Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    71de92616ddc25b0ebc6fe6014772f00_JaffaCakes118

  • Size

    13.3MB

  • Sample

    240525-n4lr3agd8x

  • MD5

    71de92616ddc25b0ebc6fe6014772f00

  • SHA1

    8c214b25926ef75eee27dc56de6f7db71f67e683

  • SHA256

    a49d230f33ea40dc7a2525b8bf6b59185e7062a5a014d23b1ee08286f1221c63

  • SHA512

    a226e7c7974b56a8c61a17f935fb84a856c86ee40f06c439666d6125f661877004a3bd01de33ab5c8f3a85d505ffc878a53e2b2d2aa55a0bf87fba0ae060a2d4

  • SSDEEP

    393216:meRXi1y7zrU4IOrHYNrkxmW8okJtG/vMx:mp1WzrUJOxMTIvg

Malware Config

Targets

    • Target

      71de92616ddc25b0ebc6fe6014772f00_JaffaCakes118

    • Size

      13.3MB

    • MD5

      71de92616ddc25b0ebc6fe6014772f00

    • SHA1

      8c214b25926ef75eee27dc56de6f7db71f67e683

    • SHA256

      a49d230f33ea40dc7a2525b8bf6b59185e7062a5a014d23b1ee08286f1221c63

    • SHA512

      a226e7c7974b56a8c61a17f935fb84a856c86ee40f06c439666d6125f661877004a3bd01de33ab5c8f3a85d505ffc878a53e2b2d2aa55a0bf87fba0ae060a2d4

    • SSDEEP

      393216:meRXi1y7zrU4IOrHYNrkxmW8okJtG/vMx:mp1WzrUJOxMTIvg

    • Checks if the Android device is rooted.

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Checks if the internet connection is available

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Reads information about phone network operator.

    • Listens for changes in the sensor environment (might be used to detect emulation)

    • Target

      gdtadv2.jar

    • Size

      184KB

    • MD5

      027ece4a90aac4d84812efa9b20b2af7

    • SHA1

      564ec02d38ad8419fb3a96bed470c7a2632d3c35

    • SHA256

      ce6f738fc3df590a63cf02cae624cae1384a3198b24b9e11d26d1818c45ab98d

    • SHA512

      fbbdec0c28dc0c32d398f1e28cbf5a76a496bf8f6613a90aeda99ef62ff042eb58cd7cf747b1b03ce6cba00caecf1f20a0251d7b3fb999ddecdd3b01ade209e0

    • SSDEEP

      3072:npJhJKLgGoJc+oJIvPy2/wD0WZRv18NIkTbIgdSqwsKj7OnY2KFSt9LGKLRM:npJhJxr/HyB0oNmHIgd2pj7cYe3LRM

    Score
    1/10

MITRE ATT&CK Mobile v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.