Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

6

3779ec96a1...18.apk

android-9-x86

7

3779ec96a1...18.apk

android-10-x64

7

core.apk

android-9-x86

core.apk

android-10-x64

core.apk

android-11-x64

res.apk

android-9-x86

res.apk

android-10-x64

res.apk

android-11-x64

update.apk

android-9-x86

update.apk

android-10-x64

update.apk

android-11-x64

v0.1.8_egret-dex.apk

android-9-x86

v0.1.8_egret-dex.apk

android-10-x64

v0.1.8_egret-dex.apk

android-11-x64

Analysis

  • max time kernel
    150s
  • max time network
    157s
  • platform
    android_x86
  • resource
    android-x86-arm-20240506-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
  • submitted
    12/05/2024, 01:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3779ec96a117c4e92b1707506727b34f_JaffaCakes118.apk

  • Size

    14.6MB

  • MD5

    3779ec96a117c4e92b1707506727b34f

  • SHA1

    bb0240bd2fef251ea5b4de6206834469d67ac00a

  • SHA256

    eff7155af38497335622426d7bd5a0809149259691bd5a9b052655fd4b7d225b

  • SHA512

    7d2d50824becfcb63a86485943914da016964d8380afa63fad20946c693d3869079e293495e8074b778bf574e60df0774685815a170e6b328d4b263e197c79dd

  • SSDEEP

    393216:YjQ67TpVAc3Txql4JuF3I7D5Fb0Mpgpr5GOY5zG9Pk5CgFzvO1nF:YkUTXAcNAl3k0Mpgl5Y5S98LF6v

Score
7/10
discoveryevasionimpactpersistence

Malware Config

Signatures

  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 4 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.byhzgbt.jlhd
    1⤵
    • Checks CPU information
    • Checks memory information
    • Loads dropped Dex/Jar
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4299
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.byhzgbt.jlhd/app_libs/update.jar --output-vdex-fd=52 --oat-fd=53 --oat-location=/data/user/0/com.byhzgbt.jlhd/app_libs/oat/x86/update.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4337
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.byhzgbt.jlhd/app_libs/core.jar --output-vdex-fd=74 --oat-fd=75 --oat-location=/data/user/0/com.byhzgbt.jlhd/app_libs/oat/x86/core.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4368

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.byhzgbt.jlhd/app_libs/core.jar
    Filesize

    442KB

    MD5

    f84ba6f0daba937e6d435442c99e8387

    SHA1

    038c9ca9c9ed1c3321bf7fa641975be25fd2241c

    SHA256

    428827b1d99667c2608ac1c8708b9e3c87018134c1e640b1990cd73adbb77088

    SHA512

    9a8091c2cd339187341868c4f7ac473852c9cff788d53e6148f99e3093ff6129155cdf985be556dfee4d58b1eb9ca39093fe82bc04d3fab147534dd47781a50f

    Download Submit

  • /data/data/com.byhzgbt.jlhd/app_libs/update.jar
    Filesize

    6KB

    MD5

    3eea0fcda4a513b99cedf31c7452aaf8

    SHA1

    071da147eacf17f1c10fc6362ac43839ee96d5a2

    SHA256

    2a9b79160a4eae5fea2e7fbd3e0498eae8af9d0e8d784b18ac81c3468da6e0a6

    SHA512

    12a20677a8f36778ceeead1e35a9a20dce8ecc9999803db2e3e40312b74847ccc9efbc649b4949dae38520287b7a01bd50c81dbf9fe1db8fb7e9ecd070801880

    Download Submit

  • /data/data/com.byhzgbt.jlhd/files/cc/libspeed.so
    Filesize

    29KB

    MD5

    064b3bbb9928d353b389c3e7718f3bc2

    SHA1

    b12282b49a55a0135f11e1f210d93b5ac93ae654

    SHA256

    1ed41b1ce39554e23ed4af12b530a56a6f4ffb1594331c5e23a257666ff9ab9c

    SHA512

    29d775c3256243c9eb621a72a411a18a4b050f1c71c12e58456e16ad35263d8eb5e08c2a694e6fd0242520839c6c227b53ca8d56a7aa619ed5fe8a13965a3bdd

