Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
15s -
max time network
186s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
23/05/2024, 08:22
Static task
static1
Behavioral task
behavioral1
Sample
6a53afad9b130b9e638b87cb73511eff_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6a53afad9b130b9e638b87cb73511eff_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
6a53afad9b130b9e638b87cb73511eff_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
6a53afad9b130b9e638b87cb73511eff_JaffaCakes118.apk
-
Size
1.1MB
-
MD5
6a53afad9b130b9e638b87cb73511eff
-
SHA1
d28372524527075c2a7d164070a0667c81d674cc
-
SHA256
25b5c2b5082c457b24bf0f5d864c1bfe66288b13bcf80f1a83a7120d4925d6ac
-
SHA512
89777f853938e60147faa6a3681a936dd5a728bdb6899e29ffe8cba77586f19c5cd1fc8ad3286e55e8d076a2c0ddcb4fc5313b03a4c873e333823f13c3604792
-
SSDEEP
24576:nvhPfuRAYqtQqXHi87RQrm9WAqav2zVxrLpCGEBH9Blrhvp+eVRtvqa:nFuRAYqtQqXz7uaU8KxHp9EBH5rhvkeL
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.pwftbnbf.jymrapzl Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText com.pwftbnbf.jymrapzl -
pid Process 4238 com.pwftbnbf.jymrapzl -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.pwftbnbf.jymrapzl/app_files/wxnjmipwvd.jar 4238 com.pwftbnbf.jymrapzl -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.pwftbnbf.jymrapzl -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.pwftbnbf.jymrapzl -
Requests enabling of the accessibility settings. 1 IoCs
description ioc Process Intent action android.settings.ACCESSIBILITY_SETTINGS com.pwftbnbf.jymrapzl -
Checks if the internet connection is available 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.pwftbnbf.jymrapzl -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 8 ip-api.com -
Reads information about phone network operator. 1 TTPs
Processes
-
com.pwftbnbf.jymrapzl1⤵
- Makes use of the framework's Accessibility service
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Requests enabling of the accessibility settings.
- Checks if the internet connection is available
PID:4238
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
249KB
MD5a251a6f587e5325dbf8d0fecab2fad79
SHA16b07a19ffe6098f35939142e2043886ee33e45cf
SHA2566b25d7527aa055903da664c57da1eb7ea151f181512e1058f347998d91b3b2dc
SHA512db4c73fc8aa2dd936817a6262914d4337cd90bf5b4bc95fccb0bd94fc3141ea0d28495c0524144c02aa2b6ceaf17c58ad29ef2277a35b1b9b9ff8b97fc9f6cb1
-
Filesize
562KB
MD58da2f672a25d714a64157f2c8c417fe5
SHA1e1fd7b06a25cc81a07721f249129a7b8922c28b0
SHA2568b438cf3c2b2a503a0b1d004d73bcdec5828c4e0073d8c53495158e3bdd4dcf6
SHA512a37f82f5e4ca0ad79fc6a6baaf7fdaa25828c830b87a63bb4359a6757de80ef2fa2631b94f0d8747f71c812f53057b1e76aec46b1997e998dd465d1cebed371c