Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
139s -
max time network
156s -
platform
android_x86 -
resource
android-x86-arm-20240506-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system -
submitted
10/05/2024, 09:25
Static task
static1
Behavioral task
behavioral1
Sample
2e72737e59c62adb8747c0e58e56abe3_JaffaCakes118.apk
Resource
android-x86-arm-20240506-en
Behavioral task
behavioral2
Sample
2e72737e59c62adb8747c0e58e56abe3_JaffaCakes118.apk
Resource
android-x64-20240506-en
General
-
Target
2e72737e59c62adb8747c0e58e56abe3_JaffaCakes118.apk
-
Size
12.6MB
-
MD5
2e72737e59c62adb8747c0e58e56abe3
-
SHA1
08ad7cec0e7db5a8f1ca7aae2e4f51206463c056
-
SHA256
0874f00762c96eb969cbdc1a2a168299653a078d1c20cfebd4889caaa36f9895
-
SHA512
35beba43eac6d2f1d59a53f5488b3a607115f0ba83ded38dbb002bb187431ff63f96cfade8182131f2773234653118c496cbb35f4337b5cd6e2d65d5133b543f
-
SSDEEP
393216:LcB1KOey9uhdHkLuyxCldtWZCfb2exuh7:ADKO+DHk6aCjtpzfu
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks Android system properties for emulator presence. 1 TTPs 7 IoCs
description ioc Process Accessed system property key: ro.product.name com.znjf33.znjf Accessed system property key: ro.serialno com.znjf33.znjf Accessed system property key: ro.bootloader com.znjf33.znjf Accessed system property key: ro.bootmode com.znjf33.znjf Accessed system property key: ro.hardware com.znjf33.znjf Accessed system property key: ro.product.device com.znjf33.znjf Accessed system property key: ro.product.model com.znjf33.znjf -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.znjf33.znjf -
Checks Qemu related system properties. 1 TTPs 7 IoCs
Checks for Android system properties related to Qemu for Emulator detection.
description ioc Process Accessed system property key: ro.kernel.qemu.gles com.znjf33.znjf Accessed system property key: ro.kernel.qemu com.znjf33.znjf Accessed system property key: init.svc.qemud com.znjf33.znjf Accessed system property key: init.svc.qemu-props com.znjf33.znjf Accessed system property key: qemu.hw.mainkeys com.znjf33.znjf Accessed system property key: qemu.sf.fake_camera com.znjf33.znjf Accessed system property key: ro.kernel.android.qemud com.znjf33.znjf -
Checks memory information 2 TTPs 3 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo com.znjf33.znjf:CoreService File opened for read /proc/meminfo com.znjf33.znjf File opened for read /proc/meminfo com.znjf33.znjf:PushProcess -
Loads dropped Dex/Jar 1 TTPs 13 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/data/com.znjf33.znjf/.jiagu/classes.dex 4502 com.znjf33.znjf /data/data/com.znjf33.znjf/.jiagu/classes.dex!classes2.dex 4502 com.znjf33.znjf /data/data/com.znjf33.znjf/.jiagu/tmp.dex 4502 com.znjf33.znjf /data/data/com.znjf33.znjf/.jiagu/tmp.dex 4550 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.znjf33.znjf/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.znjf33.znjf/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=& /data/data/com.znjf33.znjf/.jiagu/tmp.dex 4502 com.znjf33.znjf /data/data/com.znjf33.znjf/.jiagu/classes.dex 4608 com.znjf33.znjf:PushProcess /data/data/com.znjf33.znjf/.jiagu/classes.dex!classes2.dex 4608 com.znjf33.znjf:PushProcess /data/data/com.znjf33.znjf/.jiagu/classes.dex 4668 com.znjf33.znjf:CoreService /data/data/com.znjf33.znjf/.jiagu/tmp.dex 4608 com.znjf33.znjf:PushProcess /data/data/com.znjf33.znjf/.jiagu/tmp.dex 4608 com.znjf33.znjf:PushProcess /data/data/com.znjf33.znjf/.jiagu/classes.dex!classes2.dex 4668 com.znjf33.znjf:CoreService /data/data/com.znjf33.znjf/.jiagu/tmp.dex 4668 com.znjf33.znjf:CoreService /data/data/com.znjf33.znjf/.jiagu/tmp.dex 4668 com.znjf33.znjf:CoreService -
Queries information about running processes on the device 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.znjf33.znjf Framework service call android.app.IActivityManager.getRunningAppProcesses com.znjf33.znjf:PushProcess Framework service call android.app.IActivityManager.getRunningAppProcesses com.znjf33.znjf:CoreService -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.znjf33.znjf:CoreService Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.znjf33.znjf -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.znjf33.znjf Framework service call android.app.IActivityManager.registerReceiver com.znjf33.znjf:PushProcess Framework service call android.app.IActivityManager.registerReceiver com.znjf33.znjf:CoreService -
Checks if the internet connection is available 1 TTPs 3 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.znjf33.znjf Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.znjf33.znjf:PushProcess Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.znjf33.znjf:CoreService -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.znjf33.znjf Framework API call javax.crypto.Cipher.doFinal com.znjf33.znjf:CoreService
Processes
-
com.znjf33.znjf1⤵
- Checks Android system properties for emulator presence.
