Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
4s -
max time network
139s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
15/05/2024, 10:41 UTC
Static task
static1
Behavioral task
behavioral1
Sample
45c9b4191c35caa4133d80332f11a792_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
45c9b4191c35caa4133d80332f11a792_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
45c9b4191c35caa4133d80332f11a792_JaffaCakes118.apk
-
Size
12.8MB
-
MD5
45c9b4191c35caa4133d80332f11a792
-
SHA1
e4d6de17c51a1da4077367775a003f42e950f26e
-
SHA256
e728e32a967bf6305a2ae34338875aa7940c7ac9b54c6ad56805d4cdfc36229d
-
SHA512
a20ac68ad60c2af151f5aa02772bf03e57dd078e161be116ae9fc1cda970baa6206e2bc376991f6c67273939e7f64f6c5fc96fda2f4c777c111968f040bbd1cb
-
SSDEEP
196608:qNGdCMlSrdvcIr3dYPvnYszI2WpgZg3+eSFSNoraRsaRq:qNG/lSZkDQqI24geOBFSNwa0
Malware Config
Signatures
Network
-
Remote address:1.1.1.1:53Requestandroid.apis.google.comIN AResponseandroid.apis.google.comIN CNAMEclients.l.google.comclients.l.google.comIN A142.250.178.14
-
Remote address:1.1.1.1:53Requestwww.juzimi.comIN AResponsewww.juzimi.comIN A172.67.216.149www.juzimi.comIN A104.21.78.47
-
Remote address:1.1.1.1:53Requestwww.wufazhuce.comIN AResponsewww.wufazhuce.comIN A47.104.230.204
-
Remote address:172.67.216.149:80RequestGET /todayhot?page=0 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.juzimi.com
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 15 May 2024 11:42:19 GMT
Location: https://www.juzimi.com/todayhot?page=0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ly6tFM6%2BjgywD4o7%2F1XIqhNGKppLyeJCxY2yrilB2Ya%2Fjb6IL1afDISM5UW7EHBwoE8Wm1Mw9w37BrD8FSsZ2Cmys39%2BXbpCnasGsUfeJFzrtwUDSMtusoHHMAhKb8vTCg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 88428548e86100a7-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:172.67.216.149:80RequestGET /new?page=0 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.juzimi.com
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 15 May 2024 11:42:19 GMT
Location: https://www.juzimi.com/new?page=0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7Qu71oArfidRhN0LQMwVlKsayXYis1PxxUDOigAggq%2BqXPSupmB9YVsXqYtPO33ug%2BgCgYiYgWxeS5aanrMAzxZGuQhp9RpUoNymZOeBIlM4jG%2BR7og2dfcfnHRWx9N38A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 88428548ed2edcff-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:172.67.216.149:80RequestGET /meitumeiju/jingdianduibai?page=0 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.juzimi.com
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 301 Moved Permanently
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 15 May 2024 11:42:19 GMT
Location: https://www.juzimi.com/meitumeiju/jingdianduibai?page=0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tD97JLksjfdz9tcZbWccdfcDLrmcUNaOj2kxqAAV7HVBiQoY5hsvbs5XcwIzRnsLQrRW%2BWfGTilP9SnqjSJPBr5aXGPM0zzQPz5nLXYJ7pr2AeapCazyD7%2FkLnERjzQLDw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 88428548ea417741-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:1.1.1.1:53Requestssl.google-analytics.comIN AResponsessl.google-analytics.comIN A172.217.16.232
