Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
159s -
platform
android_x86 -
resource
android-x86-arm-20240506-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system -
submitted
08/05/2024, 23:28
Static task
static1
Behavioral task
behavioral1
Sample
2736cb080311c7698c9071e5ab39a0b3_JaffaCakes118.apk
Resource
android-x86-arm-20240506-en
General
-
Target
2736cb080311c7698c9071e5ab39a0b3_JaffaCakes118.apk
-
Size
23.1MB
-
MD5
2736cb080311c7698c9071e5ab39a0b3
-
SHA1
8e2f005bd2e4aba8ce83ee18478fb5434774decf
-
SHA256
9e7f01b62991dcbd7104b2040e3369b90c8201f09c6c46797f28f0f987ba9785
-
SHA512
844a99b09db354fe09c6af356329a84d62acd2c0e2db7268c62f5e7eaaad78977a7fe09d86b56b44076a9e7c3958b1b20cb589e317b33983d1581162527a6774
-
SSDEEP
393216:sKUlzSdsKk41dQ5q1pjFeah4GIYgppoLS/K9HJqKvE9tEXU1unyexEg:pYN+LQ5opjFe44GIYyu9Hs9tEXU1unyY
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.niupintuan.youxuan -
Checks Android system properties for emulator presence. 1 TTPs 1 IoCs
description ioc Process Accessed system property key: ro.product.model com.niupintuan.youxuan -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.niupintuan.youxuan -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo com.niupintuan.youxuan -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.niupintuan.youxuan Framework service call android.app.IActivityManager.getRunningAppProcesses com.niupintuan.youxuan:remote -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.niupintuan.youxuan -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.niupintuan.youxuan Framework service call android.app.IActivityManager.registerReceiver com.niupintuan.youxuan:remote -
Checks if the internet connection is available 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.niupintuan.youxuan Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.niupintuan.youxuan:remote -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.niupintuan.youxuan:remote Framework API call javax.crypto.Cipher.doFinal com.niupintuan.youxuan
Processes
-
com.niupintuan.youxuan1⤵
- Requests cell location
- Checks Android system properties for emulator presence.
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4257 -
getprop ro.product.cpu.abi2⤵PID:4358
-
-
com.niupintuan.youxuan:remote1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4332
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
3System Checks
3Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
84B
MD584ae1e2966f66486f9da87cd7158482e
SHA150a22c92d59c7286bf64c495d70f7d3688ef7bd1
SHA256f3a0ecd064ef9c3f083ede713052170044b9656f08db36f05e9fc5ea8aaed773
SHA512c15d2411d5d7fd69626b5efbf56e92dece1cf0ad4d6908b1f5c3d19ae9e40c0d829260db9e5c4ee0d2524e4b1446d21aab686ebc3c175f03bf54851bc5394f58
-
Filesize
84B
MD53d4a018434dcda5c90d5c99a6e5fbc01
SHA1665705fe449ab2afa23011aff80565134523088b
SHA256e42006fd91764b47fea10ecc2b8c117412258194da8b81fba1df58cba7f3e657
SHA51257904f0423374caa89a6c1678848af7117ccc07b7e5d29003bbfcc9b3479b5c6d458d1593650793631ba33c25fdd8345eaed9f0bed4e439a38ae4d55ed148754
-
Filesize
56B
MD58ba4d264f088bb51d5207dbc42a9c1a0
SHA1e7dcfdcc93b5dbcc7224cf2bc9e2f788799a919b
SHA2568dd837d81775991436ef9715ceeefebf8ed39bbc37e73473ca749500f5267b12
SHA51237dec2c0645efe801684c60803fc5cbdef7ba53cdd2230bc61130a483cdf5d6e18a8109d43abe577e98a553d8e4cc79ad0adde1abdecee4ed387c8af87a0e6d1
-
Filesize
56B
MD5f466cd36ac90044c2133218eddafb540
SHA16c285da1b082c228ef08e45efe34344ed7c39de2
SHA25636b98b1c72b607abb1a33f694f351168176eae34400486d9df7320a55b07613d
SHA5128f6b5b087c031370d01d715bb1c580e2c5b9e03e41a194d8cb16520ed4df56eb9de42ff384cbfcc8be8d3dad91136e39f1eea932dd9d5346485cfde9afce5259
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5398c021cf270cf0513467218903aa0d2
SHA1f8a5e0e3391a06e9b57bced4120bb4e3e7001a3f
SHA256b48ae03d21c5cf0c9b5a8af61e790a54b7be5a180f7f32244a3020fb5301aa42
SHA5125fa38001c730ea89af26dce4cc93aeccbca687ef785b4f5fae2f8d70fb63c1bcdeed7d96504192edc7ab5fa7e2bcc8e8ded3c9d471f4f977e71217eb5de12441
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
36KB
MD55f57bd8e630c2c2ffc0a59eef41742bd
SHA1c98112296d4a4a9451c426e42b1b3cc69dbff96f
SHA25670540956dbdf0a0b6f53f22463afaa2dffe1bc7454f96a36c05826d629b69dbe
SHA5121f2363e2c9df1187a30bfc56d641f9a742bc5d070997ce7743dc633e3da0fc951800f6af214d6549704028537079084ee5a7ccc7d44f511648f44c88a88ae2a5
-
Filesize
174B
MD57295bad06b34ea24ca5871344378044b
SHA136e29660985545590ce804013fc711adef2fc2b9
SHA2567c73305fbb6100b86f46b8a31f07f5e3c36059bd9d91992bcc2d2cd34f128456
SHA5128dcea842c81fecebad418b15c143ee785a44308a743f12d0cfd1ac68c628def78a155e484c71fecff881dce0a2a08649a718ba525ec54cbb28181f5747bcea16
-
Filesize
217B
MD5b732d107c6ed3f6a7fa1170682d2485d
SHA13875b7ba5ce62dc899eb95e30bd327f3b878626d
SHA256f7def078f407bb020967bd878fed3402c44a0ead36391dcf257194ad1782e79d
SHA512eb9d7aae374fbc6a8c1a373b38178e564463e24558405abe49f36b84fb6420ff2db13c3a395db4091b63014e46d680b7e86fa8d3b472e280540d8f7b051087b0
-
Filesize
14KB
MD5c09529d0c39411f24bae4c80baf18892
SHA17cdc9ccc116a92964dca9249f79abb6b8cb0ddcb
SHA2569616347ca2ea247f3627152d0d2e820a527e4a578e48362bee5390cbce42d623
SHA51220a1d3294a7a221e1ccd3986da8bbd3beefa314f04429897648518c0d9a4cb22d681a13fe0ea961f1279e93f94a0e628b08fc83639b725cea79d3c0610d61d29
-
Filesize
32B
MD53583a8b06d60eb2c5fb380cbc4874066
SHA1fcd8fa44a949bb1244ae4a11d1e37ab06bf24095
SHA25635e8270a5c689ec6c0d2dedd014926e107c6a1a64509b43fc7873dc689d4b895
SHA51297e5ad20771f8f9680be55cb02ae099af899b1a6e832d3ec2a985147b936a9ad7715d3f38aa83c3dd40e3924c80c283a91c3f711588e23e43f458aff43c9c458