- Checks CPU information
- Checks Qemu related system properties.
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4502 -
chmod 755 /data/data/com.znjf33.znjf/.jiagu/libjiagu.so2⤵PID:4527
-
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.znjf33.znjf/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.znjf33.znjf/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4550
-
-
cat /sys/class/net/wlan0/address2⤵PID:4644
-
-
sh -c ps2⤵PID:4915
-
-
ps2⤵PID:4915
-
-
ps daemonsu2⤵PID:4940
-
-
ps | grep su2⤵PID:4958
-
-
com.znjf33.znjf:PushProcess1⤵
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4608
-
com.znjf33.znjf:CoreService1⤵
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4668 -
/system/bin/sh -c getprop2⤵PID:4798
-
-
getprop2⤵PID:4798
-
-
cat /sys/class/net/wlan0/address2⤵PID:4826
-
-
/system/bin/sh -c type su2⤵PID:4846
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.9MB
MD504c552063363d3e43d5793dfe797ce8a
SHA113d6433b80369ed671f21c143728b0c3c5454a96
SHA256b237d1673e9d0046b75282d7bcb7fac3765ead2ec368ca4d53004f40f87c9cc6
SHA5124acfe6fd463b3e159b9b79cb971e88aafbba451abb93a07557d274b0d8ee0284dd2da69166ee7ff377e152230f76ad75172dbdc6cc7477b68642504c50f024bb
-
Filesize
2.4MB
MD5d4b0bb6125f4eba71637e30bcfbf81c8
SHA1abfe5016caec96f2a7cc89a20c964410ad16f19b
SHA2569c4c1ac850473092f4f1cbedbd6180ed45368f6c9cba9c8326f9ec5ce6116f28
SHA512131f356a349364cbd8be79b98c5afbb42140b2cc8afa38a2ce324fb6bc6de71fa1ae48590bdc6b410e31dc53d709a65c14778e45bcf9a87cfba48529a239226e
-
Filesize
3.7MB
MD5d78e18d2cbd3f5c9e697c12f4020fc49
SHA1a9887506555e45a8ebbc180e1040e0849844f598
SHA2569ad446118d1846080e2a426f988290cb87240dce81b88a1422be917bfcb2529a
SHA512c6d0aab3745684d77358c278268eb5d0e36c54a0f8dc6a76352cc9c743c10c499a0f1a40b02660fbf17fb60cceb703b7021a9a45c7f8585023ad5dedb8e85ac2
-
Filesize
284B
MD5efde6fc19d25115e44a1ab89a82a8134
SHA196e424ad879a08ed99ae8cdbd7576c17838c67ad
SHA25648f99c97ce3eb5a766bd4572f7e499780442d35c63c9c1964e6440a5bdd861d6
SHA5128a5b13601d1e7f81692efa601df030c839aebd4e4e87266a6e331db499de91dcfcc23ea924dd0b0342c74201df8d70947351a9d55071ad514e94044895c50293
-
Filesize
284B
MD5f1771b68f5f9b168b79ff59ae2daabe4
SHA10df6a835559f5c99670214a12700e7d8c28e5a42
SHA2569f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d
-
Filesize
224B
MD526541590e3d2f8f7150709f0ebf91455
SHA115f3925705b55132ac5babd017201092ea355ff5
SHA2560fd81720a4ecdb53f8079cb70255a6f046a729c3ec85a531aa087a4894f52ae4
SHA512348caeba6ba24ba35fe184f30a4110115515ded5da778ff8009f5f2a6cef9d608373904e1cbaac5e368aec669ac671cd29ecca1480b8a6b847f4b762ed635a4a
-
Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD590c780e009792f2ee270445febffd314
SHA172b66334151b906b5e7fd292422934a9641912b4
SHA256b236e7ae0251a236fa8205d38ab17aa8925a6164e214acf4967ad3da7ff83e9b
SHA5128928fe1cf0f5563f759891eda7cc17e946267a7c9ca983efd4d9dfb649b31768250ffbef331991e3fcb1eb9f47a60816ce585297b6bbb24855393019d85f6640
