Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    7s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    20/05/2024, 02:02

General

  • Target

    5c9edd57c00bc88ca1358487e8028e3f_JaffaCakes118.apk

  • Size

    16.2MB

  • MD5

    5c9edd57c00bc88ca1358487e8028e3f

  • SHA1

    76fd5b28010529883eac5ca22a4c6104ea32ac3a

  • SHA256

    01f454eb454d924091963f18395521aecd6e631b91c9c908068c3027ac057a95

  • SHA512

    06c7d865705ca833824af2db572c0f6e81ae60e8959824ccca51bbaafd2ca2340ab829c43bded4689e2aefc648c4cc251129b7acb914a6f166623fb8aa642097

  • SSDEEP

    196608:09sbfvLd0/baUmW6rU3cMSlJvbkgAnYWQ720Ji499rxBZuAhXXQkseiZs549q/Yc:EsL50TzmWc/vvb8nY7y0x99ZvVXQNq9

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
  • Reads information about phone network operator. 1 TTPs
  • Requests dangerous framework permissions 3 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.j1game.kzfy.egame
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about the current Wi-Fi connection
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4246
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.j1game.kzfy.egame/files/myapp/sdk/com.k.plugin.a.d.Agent_2000.apk --output-vdex-fd=56 --oat-fd=57 --oat-location=/data/user/0/com.j1game.kzfy.egame/files/myapp/sdk/oat/x86/com.k.plugin.a.d.Agent_2000.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4315

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.j1game.kzfy.egame/files/myapp/sdk/com.k.plugin.a.d.Agent_2000.apk

    Filesize

    59KB

    MD5

    42ea8a9db6274956166cf40ba8c3ad87

    SHA1

    7b32ed087a0f0a4d9304b7752be07577a3ee33f5

    SHA256

    69fdd7d3777f19aa6fe95fdcb40ed8706aa1b882580939bb844e410466377c35

    SHA512

    b21091df0c87a2dd24b7f0b96495bc184a576af8de0e0119bb62d3ac94dcfaced18a7b4c122209daf19ba62025ec8fafb3c01296154c7a8095da7a3ef9197007

  • /data/user/0/com.j1game.kzfy.egame/files/myapp/sdk/com.k.plugin.a.d.Agent_2000.apk

    Filesize

    82KB

    MD5

    f32e610971b1bca5529c6353ac5eb7d3

    SHA1

    b9875cd1dd04c5108dcdd35b375b54b9f697566e

    SHA256

    bc3e5ae7540fbf5ca852583ec1956b8ba4bc372d69e281a1bf9835e6c02ceb99

    SHA512

    4a959c21006abeefb8aea24baac9efcc2f923c44ff3cdba9f504789001952006bd63a8317c8263407e7b650e6f8fbd3ef5227335da07e1e2dd08a6e2e579903d

  • /data/user/0/com.j1game.kzfy.egame/files/myapp/sdk/com.k.plugin.a.d.Agent_2000.apk

    Filesize

    82KB

    MD5

    65ada09eed909bd6df7c0180fd53146d

    SHA1

    8b6f18e4353b98db307e17c2d853d3f90f7ecf8a

    SHA256

    197aeb0e38671101d11236097af97e6d18fcb21a6cce7f9517cacc4d6643274f

    SHA512

    a6192618ab25a61f66c081bfffea37ed2b2ad5be6681e3390fc6fdde8e6ad711fc9fdf826d90315b2aa2b58a2752ebe8f1bbdde279f45f13eb652d4c9dee0e30

  • /storage/emulated/0/.android/.crash/crash-2024-05-20-09-21-39-1716196899397.txt

    Filesize

    5KB

    MD5

    10b70b5906cec8a22f4d1a1326287faa

    SHA1

    a481b19b7a3933520514966fb7c4133fa66945ff

    SHA256

    db1b90054c09e62370c26be7245ee636f82fcb5711eeac9293636a2e7f24d55d

    SHA512

    15e0ba3ab1ded879e3bdfa60544258263c76d86f4326cc08ed7aec630e69f8425a4b9351ba0ec910a539fc10211f877cd1e65657bf083174926f48b5e5951238