Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

6

608b97900d...18.apk

android-9-x86

7

608b97900d...18.apk

android-10-x64

7

Analysis

  • max time kernel
    129s
  • max time network
    174s
  • platform
    android_x64
  • resource
    android-x64-20240514-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
  • submitted
    20/05/2024, 18:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    608b97900d47df11895c5bb7f02e15b3_JaffaCakes118.apk

  • Size

    10.1MB

  • MD5

    608b97900d47df11895c5bb7f02e15b3

  • SHA1

    87b2e3bbf209d4015a83a603a73a92161a141d3c

  • SHA256

    29b7be0ded9b6bda289ee1ebc17d27dac1246361bafdcf567d874a4a4a673018

  • SHA512

    3de903b8c1ae8663acbbbe4328ae344d9ac2f03ed4cebcfe9d3ff2d09c908123ded04ceaeda1951e558450f79d82df1270d40fcb0ccbe7321843c21113da2779

  • SSDEEP

    196608:NMi8enElvZ+hhEa/d/Ki2Dc1XOgdkpcuF97FRzQNhDT0xnicFqso7uvxZ:NM2QvMlGDc1ddCS0i/soKvxZ

Score
7/10
discoveryimpactpersistence

Malware Config

Signatures

  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Acquires the wake lock 1 IoCs
  • Checks if the internet connection is available 1 TTPs 2 IoCs
    discovery
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.alawar.paranormal.gplay.premium
    1⤵
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5156
  • com.alawar.paranormal.gplay.premium:ngds
    1⤵
    • Queries information about the current Wi-Fi connection
    • Acquires the wake lock
    • Checks if the internet connection is available
    PID:5213

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.alawar.paranormal.gplay.premium/cache/__chartboost/CBRequestManager/77843800990
    Filesize

    194B

    MD5

    db5088d24cfe3663b0253912331faa33

    SHA1

    b5c53cc8f1e18e3836dd48c2ee46e5c5b007bcbe

    SHA256

    200f8e9777f50b2e86d31fdad23e5095e335fc31efd4441c40dbfbf83558aa72

    SHA512

    0ab0251daa6f1d2b529a4ab11b13fa869d0df7a8116312abc2a1bb307c067d1ae961c9f5e323d1a4062637d8f28418883ae5701ff63d99f910a0762f7c0fe103

    Download Submit

  • /data/data/com.alawar.paranormal.gplay.premium/cache/__chartboost/CBSessionDirectory/cb_previous_session_info
    Filesize

    189B

    MD5

    eadd21f0b16e1c9d062f17047bf441c4

    SHA1

    2ca1947b24e0d1a1a47cfc4af8bba60e3b891a73

    SHA256

    a73a440a362eaad062a6e32d4a48d083a135dd24aa1e9c9a8fc16861a581c92a

    SHA512

    cc93848ba07f78620040bc215b4ce3c0aefa581733de3b80eefee088ee13efc9469050e83bcbf059b53e50d3e33d516b00429e343c3fc362d9e730b3e439de54

    Download Submit

  • /data/data/com.alawar.paranormal.gplay.premium/cache/__chartboost/CBSessionDirectory/cb_previous_session_info
    Filesize

    189B

    MD5

    cb30941edf695fee90862cf0a042dd15

    SHA1

    61880c710bc482d34616ff5e23fb4c6ff803f7d7

    SHA256

    befe460dcabeab59620ddf4b4f7d0bf0c72b13d6ad829dc1bb302e5e623736b1

    SHA512

    b9a883176d35d103b38d46f4233b3caf30e84cbbddc0936878ee039ccdfc5202a3de06149a7f877ef5c95d2de2ca7c9c2463225b14ce7f8b64507d745170d7c7

    Download Submit

  • /data/data/com.alawar.paranormal.gplay.premium/files/.FlurrySenderIndex.info.AnalyticsData_P4KHJTXJ9JHYTCCG2KPY_153
    Filesize

    42B

    MD5

    498ed6cedc800e8b120542f65c22d820

    SHA1

    3c9c05cb23f22099289fd27ecee566032cdae46c

    SHA256

    997b88d39fdbb61a992c201ae9ba530ee581be9b45ca81ad1dcb51c0047f7854

    SHA512

    ca413bfc145b75ab478d228414296c03194cb7e07fe6d48db64aa8a8f43ce31c1d96983c3b0a2c8cf35fb3f7baebca9b98f3945ad9c5d5dd54a01fa79c25a2bd

