Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

6

2a41793f7f...18.apk

android-9-x86

7

2a41793f7f...18.apk

android-10-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    157s
  • platform
    android_x86
  • resource
    android-x86-arm-20240506-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
  • submitted
    09/05/2024, 13:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2a41793f7fd54659432a9e3120252a7c_JaffaCakes118.apk

  • Size

    26.6MB

  • MD5

    2a41793f7fd54659432a9e3120252a7c

  • SHA1

    44f13d84278aacb3ed853f33b6e1a1c5eeca7bde

  • SHA256

    fbeca7979fda386f24c91de84102facfc3a8ddea0580b9d6858407b781accc70

  • SHA512

    fe20ff1ef6f71bafe427fde67ad34879291422b7e3392cd563e6aef72ea9a87563ac685b7a6a11bd7dbe6f157c88ed9d99caf94e88e0119851969584bedccdbc

  • SSDEEP

    786432:46KwbZKicGMQ2v9zUMxLE814KAUjdOAUKdGlWw:4bwlbNMvmuE048jdiZT

Score
7/10
discoveryevasionimpactpersistence

Malware Config

Signatures

  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 9 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 2 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.jxkj.kdvedio
    1⤵
    • Checks CPU information
    • Checks memory information
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:4237
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.jxkj.kdvedio/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.jxkj.kdvedio/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4301
    • sh -c ps -ef
      2⤵
        PID:4472
      • ps -ef
        2⤵
          PID:4472
      • com.jxkj.kdvedio:pushcore
        1⤵
        • Loads dropped Dex/Jar
        • Queries information about running processes on the device
        • Registers a broadcast receiver at runtime (usually for listening for system events)
        • Checks if the internet connection is available
        • Uses Crypto APIs (Might try to encrypt user data)
        PID:4333

      Network

      MITRE ATT&CK Mobile v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /data/data/com.jxkj.kdvedio/.jiagu/classes.dex
        Filesize

        6.2MB

        MD5

        8789d443589cccd6b3c70c1af1d9fdd5

        SHA1

        ca1221653a863b87d295dfc2bebad07540a50e9a

        SHA256

        e8c56c42fa3eb87b85ea9d55574825d30eeb33fca95318334eea7fada6d97297

        SHA512

        309ad2a765927f96a2d678e830da144172d47f9e1ecd459726b3984f29b910c9ca77d3ff342f33e2921238f0080b153270927d35ebdc80601d3c307122daf23a

        Download Submit

      • /data/data/com.jxkj.kdvedio/.jiagu/classes.dex!classes2.dex
        Filesize

        3.7MB

        MD5

        10a2215bbda60a8cb5a0374426668749

        SHA1

        1f389c95b409922640d5ecfea55498aa7ef0c275

        SHA256

        9a7e89ee872a19b2585bf2b82dde19067ee64a3785c4ff37a8c62bcb68fd5136

        SHA512

        85b6e0c53e8bd537da62c01640595066379f6844baa2424bbd74f1ba8d8641b3d27efbe6667853bc74364fe04a34596f293e9eff8377f69e7a548e9460cde48d

        Download Submit

      • /data/data/com.jxkj.kdvedio/.jiagu/libjiagu.so
        Filesize

        475KB

        MD5

        5aea02f4e4c77fbf2e7a27f7ca9cc06b

        SHA1

        522db1748608e9173547b29b7aa82ddc3542c534

        SHA256

        5a1c513b347e2a929769e2be67552c1d591704f08f7b5590282b66cc2c7d7bd2

        SHA512

        5c979a11f5e896829db906f533756efc1cf3c5a7e35ecc9e376a0aae818f2dada013441649feac2e188bd51affbbf35156e32fdc6552e185bddbc547f3850316

        Download Submit

      • /data/data/com.jxkj.kdvedio/.jiagu/tmp.dex
        Filesize

        284B

        MD5

        f1771b68f5f9b168b79ff59ae2daabe4

        SHA1

        0df6a835559f5c99670214a12700e7d8c28e5a42

        SHA256

        9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

        SHA512

        dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

        Download Submit

      • /data/data/com.jxkj.kdvedio/cache/cache/journal.tmp
        Filesize

        36B

        MD5

        37e8e716e0e2f4a0b05cd9571d95b84d

        SHA1

        f8d068f6931707bddb8cd69f706f2224ad1fea3c

        SHA256

        7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca

        SHA512

        e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

        Download Submit

      • /data/data/com.jxkj.kdvedio/files/.jglogs/.jg.ac
        Filesize

        32B

        MD5

        66bd6470dc0b78fb7fd6cc51d806b582

        SHA1

        f089b1e40bf4566113149273941a575022554bb9

        SHA256

        1a950589dda05055009f688f1eeee4db26dc840c25d8e2c067d49480f7654e50

        SHA512

        e232f7ba3b228a7749e1a856585b8898bd382adb534b869bbc7796ea48e5272211b9495c730ef291c21e9272f9b8886a1c8ff6f3a3c23376c2ed8b6be7e4bc3c

        Download Submit

      • /data/data/com.jxkj.kdvedio/files/.jglogs/.jg.ic
        Filesize

        32B

        MD5

        c532c1eb035e8c966a0707a05c022cfd

        SHA1

        c9bc28547ac25462782ad43ce27d26b2d38cbbc6

        SHA256

        d45ea61232a7a09f530982af1ebcf9d7707c55244eb93d21529c07153ed3150a

        SHA512

        da7a1825e5a5b72531979d26da2ed48bbe15792b468b70f0d88b4d5e024f8cdfd221431da77a6ddfb88af33eef455b77282cd9f5ec3619e1e8cf6bd08d695517