-
Remote address:172.67.216.149:443RequestGET /new?page=0 HTTP/2.0
host: www.juzimi.com
user-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip
ResponseHTTP/2.0 200
content-type: text/html
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wi51YmMB1hwz8RzhCY%2BxJ9xwdjt76elW2FLRZMd%2BDamCQYuGWJnNbWAUqI8GcTllPRft7%2BlcVw3DQtcBtkM0puQaG3nwrxKX7aV%2F8IRkht%2BIKBPyb5g9%2FZ0UTE6QDLUuoA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8842854a3a233daf-LHR
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
-
Remote address:172.67.216.149:443RequestGET /meitumeiju/jingdianduibai?page=0 HTTP/2.0
host: www.juzimi.com
user-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip
ResponseHTTP/2.0 200
content-type: text/html
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e9f4nlP2ImIc6co4FWPUmiv5ClofeILFSvloyX30CF0B%2Bg9w9aYyMHq9lVun3XeThbWUVyVf%2BRYfm%2BM39PMVfHvzJ01par2CtIXikpJcy%2FgoE2VQZ4u5hEWIGzR%2B9uXenA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8842854a3a283daf-LHR
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
-
Remote address:172.67.216.149:443RequestGET /todayhot?page=0 HTTP/2.0
host: www.juzimi.com
user-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip
ResponseHTTP/2.0 200
content-type: text/html
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qbjfzhlrzHFdKFjCokZJQnw5NsLeJVSRJUe97M13vfaH298hIS6f5jBKKf%2F%2BPsm4d0GYl7RZkRAckHSo4c21cR7YCNqtseOvwf9Aix6PO%2B%2BGt0QFbZHMPKyHcRuIDHlhKw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8842854a3a253daf-LHR
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
-
Remote address:1.1.1.1:53Requestwww.google.comIN AResponsewww.google.comIN A142.250.180.4
-
695 B 40 B 1 1
-
695 B 40 B 1 1
-
5.1kB 8.7kB 24 23
-
556 B 1.2kB 7 5
HTTP Request
GET http://www.juzimi.com/todayhot?page=0HTTP Response
301 -
551 B 1.2kB 7 5
HTTP Request
GET http://www.juzimi.com/new?page=0HTTP Response
301 -
573 B 1.2kB 7 5
HTTP Request
GET http://www.juzimi.com/meitumeiju/jingdianduibai?page=0HTTP Response
301 -
1.4kB 6.1kB 10 9
-
1.2kB 5.7kB 9 8
-
1.1kB 5.7kB 8 8
-
1.7kB 9.0kB 14 18
HTTP Request
GET https://www.juzimi.com/new?page=0HTTP Request
GET https://www.juzimi.com/meitumeiju/jingdianduibai?page=0HTTP Request
GET https://www.juzimi.com/todayhot?page=0HTTP Response
200HTTP Response
200HTTP Response
200 -
915 B 40 B 2 1
-
11.4kB 6.9kB 30 37
-
520 B 10
-
10.2kB 6.5kB 16 14
-
3.7kB 11
-
69 B 109 B 1 1
DNS Request
android.apis.google.com
DNS Response
142.250.178.14
-
60 B 92 B 1 1
DNS Request
www.juzimi.com
DNS Response
172.67.216.149104.21.78.47
-
63 B 79 B 1 1
DNS Request
www.wufazhuce.com
DNS Response
47.104.230.204
-
70 B 86 B 1 1
DNS Request
ssl.google-analytics.com
DNS Response
172.217.16.232
-
60 B 76 B 1 1
DNS Request
www.google.com
DNS Response
142.250.180.4
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6KB
MD5e7be604dffb2a533e99e08486f18c7d1
SHA1eeace6e801bdd874f4fe6c1a06e0f8606dd561d8
SHA2567be108f81be2addd911d757b68d78e4f466686a9c33b354ba9347e86a792c7c9
