Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
6s -
max time network
150s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
26/05/2024, 11:03
Static task
static1
Behavioral task
behavioral1
Sample
7544bdf61d4d9c1331fcaa839c7509ae_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
7544bdf61d4d9c1331fcaa839c7509ae_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
mimo_asset.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral4
Sample
mimo_asset.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral5
Sample
mimo_asset.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
7544bdf61d4d9c1331fcaa839c7509ae_JaffaCakes118.apk
-
Size
28.6MB
-
MD5
7544bdf61d4d9c1331fcaa839c7509ae
-
SHA1
a60d7a960dfb586c39f46dc98dacb4f9f71bf4ea
-
SHA256
fe175a48ef81b6189c0d17e677205d5251d708ed1d7e43420914b03dc8c238a0
-
SHA512
cc90237b2c54a680de917b5ffe73ac7fa9be1408e83c6f8dac2a33a0bcb934503cce581b4eeb052df52cdf9d3b5a41da0842446d32b86711e0e6d0883fe8232e
-
SSDEEP
393216:sgw9gx6zCjYKV9NqIV9LazGaHk4k4tYiT7jsWrw4JKTfZRZSnuyxUdT3ofRMiCep:uga4fGHkAgfdwuyxS3osed4cuACzUl
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 4 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/data/com.mell.iceracing.elm/.jiagu/classes.dex 4293 com.mell.iceracing.elm /data/data/com.mell.iceracing.elm/.jiagu/tmp.dex 4293 com.mell.iceracing.elm /data/data/com.mell.iceracing.elm/.jiagu/tmp.dex 4322 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.mell.iceracing.elm/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.mell.iceracing.elm/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=& /data/data/com.mell.iceracing.elm/.jiagu/tmp.dex 4293 com.mell.iceracing.elm -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.mell.iceracing.elm -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.mell.iceracing.elm -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.mell.iceracing.elm -
Checks if the internet connection is available 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.mell.iceracing.elm -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 12 raw.githubusercontent.com 13 raw.githubusercontent.com -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 9 ip-api.com
Processes
-
com.mell.iceracing.elm1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4293 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.mell.iceracing.elm/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.mell.iceracing.elm/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4322
-
Network
MITRE ATT&CK Enterprise v15
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.1MB
MD5d2762a5ba9bd85c78b2f3751066d0888
SHA158dbc2b0370c7e2eb967de6a58ab255b256da5e2
SHA256f0c8a9ffbfdc21e88e4786276b7c7b7d79f38d99b842977d81a77faf31f7060c
SHA5121557fd5fd6c1098aee804c9bb85eb2b7d85e9926b4d259f4d029c7e8964832f07f0f7ceae81566fd36bea6a77df432ba8c31ecc34978c9f0a35fc8aad92a44ec
-
Filesize
496KB
MD5f07656a2f51ecb23edc102003c32b764
SHA13ef18f74b609313887b9e825c56a54b5a9eef20e
SHA256f6847402ab69102f8495aac58b9beddde9a71dc52470c5de17e382eec2a6b913
SHA51234b337d2cf98ec3009f80ff299e43984a1c911e5f9eb5942a915915cb7b5b591ffc9f1b79a7989534c2583a703a3f0857e74be68cdd71388f68d5bef354f7238
-
Filesize
284B
MD5f1771b68f5f9b168b79ff59ae2daabe4
SHA10df6a835559f5c99670214a12700e7d8c28e5a42
SHA2569f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d
-
Filesize
68KB
MD53adc7084cf4c5024710bb25e1ba5020b
SHA1060ba20d0b5c7ae6d632d95d985ebffb72395b8f
SHA25676a29d8e7892220478596e90fd9852b82806bb4810a9658e2c48df3a03c3a45a
SHA512615bad17026828108a51537b667a86a765fbc2a226e32f62358a1ea2d7ab2b9259ccb199219ff097cf561c5bee22dce0401ecb1da007269614f9e8d1b5b28a6f
