Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

6

20d9320b64...18.apk

android-9-x86

7

Analysis

  • max time kernel
    7s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240506-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
  • submitted
    07/05/2024, 14:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    20d9320b64af6c71307d472fafe11ab5_JaffaCakes118.apk

  • Size

    2.2MB

  • MD5

    20d9320b64af6c71307d472fafe11ab5

  • SHA1

    eede6d9dd9cab0d4697f9f7631b1887e81dd98d7

  • SHA256

    2be081b4cecdddb3253e55af916ef17e92201b0f2148158045ffee477e06aafa

  • SHA512

    48632ac9af47705748c7a897af750335fb16eb17ad84953b8c5db53370db89d8e9cc3a15a9777f88cb80619497473d4a9bd2a290eb3061a81a4dd89cd3cb43d5

  • SSDEEP

    49152:0a39S9hfAmZ1Bn1+lC5h1qfyNHH53wrcr8TMiq43RjmLgp0O:13+h9Zb0lC5h6yR53nqqWme

Score
7/10
discoveryevasionimpactpersistence

Malware Config

Signatures

  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • cao.bao.piao.de
    1⤵
    • Checks CPU information
    • Checks memory information
    • Loads dropped Dex/Jar
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4244
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/cao.bao.piao.de/app_cache/mycode.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/cao.bao.piao.de/app_cache/oat/x86/mycode.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4272

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/cao.bao.piao.de/app_cache/mycode.jar
    Filesize

    899KB

    MD5

    5acdf06b8b21d84b568777e5b0c9824d

    SHA1

    e75786ecd95e38989b7855261d035176de067c94

    SHA256

    0ae839afc15ddf880f5158ac714286920d7eabd1d646d35265371c0e9f6d8f0b

    SHA512

    8a0b27c45cf32308bad49a9de67109a68282dd04dc405aa2b015b80b9b2e4877ffbadbff615e371a92db5a0f94d1d51003962be47873e43298aaf370e2fa371a

    Download Submit

  • /data/user/0/cao.bao.piao.de/app_cache/mycode.jar
    Filesize

    2.1MB

    MD5

    b4be64a46406d5a6d704e606997036f8

    SHA1

    45c03b9de24251fbf59fb5265015b93a1d5bbed0

    SHA256

    d3bfecb1c6efefaf4bcd34c3428511c1b60c26fae7cab0171ff0553c4910f663

    SHA512

    73959766aa67ea56a4036154f0bac7831bd323b3d50a5b685caa6f23bb717a15b127c6dd071fef24b827ff4e2a77954ff882d1f3e7ed13f581ddb4351710a4a9

    Download Submit

  • /data/user/0/cao.bao.piao.de/app_cache/mycode.jar
    Filesize

    2.1MB

    MD5

    b4625af369f037efa1db79a9b66e447b

    SHA1

    5839aa4942c9891af04cd10e59c1d28e6a05a814

    SHA256

    54b0312058bde0871e259d7455985c9a54a75482ec3e347aab411b1f11fa1b29

    SHA512

    e47d95d2eeccefef5c47b2668b0a9263c6d9a0d87575abc655a4e8c0a3f7fe6c0aeba485b4eb12a7d8126f98e29696625896966de9ea8f19e395f0bdd007aae8

    Download Submit

  • /storage/emulated/0/lesongcrash/15051239004-2024-05-07-14-48-01-1715093281309.txt
    Filesize

    1KB

    MD5

    a9e328842605b2da4ce4eff1c01f6294

    SHA1

    affa1b6e1982a1b5dfe42708352a536238a69a11

    SHA256

    b6ec35de6520e3557ad31021f71aa16c6af111b9315aa1033d914848fec2c54c

    SHA512

    74d9cc1de168f38cd43dbf60f8181661ed2bd6caea88a30b424634149d46454966e55910d65f3e7c30fcbb978feb1a16107b9e09d4f8a08dd3939f5bf00c47ce

    Download Submit