Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

6

3db13d0445...18.apk

android-9-x86

8

3db13d0445...18.apk

android-10-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    159s
  • platform
    android_x86
  • resource
    android-x86-arm-20240506-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
  • submitted
    14/05/2024, 03:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3db13d04450e1b405aba81b3033b1b75_JaffaCakes118.apk

  • Size

    27.3MB

  • MD5

    3db13d04450e1b405aba81b3033b1b75

  • SHA1

    4054a91e917bac72b7da61aee4f4622f4a06bbfa

  • SHA256

    8141846a27f9c48f2a391ec544d16784245585714fa3e88fd6196fd1e59ab9ab

  • SHA512

    e5579aab301b92b48a7b3c6db5e6ac61ffa30f522708152ab6b0b8a8def8c88a4e6fd159cb28719ae0c9378cc5d151f18132811d5e27cb3dd96bf644ea8ff0da

  • SSDEEP

    786432:goPDyE8HZRvEEslMoRR98+qBN/yE7cG2mxRP+Q5:jNSNEtXRMJN6EVN+Q5

Score
8/10
bankerdiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 2 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
    impact

Processes

  • com.twelfth.member
    1⤵
    • Checks CPU information
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4504
  • com.twelfth.member:remote
    1⤵
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4543
    • cat /sys/class/net/wlan0/address
      2⤵
        PID:4738

    Network

    MITRE ATT&CK Mobile v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/com.twelfth.member/databases/TP-infomation.db
      Filesize

      4KB

      MD5

      f2b4b0190b9f384ca885f0c8c9b14700

      SHA1

      934ff2646757b5b6e7f20f6a0aa76c7f995d9361

      SHA256

      0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

      SHA512

      ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

      Download Submit

    • /data/data/com.twelfth.member/databases/TP-infomation.db-journal
      Filesize

      512B

      MD5

      5753bf935586e8d37eba215d5c21e713

      SHA1

      72ccfc6fc812ae754a9c10ab60852457b99a1a99

      SHA256

      4cc058546a3c562a101caca33b18df944c66fa89cae802700f9e0e1e15bf9c27

      SHA512

      d40eb66d913acd97728dc7f9e2856f7d3ad7d5fafc37a095e54e72ebbc18d85a0a196ee2b738d44f7166cb8091de5edf88b97289033344a00984588fd2f23b7a

      Download Submit

    • /data/data/com.twelfth.member/databases/TP-infomation.db-shm
      Filesize

      32KB

      MD5

      bb7df04e1b0a2570657527a7e108ae23

      SHA1

      5188431849b4613152fd7bdba6a3ff0a4fd6424b

      SHA256

      c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

      SHA512

      768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

      Download Submit

    • /data/data/com.twelfth.member/databases/TP-infomation.db-wal
      Filesize

      20KB

      MD5

      3d0cb71c48d15d1897beca6eda848867

      SHA1

      81ac4eef7337affb3587f0e4664bbbaf393d5340

      SHA256

      d1f435e10215abba05e4230c5bf6aeb1ae2755f5ca758269d968fb5a32b708a3

      SHA512

      2f6eb08ca4a144d4c0968121bfc473c905384e70abb19116f42c90a06002ae0dd97ef75a1084b74ff91bda0f152836be7ddbb57e738eea3a94dcf5df8423bc4a

      Download Submit

    • /data/data/com.twelfth.member/databases/ThrowalbeLog.db-journal
      Filesize

      512B

      MD5

      6344b84ebe1c9bc5cac52cce1816eba8

      SHA1

      976d3cb7ef328106a0989f3207b7e460a56e7224

      SHA256

      dfc849e35bd3fe82d589e6b00ffb7e94a454d0d0ea3bafa7a939d0afcac88f19

      SHA512

      d0a2c55fdd802add00905dd89978b449429a55c100aa86f9d5bad61db28ed03c912cf794fb84257509ea799f33625ca8b6d31adf3fa122d32632b21d10b14066