        Download Submit

      • /data/data/com.jxkj.kdvedio/files/.jglogs/.jg.rd
        Filesize

        73B

        MD5

        d946eebfbd91bce457fc823481b3a472

        SHA1

        146b66822389f590e2aba646b4c83f4f4a6718e3

        SHA256

        b69921162ee709148d838d5c862ef272703b7a432280e79aaf639effec76d612

        SHA512

        8b7ed602f72adbf15e8c40617ca49885f57ff46c11ff840980bde4334b505901700a586a1ec95a447bc28ec000c5279a8b5aa320f3aa603bb7a1f5cc14a52897

        Download Submit

      • /data/data/com.jxkj.kdvedio/files/.jglogs/.jg.ri
        Filesize

        307B

        MD5

        26c5a2a97dc0c1897b420cb1e685371b

        SHA1

        ed98bc52d74d632300a4756765e9e33a2fbab7d2

        SHA256

        72756a72054f4f7cfa2256e12b7eae834a0996c05ce7e15b5234f86518b40056

        SHA512

        7b5c52a8e45bd2542ae5243c74c6b24d8151f244d45527a96fddd6a9a80579063e2b4705d174d490997aabb73434169b084cb68f4a8ded85401bacd027d606b8

        Download Submit

      • /data/data/com.jxkj.kdvedio/files/.jglogs/.jg.ri
        Filesize

        314B

        MD5

        6de05306571c89e84b95f855c94f10c0

        SHA1

        8ce00da18c051c0498d2219b33662278d1f31d29

        SHA256

        b9ba3ba66e641e55ea64abf18900ab4a3d7441b86429d8ec086246e002f36825

        SHA512

        41adaf20a03715e5b0fe5c046cf47b510a8d3d41e8c31851e20fb6052b4c7fd2c508efdacf9f779c32359e754f57736867a402b138ffc869cd0ea9a9fe67baa6

        Download Submit

      • /data/data/com.jxkj.kdvedio/files/.jglogs/.jg.store.report_pid
        Filesize

        32B

        MD5

        b97b2a31028b13d54296046c10c64f64

        SHA1

        bfcd9937d69d8113df1fd470394849640de2778d

        SHA256

        e64d54b45e398730fa89ce9b1d062e67e2edb94b64f62b5510ab132e98793d19

        SHA512

        f360ceb904f4cd79c22ab58d6e90d9001d403184d25cb72ed5e8876f890e59bd6bae376b15e5b2aab99056dc50ff7a8b99f0331b6341877ec8a62c83a28e6cda

        Download Submit

      • /data/data/com.jxkj.kdvedio/files/.jiagu.lock
        Filesize

        27B

        MD5

        6876278b4c5ea6c565dc745d44874bb6

        SHA1

        64ca64ca1fb9c8c82288fce692d9aefe623ba7f7

        SHA256

        14012282b36884d47d6c1c4b4aba3f2eb53f5a60e0e7667347618c4be2b2b432

        SHA512

        2c5dad1d21b33de740826ece2389e3f3cb1540ba21a97645c49130a0c37a4047905e06de08d264a036a6ea4d9071527e67a8cb5e535fa00d3b8225f46effa1c0

        Download Submit

      • /data/data/com.jxkj.kdvedio/files/jpush_stat_cache.json
        Filesize

        119B

        MD5

        5fc949974ad6947e54d16a2bfe4effb9

        SHA1

        b2b89f88a000c89670e05da114ad5fe5df27c765

        SHA256

        e1c8f67cc58726605ec9d9fdd7344ab19b6a04de9796715a738757e15881b9d3

        SHA512

        0cdb04d92d6b5fbf1181e94ee6fbb584dfb0965294e2a0c97be4164cb8afc6de432c9a247035e22f149ee500c33420cfe48bfaeb3c09d57b02fbbd59a4f51eab

        Download Submit

      • /data/data/com.jxkj.kdvedio/files/jpush_stat_history/active_user/nowrap/01124106-76a0-447b-be1c-463ecb17c0d7
        Filesize

        159B

        MD5

        b8a48401a3e55d72abd73a61a90a2ade

        SHA1

        5f15fa9ecdcba0af11d33d16d59b87b1f5842abc

        SHA256

        e6a5cc73d76bf36018ec4de3e5267439f2188cc84a042505379c10c300fdd751

        SHA512

        d5b9a8a72cdeb6e1194d945a4b9394a62127b5f3f9967396c22bdefdc0e5e05b236723df3aa244439c5e70c9f597c07767b467718dfb160d481ba411790bdc97

        Download Submit

      • /storage/emulated/0/data/.push_deviceid
        Filesize

        32B

        MD5

        cab210b732acae7aa2d4bd350b464431

        SHA1

        fd052d5777cfddff41f763ac3514f1ca71dc106c

        SHA256

        1425d3477175cc243812ac2fc18a5dd2416da8bb4486e6889068bd269db1c00a

        SHA512

        3ea3a50d4ffd5dd679294ff26c2d295b9c9343866532ffe7c7650133d60f616d4f2a24cdc6fc8f526a93c4a68629a789e28e4a4e8cf6bc0f992ab7c824e97d8b

        Download Submit