea970bd53c5c

    Download Submit

  • /data/data/ru.kes.chasinglight/files/kuaiyouxi/datas/mzw_dsp/version
    Filesize

    10B

    MD5

    63c86cd52a2032fe766e9ddd0cec9b84

    SHA1

    bb1028d3839a1a11b879a31fbb5efbc8c389a591

    SHA256

    bf2f4a993b11592919b69bc2e8c1201cceb23353319a816f087854eee54441bb

    SHA512

    3a2b5c3e66dbdb38f491d4acde1a9c2238ca8e5bba8c6ec4b2b88fa55ce36721c907feb07a101d6737811e0d8ecc944a687748256d98f26cd8cc47e270c588a4

    Download Submit

  • /data/data/ru.kes.chasinglight/files/kuaiyouxi/datas/res/1326/dex.jar
    Filesize

    1.3MB

    MD5

    8881e0f4790a8ae6be31157e2e1af8f5

    SHA1

    65ed89609ab3995598f895f8330f55fa8dc713cb

    SHA256

    ff57f08e1cd3baf3e92fe033cab19a4faf88d636dd467feae57618ab1dd24bc5

    SHA512

    c65573f1bbe1a6fea603f1d3195912ef3011338d592ace578362dee7af4c50d818bb235c467bb0b11766df73b5ad2735260843e20e8e9bdf14f92f58b73a2994

    Download Submit

  • /data/data/ru.kes.chasinglight/files/kuaiyouxi/datas/res/1326/pack
    Filesize

    3.6MB

    MD5

    43eacd187ddae0fe9deaa054e5f7f770

    SHA1

    6a4db81880b121a2fae02c84219fed1808bdbb46

    SHA256

    927c1e61e10e53ae79a2879fc781c6e88270e7ed7da4a8dafd10ef1c265e4b54

    SHA512

    730ec7220cb3b2e5bf339f49145fd5d46da6d2e5f951f7719dcd5e950fbafa6815b88958d044196fa1be1ce3a95fd2b5074c6cb8a0ae166ff3d094f3eaf8e3ec

    Download Submit

  • /data/data/ru.kes.chasinglight/files/libtencentloca.so
    Filesize

    19KB

    MD5

    2c1ed75b42b2e5fe45c87cc3729a4ec7

    SHA1

    60e15d8d6e99d144d99cf8936d4304272e0c3782

    SHA256

    7e713c464d2e1285098b82953d2103e43e43bd42dfcdbdeaccc0cfb115b9e155

    SHA512

    d681a6f3870b1960968d6633c2351ce67ebb0b4b1bea2926d4154dda10826f71d1529507bf32aefe436bb21f5b6682203dde61150c8ffb68eac3b50172343710

    Download Submit

  • /data/user/0/ru.kes.chasinglight/files/kuaiyouxi/datas/res/1326/dex.jar
    Filesize

    3.1MB

    MD5

    5d220ef39eb7fd790640909ca0b10cd7

    SHA1

    f4a9b9eb51963cbe96bd62ede1a418c74b236d40

    SHA256

    9eff81bd2c46c19bc705a1a7b931bf41a05d576a903e46458a78d5c819d4db16

    SHA512

    429fe287a2200d2f992c80bd7375c8a0b2fcfd3b42105585156d4ad99c0d2e86f51784712b1b7a679eb12c6f192d1db3402678936a809399e4e828d78d4ce4cf

    Download Submit

  • /data/user/0/ru.kes.chasinglight/files/kuaiyouxi/datas/res/1326/dex.jar
    Filesize

    3.1MB

    MD5

    2fe34ca16bd1e7469b22337c725f5522

    SHA1

    4a3d546f93276ebbd2f3bb9c45da3175ac822991

    SHA256

    4d62e51eeb52b74cce69b85630a65a08b67c89e3c960e63b60229e4e7e9c666d

    SHA512

    e0935a0487910a029cd8660405d736e5c460c9cad5d1da7aa84cb74f095641d8ddffa8636b4df6b825503c8e08a4b839135d5b3d4663ba85e96fc954af324dce

    Download Submit

  • /storage/emulated/0/.rwtest
    Filesize

    1B

    MD5

    13c8ffd977013703a701cf8e11deac65

    SHA1

    067d5096f219c64b53bb1c7d5e3754285b565a47

    SHA256

    e7cf46a078fed4fafd0b5e3aff144802b853f8ae459a4f0c14add3314b7cc3a6

    SHA512

    527cff2b6fdfbc0f54fe092b17d6d8c7e22500242635fa56981e85a64da6ce8a12a3a66cf69fd48f588bcba9bad141b8e351a0cdd4925ae57289933eec1fc153

    Download Submit