      Download Submit

    • /data/data/com.twelfth.member/databases/ThrowalbeLog.db-wal
      Filesize

      124KB

      MD5

      5fe5f238e26ad585d9e55accd1123e4c

      SHA1

      61e2138b4a56fac9c44bee8745170dfb059df013

      SHA256

      69c681d8c4699b3563ec6f30c67ea372282d45306a34634ab8590bf4b1bb7f05

      SHA512

      b37c26af76c7d36a8e954414c600bf51b9ee91a65a9d84ec4c892b095c90f6863ce1fcee6a9dffb01e289fc083694f5611a78c76f693c883cbe320a06f945d5f

      Download Submit

    • /data/data/com.twelfth.member/databases/ThrowalbeLog.db-wal
      Filesize

      104KB

      MD5

      79d5082f79ffcfe9d1ea5f50dff44795

      SHA1

      44f004b2ee66bccc51905b2a0e432a58dc56b803

      SHA256

      0c762e0746cb6ac3f68a7c515ba8795e03a57b9b7ed1a9c387cc72f4ee7ac872

      SHA512

      77912d93a0ee1b3073ad21aa836d842ea87c4dd726805406ecca19ad1aa3c399d38dcf5fb72d887277abbefcd54ecefb9d8202f517235099d6d6a2b2eb44c66d

      Download Submit

    • /data/data/com.twelfth.member/files/.um/um_cache_1715656797199.env
      Filesize

      578B

      MD5

      b24fe8c821bcce6cc9f36d86a5cfdc3d

      SHA1

      aba99366f93f7c93c2c6d42b86ff4e8621e0af75

      SHA256

      6d5db851c78841fd4f791d61dd7de36633d220fe2d1ca6523668f86d9f55c702

      SHA512

      ad6e45bed27a7da78a8267dedccb3d1bd517f4db90d63650e91e0a19f5d53d316f197ba7d73c868fea7e8121f10b1f3a953f7d115275a35eaf969c77cdfc293c

      Download Submit

    • /data/data/com.twelfth.member/files/config.json
      Filesize

      34B

      MD5

      cd32a6e20417848a23d1529efb7a2cad

      SHA1

      21e639c905d2a44625fc6cfdd09ae8fb8d31dc39

      SHA256

      625cfbed3b88b453fb43c81ab568aa7b42e449d43942fa2bacbf226f8dd7ff31

      SHA512

      5116cd11345f65070ac0d44fc6810423e0d83e3a00f657a315ebddcb1716f7e1fbfae35db9a4411f9ff560445a5306e5a302a7e9d23254964610819a8980b6f1

      Download Submit

    • /data/data/com.twelfth.member/files/jpush_stat_cache.json
      Filesize

      141B

      MD5

      45955501e881661c70c7f792364b8f47

      SHA1

      f85cc3d789e39d10930e332623a542e65b31ebaa

      SHA256

      97af6aaefbf78066f0cbc0f134d430affc65cf5ee4e644363273ce8e27602761

      SHA512

      757cc239d45ccde1876101bfc08c0ff7548a894eb4d2a7f87e267291b65d5d3143be3701130a3eed4f54208cd7f6504db34095941f0942545b8a0d7212a4f9e2

      Download Submit

    • /data/data/com.twelfth.member/files/umeng_it.cache
      Filesize

      310B

      MD5

      e8a8325f4265c654403571ab544496d6

      SHA1

      f8b944b3887d5540b40efb07f2ce6443eb9f156c

      SHA256

      68618209295b319468dc39223c230a3b0016eb894b0947de181aebbcaaaf63f7

      SHA512

      56fe0f5b3238358942399988e5044e412b92755b9511a6738d257572d9a0a1a5a49620cb21336e1c20f79847915e340a4ff718636fa0c5ed38c3cf899ecf83ce

      Download Submit

    • /storage/emulated/0/.DataStorage/ContextData.xml
      Filesize

      107B

      MD5

      5dfb09440884f4cf6b7388c92d970fe2

      SHA1

      12304273bf2f767a6f6b9d315a9bf723906ed500

      SHA256

      453bf28dcac461045a637e1f30b89d707aa2262aa8596eecc6190ae15ceb20db

      SHA512

      5b01edfd336501d308a4d93b7edb83370626590702cadf0299a965137192f11d1aa50d7e0f0c25b899e7a45ccaa52f61f68ca778e9ff0d90326c090aa7539eed

