Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
640cd318246...18.apk
android-9-x86
740cd318246...18.apk
android-10-x64
7bdxadsdk.apk
android-9-x86
bdxadsdk.apk
android-10-x64
bdxadsdk.apk
android-11-x64
dynamic.apk
android-9-x86
dynamic.apk
android-10-x64
dynamic.apk
android-11-x64
gdtadv2.apk
android-9-x86
gdtadv2.apk
android-10-x64
gdtadv2.apk
android-11-x64
Analysis
-
max time kernel
73s -
max time network
152s -
platform
android_x86 -
resource
android-x86-arm-20240506-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system -
submitted
14/05/2024, 08:11
Static task
static1
Behavioral task
behavioral1
Sample
40cd318246e08a43c2b7e7b13b912497_JaffaCakes118.apk
Resource
android-x86-arm-20240506-en
Behavioral task
behavioral2
Sample
40cd318246e08a43c2b7e7b13b912497_JaffaCakes118.apk
Resource
android-x64-20240506-en
Behavioral task
behavioral3
Sample
bdxadsdk.apk
Resource
android-x86-arm-20240506-en
Behavioral task
behavioral4
Sample
bdxadsdk.apk
Resource
android-x64-20240506-en
Behavioral task
behavioral5
Sample
bdxadsdk.apk
Resource
android-x64-arm64-20240506-en
Behavioral task
behavioral6
Sample
dynamic.apk
Resource
android-x86-arm-20240506-en
Behavioral task
behavioral7
Sample
dynamic.apk
Resource
android-x64-20240506-en
Behavioral task
behavioral8
Sample
dynamic.apk
Resource
android-x64-arm64-20240506-en
Behavioral task
behavioral9
Sample
gdtadv2.apk
Resource
android-x86-arm-20240506-en
Behavioral task
behavioral10
Sample
gdtadv2.apk
Resource
android-x64-20240506-en
Behavioral task
behavioral11
Sample
gdtadv2.apk
Resource
android-x64-arm64-20240506-en
General
-
Target
40cd318246e08a43c2b7e7b13b912497_JaffaCakes118.apk
-
Size
9.4MB
-
MD5
40cd318246e08a43c2b7e7b13b912497
-
SHA1
654db22135370c24acf222d916b2c6f7201253da
-
SHA256
b0b3774310059a437d23deed21beada60b5c119587c9c3fcab010218905c15f7
-
SHA512
8f732dea05c697b66739146f57a4f29752c612559dc8193a981d657398abc7204f4e91e1e7e2412df26729f1e96cfd2269e7ef0d598cfe4d02a8db2cfdb68f8c
-
SSDEEP
196608:TwEKDHCCo5YXc7Y1e00kTKUOU7e7gvo0UakIsp1j:TwVo5X7B0zfOUy0vQh3
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 9 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/data/com.gosing.earn.syz/.jiagu/classes.dex 4273 com.gosing.earn.syz /data/data/com.gosing.earn.syz/.jiagu/classes.dex!classes2.dex 4273 com.gosing.earn.syz /data/data/com.gosing.earn.syz/.jiagu/tmp.dex 4273 com.gosing.earn.syz /data/data/com.gosing.earn.syz/.jiagu/tmp.dex 4323 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.gosing.earn.syz/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.gosing.earn.syz/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=& /data/data/com.gosing.earn.syz/.jiagu/tmp.dex 4273 com.gosing.earn.syz /data/data/com.gosing.earn.syz/.jiagu/classes.dex 4368 com.gosing.earn.syz:pushservice /data/data/com.gosing.earn.syz/.jiagu/classes.dex!classes2.dex 4368 com.gosing.earn.syz:pushservice /data/data/com.gosing.earn.syz/.jiagu/tmp.dex 4368 com.gosing.earn.syz:pushservice /data/data/com.gosing.earn.syz/.jiagu/tmp.dex 4368 com.gosing.earn.syz:pushservice -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.gosing.earn.syz Framework service call android.app.IActivityManager.getRunningAppProcesses com.gosing.earn.syz:pushservice -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.gosing.earn.syz -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.gosing.earn.syz Framework service call android.app.IActivityManager.registerReceiver com.gosing.earn.syz:pushservice -