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
80KB
MD5c7f1ec552e1c530d5a52197a035f6edb
SHA114b011316d5a9546e35a121d95fe182584104b33
SHA256f01e3f0a5aedec7c50551566203c97668ab08bdbacfc514cf14f9542d63cb851
SHA512bdc6f1bb1f8c3aa8d90d0c22136d5ac1ad4947825d8aa4270694d98a3c10db030916e425418bacf539061e5446439f273d35cbc5bcbfc2e6506e8f0973e055fc
-
Filesize
108KB
MD57626a7de65f302714815f8b2e4182f45
SHA1e43e5d2299507031c68b5896b660a53aa7e68454
SHA2568d16e6421f5db4a6f99d5da8d4d8efd88e5f50ac55e79886bf4c638b4fab5481
SHA5126bd5eb0f29cd87594c46770657e15dfeff69eb31c166cc7ea67b95f69bb5611edbd4306e6ad71a8bcd71283ae16ed8f2ab00f93f75919435593593ad0c0fb3f7
-
Filesize
58B
MD5886aad6e55eaaaa6dbae4b300958b67f
SHA1765c14523ce86d390b6c593d68a5c2e548001cd1
SHA256686e310e2ff3ca1122a0f165f8230761b9d5f7b26398fa993e9b84a627fd037e
SHA512facf2dea2aff698e1b6c6201437cf5a58ee6ece78be2f19e2ccb2bf12ea7f38535e4d0d7a6b9dcbccb02cb15d223152b6c01035c9250a976fd0fa8e8e097ed89
-
Filesize
40B
MD5d4a77a09a64d82aa68db05ea78831da8
SHA1ee84f71d48ada4aeaf47c682a55414b14fe80154
SHA2563ab822c3ebf26deb8f1161e4a930a670305218fb5f6e544a2fdfc3c54aa2a7ff
SHA512a7ecc1ddafb2ac5b632ed281e42ebaf8f1f1b6c25c05eef4d285b502ac10196987074460c2dad8d329af30631c3a34c5dad98e637cac19e0b5802b117a61c7e4
-
Filesize
340B
MD5760158bea0e48b6af4f59c5db014ef2f
SHA10d85540e46ecd19a05f01f854de7ed81fbff0b6d
SHA256fb681d0c2b0aad8d6b146305193144268a0035b1e2c180220f73c9aa36dcfeb9
SHA512efb3ee133adfb8b5d646107731d2eefe2d6f8783880593df3bed782ab2b919cc7d41f5cd4c0f3b2c94bbdd9a5c60b9d29e24e35f61d622e19d81d47c2a9d0074
-
Filesize
340B
MD5cb8a6e7d2c29833fc287bb4c3b0a8365
SHA198d0bb74d24c2aed350244523a1c67f69583941a
SHA2561cbf87507cb93e5f2390c08273e69dd50d16a32e694663f1c8f215de85bffe3f
SHA51242bb081f85e3bb5b2c0b28c164b287a52946d354cb670eba6efd1bb4aa8dcb3494aeb57016544aecdaac61ad1638f73e2924fda1e9215fb7d31a3b2b35cb5f26
-
Filesize
58B
MD5ec1c413a5a50e3e1fd31a3c2c06beab1
SHA19077054b7cd99dd8f6edd6673cddc75c0a202f02
SHA256a38b4515a36b641d8073f41fb3a483a430c21f7a5c2b00e9bb29b4359e5fd8ee
SHA5123eb9d87af9dad4fd7b74353afa883fbce7503cc76f2e5000851834174b66db264913296f1971468cd40697f465608926575d6261e552be738e72a88ec61c2188
-
Filesize
314B
MD500baedb07e51bfd2e90b773b1594d5be
SHA1d79032165d9f9166783f06e17f0ef2ef358cc508
SHA256046a798e7a102e1c5a01dd427df2ca2268eee8810096c669efeff580a8739e34
SHA5122d9700e7e978aec9c8c8af470e9bdbda88541973aef944826ae5f906b061f639ebd532aa2c8b09f515faab2527f059cb7e893cf8c74ea48054f243e1a374839c
-
Filesize
27B
MD5e8653ececc0e2f2d74316ba696bc604e
SHA1d2d30d2adf180b310832a47fe42cc705db961c25
SHA256121462a5dfacf0f15a6287ee40bdc24f91ea0a15f60fa1ddb152b1980e68895e
SHA5120d96510f32eac776012ec130ea6b76037d8df8c7690b5799ac0323aa3c9a2a833c9cef2a9c4e6904984d06cf1810fb6fd439c37780766b81c20788b5d99d7797
-
Filesize
119B
MD54a5b71624a6a9ad4820bf749e6ab7ec8
SHA16120c9dec28168a9ec0d1d1a48c086572e99a416
SHA2564b820b56a907d1458327f1ab0594883948a6885b827fc412340df098f871144b