    Download Submit

  • /data/data/com.byhzgbt.jlhd/files/cc/libsubstrate.so
    Filesize

    17KB

    MD5

    bdd066a27e56c3b2e852e709f33d8a21

    SHA1

    25c03dc837b5cac38ac360bc6538f1e42856e198

    SHA256

    d46bfb8cf6c9beded3a34acbe62ebc91c8dc0f806a366530efdbefd50e91d5df

    SHA512

    b95a831088d5a571a8c767c7ed03ebd8a77509b1021b73e6e0344a84b3d46430e9ae22ec9dd4467ad906597237880e8b7287e5b6b8d17a5247dde4b953f546dd

    Download Submit

  • /data/user/0/com.byhzgbt.jlhd/app_libs/core.jar
    Filesize

    306KB

    MD5

    c2735307162befc313df81d912cc7598

    SHA1

    8696cb3fb75c72233853e22f6966a67dd9c194bd

    SHA256

    a8316e0060ffe040e976cb385959dd104411da7dbc097c5c1fd2cbf94b193f42

    SHA512

    cd903f27aa012ceaca0a50f6ae83da513d027d7e9f3e5b3e4854d530ebe26803889a79bac5cb3f7bff80b40bff16648d056e0763e26d9dff95f4acdce8f5d997

    Download Submit

  • /data/user/0/com.byhzgbt.jlhd/app_libs/core.jar
    Filesize

    306KB

    MD5

    cd72ab90ef1a729ed243f71fa7c152ab

    SHA1

    71e2f42801bb01994c4141a2d18854c0074c57ba

    SHA256

    c7a7c0c4a03860aa847c5c9697e97d1b0c4d77d46d945946af6e87e1e8c16165

    SHA512

    2f41014833273ef7dce8a335179d42f7272f1d7511e85fe058f99d53e234ab9b08b520b6cc764e17d833aecb025a203499ecdb5e15f4eaf35d685cb463ef9bae

    Download Submit

  • /data/user/0/com.byhzgbt.jlhd/app_libs/update.jar
    Filesize

    12KB

    MD5

    a8ade066030ca9a7698b2a37aa10e116

    SHA1

    882b951eb4e852be49fab82909fffa49af3e9474

    SHA256

    99eef3e1243a4f07d192605dd5a41361eea5d1fe181033b379ed9d8b57dd46f6

    SHA512

    0d0d1ff244bc590a599a4d3aeb6afea06fac7d4e147387b385fbde88acde5ce9499a5783a92b58450dc5c5a0f1781e968fd92e28d101c104ba4fd10c42417579

    Download Submit

  • /data/user/0/com.byhzgbt.jlhd/app_libs/update.jar
    Filesize

    12KB

    MD5

    a052cf31f70cab7dc772b4c59911d43e

    SHA1

    08a2a8dd43484ac2adf0eb2681d57c2173360d6f

    SHA256

    f5f594fcb6fe90cad0632fbf30f8fe7fbf9a87f06dca9e00208e6eb85c778747

    SHA512

    80fe152fe391ca50f026b6144b364bfa889d4e85801a836b8641ddfe7e9ffe435796dc40e6314a05da0a1e9df781c09c681a88d32a9b0541e93b4e67f2dbd8a2

    Download Submit

  • /storage/emulated/0/UcQkDir/qk.dvid.txt
    Filesize

    65B

    MD5

    aee62d81d15ef90231fbce510c1fee4a

    SHA1

    3986abc139e8680daaf759c607864174bcc6e60f

    SHA256

    c38bddcfb19de9859a659f869feaded87025e1329efd28dd3d4f52076992c24a

    SHA512

    52c15adeb74dae58f078ba7fead11079b39afd2c157bd3b29f5442dbe7eb70008ec02b0554100477769733303cf557bf7db3b29ec145bde5765f78f502488b5b

    Download Submit