Checks if the internet connection is available 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.gosing.earn.syz Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.gosing.earn.syz:pushservice -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.gosing.earn.syz:pushservice
Processes
-
com.gosing.earn.syz1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4273 -
chmod 755 /data/data/com.gosing.earn.syz/.jiagu/libjiagu.so2⤵PID:4297
-
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.gosing.earn.syz/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.gosing.earn.syz/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4323
-
-
com.gosing.earn.syz:pushservice1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4368
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.5MB
MD512ec9fb356475beb262f47479148f9ff
SHA1a943ae307754dfbb2905a1cb659e773b7da9a0af
SHA256f3d1169d3d07149fb7ce906f018c84d97388b80bae893550af975d9eb7b79c11
SHA512d5ab417ceb9b45591837e6e51a34cdbffe9703bca1573568ce926103eabb9bbaa5586056e0700fbd1053036ffd2a001467da9af29c25b886d0544402bfcba116
-
Filesize
6.4MB
MD5b2b942dc8862e6aca202e44156d84dd4
SHA1e987cc70196a17e285a893db826c035d2f3e5776
SHA256cb7c3fac46621c76b17d289206b6f28a1450e3d451d96c784b114a98a03da400
SHA5125361d441e93e89a9b2cae02a6b38bed0d59285c55b5c6893be2f01f442670bca2e94b7a58b5b60ab06e2821d897eb33c19983e9ed966545d39ad9d753ddff3b4
-
Filesize
5.7MB
MD550dff7de6f568053c1273654337dbb2c
SHA1338b0634340569aaa13a91c1d72105367a84b657
SHA25667c735825e35e2dc3147be65c1d5d20622da2a581971916501395298de80d63c
SHA512aeceb29fe85a19e24b10cca34467b05cb681a93d8fd7905dbb4df9347857c9dd0ede0c238a832143eaa198b90152c8eb672104640934503658c0e3ec0f9a2a08
-
Filesize
455KB
MD5e5a53000766ebc433b27d6a66ec4f555
SHA12c8f53f1c03aec2005bcad67d731f07261dabde0
SHA25678e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e
SHA512370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d
-
Filesize
512B
MD5e7475a15961ee772cfdaa62b2ee5b86c
SHA11f07032405c61a35bf10671ddb2a998e541c9666
SHA2565bec5684f50a3c1cef05e06b0ee41a3c1d60f0697ff82dd0b0e2e31c0e0d8e32
SHA5120137cb2f2908ecdc470b7f69e18f9fe2f55c4a7ad9e47ba296cfebc607bd919d284cf52a506017b556ffbfdfeff6e4784c539b6423873238f808dee5b039185c
-
Filesize
284B
MD5f1771b68f5f9b168b79ff59ae2daabe4
SHA10df6a835559f5c99670214a12700e7d8c28e5a42
SHA2569f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d
-
Filesize
229B
MD5d1eadee148d000f084f1294dca2eafaf
SHA168b184b5777349b98f18da28733dab83d4d1fcda
SHA256a6e9476fbe38e273bb4834171c67b210df9038ec7c7e95d2eb94f4b5fcab8e9e
SHA512f00abbb1af737e6f7f4aa0ae9e14abc683cedf9d3ee363458b1738d9dbcebc344730ac0915057d5556a2a44473b72a8aa646dd468c98a9d2222c2fb6498773c6
-
Filesize
229B
MD566eab81a49d4a07cbb2408a61e8ca81e
SHA1eee27f8a4c20c7402828afe857c43f854cce0f10
SHA256c1d6af7f0ef76d54d66c298a2bdf5731f365cb6f60cafd48befc8138d8c3496b