SHA512c292f291ef3a6d74dfcf47b32800b14b988a73ebf1b5fa01a136d3b48517d01d07bbfeecd700124f60bb74febea91669ed1461e78f937fe71dd867b2d8f63915
-
/data/data/com.znjf33.znjf/files/jpush_stat_history/normal/nowrap/d0917ea9-ae77-4b6a-8fee-4e331c5c26a0
Filesize159B
MD5775f0993ba71857839966ae7f616f00c
SHA15135c06390ffaf611edaac9915cb1a83c71e935d
SHA25666cc869f33ef51ce846a51e04d5820a79b5c0523895c7dd4d0639622e8c6cd96
SHA51283137c15d70f63d1681c4d255ba5f6c705508fd70b46ff87ca890e25de0cf8ca2368dfad5622bdffbd39c9d5ea7061f7df7c96337b96a8d7478ad41194578783
-
Filesize
111B
MD5a99a4eb8144f0aba93b18ec55a85f1e2
SHA1292747bf04f28eb025205130af3900debd2e0792
SHA256aa438e1795dafb419935f864fb175b57db4e8789039ddddabfed9145568d8508
SHA512d7bfa9b66d4a59cd866e04dc34c9f34f1f865dbe5a8433e9aa36468d384a1746268626cf91d2b9f228e19a87d812e3e089c3a2caf3ca217d775623d7996bca95
-
Filesize
213B
MD5a2eabab0d6d4436721e184997b7736ec
SHA1fc6199392a0296e3b0a7b0f2f1e5550ec545ebde
SHA25651890b9096c0058f11c7b38cbfee60c1e8ce6861fb83e3d0f13783934050b0ea
SHA51271bc80f8fde7cb26657028c10f7ca59e1169411eedf7aee0e2b7fa521fbe207bd0e1a980c59b70aad45b52d2e8a0afc960ccfbb63d5769c402dafc03d662d5aa
-
Filesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
Filesize
111B
MD5eb5d558cfe4f8c618db8a4035e51f847
SHA163a5d8b33db29be8788cd8bd78f5aace5956f207
SHA256b40aeb88e5ed78125532fa1512e42c974c4b67f86cbd3c6346594ae73e476a1c
SHA51260a5d60988bbe80c339c14bc01d6c7041f61d6bd09c08f56d9256fe71da7e36d987468936bb156598880fe519d0a4ba8e4ffd1f93c856abc5cf915b9ad2b5111
-
Filesize
167B
MD5507866f49932e8aefe104b7c8739365e
SHA1d143a94f90fd1ce09be09bb57819e6862d368047
SHA256ac4e6a23b21be7c33215fef657685b82683216d5ed8a0a9770d7e644c963783b
SHA512e9f1bb526c15603535ce66e235ee1ed7943004b6836755db0045a98eefbcb13be4c3b4e3df1de5920ea12d36e5dddae27ca6b6150520ad8c58a9ad20bfbef39a
-
Filesize
48B
MD51d8d16c4e3b19ebf18988530d9b9a757
SHA1bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA5124562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82
-
Filesize
32B
MD598690aa8177045c12f2d2cb92d62f829
SHA164eca133aff22aeeb23a204afad572698ff51395
SHA25601eb645a22bb5457e8d26f7516e1bba09d3fee82addce7be9db3297d32e78209
SHA5121c14cd1bc48ed017c8527210726a08fc0123c345e1148bb8a356d45c726a712581bf1981d244b83c9116b315803d5527637a3526a4c0c83de6be3b6eb2a9fa7f
-
Filesize
2KB
MD5140ca31e684a9dee840d023ff3cd014a
SHA1cec2ad4191d476c8966375a62987615c01a26625
SHA25608204651239aac123c0cf67a732f5880f52016e01ac8cfb25924ece4b79f4ef8
SHA512bfb60cdb1cc6a692f1ed5a2762d51dc0b31522eac3f1bbcdc8de671c31b16013ecd86cbc97a9be39b32228f5b6a238bdd5583b2711476cfe663912e61341c953
-
Filesize
32B
MD5ea4fd098fb163d645c0f90db24cd6c1e
SHA199a11b1ba612f47f1249318fbd11d422d635d5b4
SHA256340cbf69460b1922b6561695ba51a255abb11bd9d3dd7a95a81cf71c6c1fe2bd
SHA512335a394c99582d1f676e3ed6a8370d1d87e633610101bb65cb343313c8142cce51cb9469e30e74c40b6dd7300ac2167551c2f4222e3bc90a1f5fb96e33c515c3