Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
7s -
max time network
130s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
20/05/2024, 02:02
Static task
static1
Behavioral task
behavioral1
Sample
5c9edd57c00bc88ca1358487e8028e3f_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
General
-
Target
5c9edd57c00bc88ca1358487e8028e3f_JaffaCakes118.apk
-
Size
16.2MB
-
MD5
5c9edd57c00bc88ca1358487e8028e3f
-
SHA1
76fd5b28010529883eac5ca22a4c6104ea32ac3a
-
SHA256
01f454eb454d924091963f18395521aecd6e631b91c9c908068c3027ac057a95
-
SHA512
06c7d865705ca833824af2db572c0f6e81ae60e8959824ccca51bbaafd2ca2340ab829c43bded4689e2aefc648c4cc251129b7acb914a6f166623fb8aa642097
-
SSDEEP
196608:09sbfvLd0/baUmW6rU3cMSlJvbkgAnYWQ720Ji499rxBZuAhXXQkseiZs549q/Yc:EsL50TzmWc/vvb8nY7y0x99ZvVXQNq9
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.j1game.kzfy.egame/files/myapp/sdk/com.k.plugin.a.d.Agent_2000.apk 4315 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.j1game.kzfy.egame/files/myapp/sdk/com.k.plugin.a.d.Agent_2000.apk --output-vdex-fd=56 --oat-fd=57 --oat-location=/data/user/0/com.j1game.kzfy.egame/files/myapp/sdk/oat/x86/com.k.plugin.a.d.Agent_2000.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.j1game.kzfy.egame/files/myapp/sdk/com.k.plugin.a.d.Agent_2000.apk 4246 com.j1game.kzfy.egame -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.j1game.kzfy.egame -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Requests dangerous framework permissions 3 IoCs
description ioc Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.j1game.kzfy.egame
Processes
-
com.j1game.kzfy.egame1⤵
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
PID:4246 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.j1game.kzfy.egame/files/myapp/sdk/com.k.plugin.a.d.Agent_2000.apk --output-vdex-fd=56 --oat-fd=57 --oat-location=/data/user/0/com.j1game.kzfy.egame/files/myapp/sdk/oat/x86/com.k.plugin.a.d.Agent_2000.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4315
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
59KB
MD542ea8a9db6274956166cf40ba8c3ad87
SHA17b32ed087a0f0a4d9304b7752be07577a3ee33f5
SHA25669fdd7d3777f19aa6fe95fdcb40ed8706aa1b882580939bb844e410466377c35
SHA512b21091df0c87a2dd24b7f0b96495bc184a576af8de0e0119bb62d3ac94dcfaced18a7b4c122209daf19ba62025ec8fafb3c01296154c7a8095da7a3ef9197007
-
Filesize
82KB
MD5f32e610971b1bca5529c6353ac5eb7d3
SHA1b9875cd1dd04c5108dcdd35b375b54b9f697566e
SHA256bc3e5ae7540fbf5ca852583ec1956b8ba4bc372d69e281a1bf9835e6c02ceb99
SHA5124a959c21006abeefb8aea24baac9efcc2f923c44ff3cdba9f504789001952006bd63a8317c8263407e7b650e6f8fbd3ef5227335da07e1e2dd08a6e2e579903d
-
Filesize
82KB
MD565ada09eed909bd6df7c0180fd53146d
SHA18b6f18e4353b98db307e17c2d853d3f90f7ecf8a
SHA256197aeb0e38671101d11236097af97e6d18fcb21a6cce7f9517cacc4d6643274f
SHA512a6192618ab25a61f66c081bfffea37ed2b2ad5be6681e3390fc6fdde8e6ad711fc9fdf826d90315b2aa2b58a2752ebe8f1bbdde279f45f13eb652d4c9dee0e30
-
Filesize
5KB
MD510b70b5906cec8a22f4d1a1326287faa
SHA1a481b19b7a3933520514966fb7c4133fa66945ff
SHA256db1b90054c09e62370c26be7245ee636f82fcb5711eeac9293636a2e7f24d55d
SHA51215e0ba3ab1ded879e3bdfa60544258263c76d86f4326cc08ed7aec630e69f8425a4b9351ba0ec910a539fc10211f877cd1e65657bf083174926f48b5e5951238