SHA512e39dff6a7cf0e66c0d5b4e613a1290bc26a60ef405c9f78d7904dcfa578452e08a8285d38ba83b4e6ca8289fbd64be82edeb818237599737569e17f8ced11692
-
Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD531ea1217ea08c1daafd3f19998d399dc
SHA128d18b4e5bed8b61811425732d75ba9e1cd60c1b
SHA256ea59552cb0fe4d01040e366efc593a98c41ea0be903e6d21f9fcbae9b35b6124
SHA512be934752297721eb1bbeda8ccfdc77cab27facb2f7dd5b0078d4cd444382df600e182b7ec8dbad64373e547e9045871aedbe1855152c4c14856e7d3ae55e178e
-
Filesize
68KB
MD5646b2393a3157a2b91fe505ad488e3e0
SHA16951f1f557aeff9a983250ba051ff49701422b51
SHA256ecbc37064dba72b026d3e7d5701f21840f93f8a60720d5d9b4a899ffbb01458a
SHA512467ec345e601d9b2d57914406d45327779c3277f450db91b9bd5422a3dae455f6d95559bb9717c4a375ccdff2e1850bea15520bfe1cabafbf7d3d9375be60217
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
140KB
MD56e3b9ebb2a0f4136306a10cf9178ebe6
SHA184598fa3686a84b8682e5214b2a8637ca7af3cf1
SHA2562360a637a56c56f6888459e74f7cbd78f258e23c6b74f6c99142817da0c70dba
SHA5123c65b08a84f375bd12beffbedf56b136856c66a2ff45112e46452d773ca8349260167efe2794705f7565be12476a1cc26265a8f74e375f7a0a8dce631b28911f
-
Filesize
14B
MD54af57fc40a497f73062841681d27cdd4
SHA13d4bf0744b857571f8b43bdb31f1dc23cd32c7c3
SHA256052b00f9154e2ad6c48eeb2a714b9a51e1b2d9d7b0c6c4221ed685838ea58c15
SHA51243291b6b5695617315dc98aac3be158f4388c2119fde861fc24b1f5b02b2ee91812e7ec3795fcf9e5a70e968a8b3257616dbb621167a732fb9fce8437bcaecb7
-
Filesize
340B
MD5ff0fe74a72db7dfe5116f2053650cc2e
SHA15b68f9df83b82be44f838dcaaf69365ae311e025
SHA2566ff59943409ee63d2abe1913af4e99b8b814e79ae54eb2e0fcd9a26f4dea5588
SHA51256ff2cb590b4ff0f458c39e940838269631e79337ae7b665737e43301b50acad0f613c8e80a19e37b546351459efd9b03bfbec452e647ad82c3ca2c7450cabb6
-
Filesize
83B
MD583f1a41a1f8cb1e2043ae0afd0da2497
SHA1e1eb17e19a21daaa095fa2af5715f04e475cabe9
SHA256319253306f687ffb9d9e2f79bdaf9b323a90e75cee54bf507dfd97ad9dcd7945
SHA512cb01c5d4cff729f131075ef0d9a8b3f431afdc28aca00efba81fb92ac1e8a8bef99160a5e67afa8adf8abc260784ff575ae89669964a04da0666880743cff980
-
Filesize
314B
MD5213b2be6f27a325e8119fc377c384374
SHA1c2adfd32edb55a80e4d16edbc867094ac18aa062
SHA2563c3f7b9b07fbace478c5d948bfa6b2b02396cf74b6b598e015db3d439b6575cc
SHA5121705a9a61bc3f276debe66858d99db6c0132290b5fc1d9256c6b24ecd0c98cfeb1b94f3b016f7ff7699572405249b80e73172a7f5b28f6ed4a87e57686dc0c89
-
Filesize
83B
MD5760a4b1f12eb6a16a150b916b32c2d14
SHA14e8ba6354d2303aa705cb2445fb185b7a935c914
SHA256052679cc3aecf230c4cc1595718677b47445279e7a016364b7c6b54db9ac86c9
SHA51276efa0e055f3199d9a325cba2f78c2b426f79a8e0c2d33ff0e91464558b31459e609b81b6ed89e52a0cc7a8b602ea460a4c1aaa1800bc17fd7b35a9ce7741c88
-
Filesize
48B
MD51d8d16c4e3b19ebf18988530d9b9a757
SHA1bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA5124562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82
-
Filesize
32B
MD5b6f943da3b3c7abb8d1a6baf8edbda63
SHA14636bd564cdc0ed26a4b88baec6fae792ed494b6
SHA256cbfd8ea2faec491958fe0db671dbdd155805967e32e148a9bb6aa032a1743aa5
SHA512ab7bc3af3e1dd5d1cbd74899a12596a8a5d084085341737cd127c95fa6be3978584f781772b49f7cc56e0f8f7e1d1835990a8f6f204f9419bc3ba8ca47a09b7a