SHA512edd9f9a3f73d09f5c57c94d3f55246f9cf27876db56a909aec171d1ced216c213f54db006741c85863f5b9b672e016870400303b6525c9510c661fe0ccbfe600
-
Filesize
529B
MD552dff8fe36bcee8a27e464fb2e1dc9e2
SHA12e31abbc8d1e11a69a146d9695cab6f8417a39e7
SHA256ffcf6bf3cc9b863b06a632862bf6d5a743115f5cec723cee93ce26771ee37596
SHA51257b0834ee81117a3fc399e8f603837c2c0f89bc31575933d23f20f2848b4288f986bd6a8fdc10bc43a86df160da02683f8efa50b68748397c18205242c785471
-
Filesize
879B
MD53469f845d187449b50b72db57ddcac48
SHA17d20dfc518699e653e0de0921b06c7cf21deb363
SHA256aa199ab1aeee280635a412a59cf6839641bbf03c8fa8419209859ca8942807ab
SHA512954b11aa740e558d2188527cac342a5e87a9f82e759ecc46ca559589c12faa2d211b8a05e210b36fbd740ee5d49be7063668b1d69cbcee529ecd881755193a53
-
Filesize
167B
MD50104c301c5e02bd6148b8703d19b3a73
SHA17436e0b4b1f8c222c38069890b75fa2baf9ca620
SHA256446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f
SHA51284427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf
-
Filesize
849B
MD5b370f7e9b4a4ba139ac0241e7f8e1dea
SHA1954a62054a61701c6186456d2b04590fe1befc65
SHA25679ae614cc9370ca531d7b9add4b8f43a9b3d4a84f2de0bb3442fa22fc42f257a
SHA512287dd6a32ef8a2105e517712a08c941b091bcca60dbc09bdfd134682673cd33253c9f90dd711f9149b7a17c4a974ded8c11e07f901eff31f02fccb806dadf70c
-
Filesize
6KB
MD5641b31bdce7c2aa6ee31839e46d3f61c
SHA1e73cdd48cb24c8e507f657dc2742e5b3ef33db63
SHA256185fbcb8d91a8ccad796921d1f61c2fa52fa94555834c86af4a6a06923b3de8f
SHA512d95d158882e163c0be20bc968b76123ed69d2b4506da78dd6d040a65ecb32da77a8423cde8776339b86155e0ed8ae1a92c9735b47155309bb4b0373dde10113b
-
Filesize
6KB
MD5ce53572200daa09769cab07ee606d4bf
SHA1eaa74cf1e1a5cfd11a71db35d24cc7a2bab6eeb6
SHA2565adbdcc8839da641b6d267f967cf87c83caf402fd72dc53a9a2353c6c94d53d5
SHA512dac426f05137ea44377df62b72d68074414bed7e09b81fe06036ce579521c93369a02b6c92dc2ffa7a686ed7bd6ec10d56c27f480f1f242fc3912bbf71b96311
-
Filesize
837B
MD5d350abe1839f561f2790ffe68991bc61
SHA154454687242e040242ae73eedbdef469d1092a64
SHA2565fd4432f9e780c3ed7c2992e09757828ceff9a1ba998c413a8e5973a33ea2fd5
SHA512ecc2ef908a9b879a6d35ecc357218d8bb5d24cc0c048acb6d6b389e001603a5aa4fe1b7f6ab8f7f3a2cdab977bbcda69e4ea31eb0fa6d020cf7458aab291877a
-
Filesize
39B
MD5075e11a7715c329ac7443ceb53d61c04
SHA1c9afa16e07b858cc117c86a4e3eb0eba8e7ce7df
SHA2564937a768a12fab4d52dfa4000311850aa5ec37b1c3b2e558496ae8f010cffce0
SHA512485434f727e1da66d7c80b5611d7c679900d14559f74be77c71b0363d09c47b2e3089260a523e8ca9d8cf7698277b59532b06497cbdb7d7817d7daab8a610260
-
Filesize
36B
MD537e8e716e0e2f4a0b05cd9571d95b84d
SHA1f8d068f6931707bddb8cd69f706f2224ad1fea3c
SHA2567080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca
SHA512e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6
-
Filesize
12KB
MD571c25f5e2760de2e23fdc368fa8f39af
SHA175f94d53adab3cc5469ff3d6431857e87e034499
SHA256f6cd4b6e2f88544fceb0ed1c7afc0bed701b34746730d9b5e49fefaf4cb0d70b
SHA5120791748154d0d647b8ace59c73bc25d4c831e5a2814a0c6497f4ba22a392efa836915dc7488d1476265b4e7bfe71786aacda7a179628801d1102b83347f62764