      Download Submit

    • /storage/emulated/0/.DataStorage/ContextData.xml
      Filesize

      111B

      MD5

      c3e952a56cfc7c3d6b50210ed6d3fac6

      SHA1

      d10a43417d1dab2e9172ede88698d1d6339bd3d1

      SHA256

      bdda334533c88756b85efd21a28f52b78bce38851cf3300b2cf4106b1e827c11

      SHA512

      a7ab30608a44b5a0a503ed06a3fb5111c0395c2d13b1c211c138ea68ee7916836a6acac4e174bd289aae9d94496d634cee5f289026e3f520d1f2a9c5353bc547

      Download Submit

    • /storage/emulated/0/.DataStorage/ContextData.xml
      Filesize

      213B

      MD5

      d12c02f4dd60f46382d72424f0268ef1

      SHA1

      5ba9df5552e0c11d30a01853bad9dc544a3c18b2

      SHA256

      74fdb41400e626a8ce496da0e09e4424f961ce39651c026ed2efb3306b1c3e85

      SHA512

      21fc4a7dadee191b1ab1119b29407130bec95d6f32af21adbc383753ebd00c4b4d771c6e3f362b7b6efd16bf1f82aa3afcc098ecea2c16281f183afbe07536ef

      Download Submit

    • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
      Filesize

      167B

      MD5

      558b5f4a311439c09920cd330a873a9c

      SHA1

      72d7f34a2cfdea4c37e16abddcc877517e4f6c2c

      SHA256

      a525929ace439e5695cafda002229fd5a50a82869f736ba91d738007ea57da71

      SHA512

      95c91528ccdc809cd2f62c806fa063cd97edfe012b37284df3c3085341c43daef5b70df493eca5825f8b878d758627c3766fb68b2f0966444271332e5f1b4b55

      Download Submit

    • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
      Filesize

      111B

      MD5

      eea52bd8020f2b0598eedc9508ef4feb

      SHA1

      b20ab72645dd973b5134c9a3b17f509596b5aa88

      SHA256

      5432b6e638aa2742b3864254cd1100ccc01b6bd3f98b9a7cf4d1f6e840b2d85b

      SHA512

      3b7ab74ceeed3dacaace45ed08bd08a8e39ae4e3c188e0317badc50d171cdc3a2cb250a254af9c95d5d6a05f0d1feab77f25a1643f4311fbd8ed84ed0828afdd

      Download Submit

    • /storage/emulated/0/Android/data/com.twelfth.member/go12thman#12thman/core_log/easemob.log
      Filesize

      8KB

      MD5

      acab1122167b36351954fc0cb713ced8

      SHA1

      932ae49fdb887e0c981acd939cbbc999191ab82d

      SHA256

      d581816deb52489c4dba2730a2baa7185982e08aa271a5099a83905fea9ee1e8

      SHA512

      dc3fa0dddf535a2f03fb720d56be1a6a6ead125dbc0543bf3fcb70a3955c7770bff589444dc4ea37d0a02909ed586a9caeca26afda47c37a75c83bb44e7576df

      Download Submit

    • /storage/emulated/0/Mob/.ba
      Filesize

      369B

      MD5

      af4aa5b8478a31f604f93d175301599d

      SHA1

      e7c0ee3831345e1d106ceb28849d2add2a3dd06b

      SHA256

      8e9327675df06102237d2f4f693c7d98d4e07db42b79d7edeae34a6030defb23

      SHA512

      7d48a2daf2e70e1f509757b1de902cd3ce1a6a00a8f80f7f4c4c2cada2ac0d97e83bc5a3e47e8a62dccd0aadbc87d4370a7b77b57c54105491abb17c1e7299cf

      Download Submit

    • /storage/emulated/0/Mob/.ba
      Filesize

      468B

      MD5

      907d2029d75f85b9057666ac96626f76

      SHA1

      22d123a07291dc8c22d4f74e2232db40992a8a7e

      SHA256

      7c1669aefc196f3b588957aadd94e1ddf9f7e61157fd7f85d9a3edbddaadbaa3

      SHA512

      20849f93434fd10f2478606d6a621c396232eac1d28bcac9df1792a5ea1f6340076ef4dd4a2d7a4c68085aff99480451174a1571effe405672d4ede13df30280

      Download Submit