    Download Submit

  • /data/data/com.alawar.paranormal.gplay.premium/files/.FlurrySenderIndex.info.AnalyticsMain
    Filesize

    44B

    MD5

    029fef6b6c29c718602bf929e08f0a09

    SHA1

    39d35285e33ec857f7d76592c1e5401a1fe68594

    SHA256

    ba4827914f46a0099967541811b45d28f04335cd75bfbd84caa5774da0818636

    SHA512

    33a791cc97c2647d31e5a64d4406ac671932dbe8270652acb5a596fa4bc729d8002c19c90d8b7b97773baf886b8555367203a730f3e1d01c0e3ac50360a4d3d4

    Download Submit

  • /data/data/com.alawar.paranormal.gplay.premium/files/.flurryagent.1b8dedb4
    Filesize

    58B

    MD5

    9eef586ef5067f28a0c4c628fa75ad67

    SHA1

    683212f20e0543cb327fe8390883363cfaf324cf

    SHA256

    b2ff112b59da3be2548c290981f77926cb50bdcfaf222a1f424b307f4c5690bd

    SHA512

    8b9c935cc8ee81b048d7f17965f192bd97d5423c1029fd70e5aa8558b3c09242930ac9814e79ce58fa6315be408ebcf5e0e541fd13116f6961b170bb8fef4088

    Download Submit

  • /data/data/com.alawar.paranormal.gplay.premium/files/.flurrydatasenderblock.1b05058c-345d-45b0-a672-a072dcc2104c
    Filesize

    252B

    MD5

    688652bf1caa7faf592274da134d253f

    SHA1

    84c3f4cc2703af110203d90b6943d2ea0830ba74

    SHA256

    5e4c7ff84d553328febdc26e6b0071f850b64515bb2002ed0fec97a1524f1475

    SHA512

    187df13f580213d14a3425a5adfb4b12f691e62cfe3caed53f8ad15bc6005568a18710b6d231d921d6a39b5bba61f6ba84c68ebd25a5acddef0e4c20d30acc97

    Download Submit

  • /data/data/com.alawar.paranormal.gplay.premium/files/AF_INSTALLATION
    Filesize

    36B

    MD5

    dfbae3687eb47f2c3376c3d8a62c5aa1

    SHA1

    1fb8c868f0ba37246b9f36fecc74e148f71c45f5

    SHA256

    1d4c0231fdde1176df97654eec36bb9b79ad6c84cb31bb214d1a9db029c2db05

    SHA512

    53bdd11824fa2fe4b33301a0f32fdf7cdac72d02dae885d35cfe82389e0ef5c1d06793aa0fa6704f3e44eaea514979d2f0ef591444b2e07d8bb32a1e2a828d4b

    Download Submit

  • /storage/emulated/0/.ngdslog/com.alawar.paranormal.gplay.premium/pushv2_part_one.log
    Filesize

    1KB

    MD5

    1fd2ed014386c049cfd36a914b7f633a

    SHA1

    66e4174ebb4ef4a9aa6edd40e23b99531a8cd77a

    SHA256

    8d2e5905b800d6664d8c2706af062623b4b411fc39e2658d8824f6b77afd73ae

    SHA512

    72534c541fa03c2b8468858989e2890ba0e0614f0eaad719d5d584a9365b81fb238dcb8e9bab94516a45f96d2ae18a9a496d8540071dbb4956e7076bb4c30926

    Download Submit

  • /storage/emulated/0/Android/data/com.alawar.paranormal.gplay.premium/files/version.txt
    Filesize

    2B

    MD5

    9bf31c7ff062936a96d3c8bd1f8f2ff3

    SHA1

    f1abd670358e036c31296e66b3b66c382ac00812

    SHA256

    e629fa6598d732768f7c726b4b621285f9c3b85303900aa912017db7617d8bdb

    SHA512

    9a6398cffc55ade35b39f1e41cf46c7c491744961853ff9571d09abb55a78976f72c34cd7a8787674efa1c226eaa2494dbd0a133169c9e4e2369a7d2d02de31a

    Download Submit