-
Filesize
32B
MD5980655ba0c8aaef555794fe8839e23a0
SHA13f91b690a35f679fd5ccca5cbbe0f0b9f292ad75
SHA256e47f325d155caf97e519ca57307757a6a993700ceec086e9b6bf104aca0cf9c6
SHA512bcd49b447939cfaa897e3f95b4d970c468b464dfaa6f977ceb5500324eeee9a67e29fe09f271c679c766c076e4050c54e0ff460771ec166c801183243304692b
-
Filesize
340B
MD5afc2b9848ed37356c028d6314fdc0b46
SHA19d7fd0ecfe34cc785e8bc96103c508d98e0f5346
SHA2561f2649786930b01e121f3dfa097f630c628c6822cef150d1e48ea42dccfcfcd2
SHA5120734783346e952d0cb520d79d79504fc5b047728cc2f23c3e7ba65189f7c2376e70f3ca36763b883cb114808929c4e4ec6f522b9ee07454fc30be79a5d21820f
-
Filesize
32B
MD59805e9d673b055d3518a9fd9004af211
SHA102a08d27e3f250f0fed2c516fa36a36ab9fd27ef
SHA25684b6d6426c5c8ecf417d2069a320fd07bd9258922783455ecbc5e2948d279307
SHA512c2251696866e3abb5b8360e5f1ef75877fdcd611cabd96f1c3cd758228bc9bbbaffcb4bccb3b1e4bfd516ed1846d7071c0d175d465d1425a9f9e0cfafe20feb7
-
Filesize
100B
MD53e236bb4c350173cbb00cc7c039bce44
SHA11cd943e3472c522282605d39534cf4ab541601c7
SHA256b19d369e2b76c38e0144b3d87788c08f0866b7881697d293dff8aabfd404c48e
SHA51281c9ef37a959a75aba482b461bc0952f742c96afa7fd16ca99cae6f663c1f9daf8e0518bcd77f1e269ec4803613fe52c4d2ac5ab996ea44414201a919a389d7a
-
Filesize
73B
MD514d56c9bad33bf9fa188163a3855af84
SHA16133bdd78f152076e7a7276ceecc340004929e58
SHA2568510fae04068dd02f6bbf63026eef4fcea85b4bf80b4268e9a66bf865064eccd
SHA512cb2f85ea3407c83d67c11d0b01e08c084db25010106486db25a98e581f352a3d2012d5678ebc53c2896dfd2462547445f52fb39f2fe5a741d0de8552cee9150b
-
Filesize
314B
MD5b08a4a50e9e417734ac6deef949087a6
SHA112a1c8147509604c297ff8bb12e37711b1884320
SHA256678da9117e96269f14dbfdce20056b9ca7b3622930c87fc711b51b66a2041b96
SHA5121d600ae5c84baf1a0993b885672ddd8e342a5b76aa754302ce762aa45c3006a8e2534779809c5a6f2e7e2fb1ee1709f8dc8423038e91652b1a994bf99b7edabe
-
Filesize
27B
MD5e06859dcda77d38ecfd16eb2c00d5839
SHA14fad57ea5b32216dd92d26ef1e62f166055af1fb
SHA256efec99cae5fe4498fc7bb719abc76a421275b23f479350913d56bd8e6a4eb1a6
SHA5126a7462b9c251a41677ba6b5f65e055be4aeccc60df2a4a27915fccdbf17d4677d3f99d8604e309557db5ae2d8c032004629258b9db0800ed59df4b290b8bf216
-
Filesize
48B
MD51d8d16c4e3b19ebf18988530d9b9a757
SHA1bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA5124562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82
-
Filesize
32B
MD506cdf8f5c71e93bcab1bf2b2da837654
SHA129bd5a880f44d7512388bcef4dc4ee37f64b4d9e
SHA2564edcea9340ffaad4a3c2b7347dc5cd607ef2504fdce87fb99d4110c5aa833289
SHA512f6a984f140a4f24a38f1e209c2632e6a2082c8b902cf3ee55b8a772ba6a714a131ad5d4b75b3da03e2276ef67037763ac2f218abcd59ab897fd44e3b03814520
-
Filesize
16KB
MD5646f1a0e8f1cbf3dec6c7d553d39d085
SHA1f7b97103d62a8cdd6748c12995bcc1a1d81fb164
SHA256fd0f872186d8cec720f6010467bd0c000587603d2debc1c5dccc75b75660d967
SHA512102b995ccdad95d97f86d4b8d0c6c3960cd7649022b4d8e08dd7a944c4524c42e8d0298a1718a6aad1c68f603c107575d12bb6d76b1142532e9d7c2599a541e0
-
Filesize
340B
MD5c5d40bc64b9b3c2ba0dfbcfa6b04108f
SHA121bde60a1c8123743aacd6876882eac00b254f3d
SHA25681709a472f663b31ad554d377e5182219668bf02b2c4444fcdf26adde7142721
SHA51249e0dee8e65eb213c7b3c2b4b2e00f78714d3cc6742e613ad856e8b8e00867e743da758f3f8e35a2ebd6fc6f9e031c5a0039c5330eb5f196f0ba193f76e4b42b
-
Filesize
340B
MD5ae5a9cad584ef4b742cafe882c4cb77e
SHA12d9bfb37a43ca2cc0bed09413fe757ecee747365
SHA2565bf557785cc1cfc0422d2b0f91bb5dce1a761aef03c576de0b933ee25321ef1e
SHA512bbeb1c60c47b17333611e83fd850e3123d0fd7b17722a1c919fc0c02196ba3f8e91bfe6b540bb2477a684dcbc4d70c02701e166d62ac2c21166b4da7cc5d8c1a
-
Filesize
314B
MD5e0e8d67287971bdb797c45fe20c5471d
SHA1a39331e5544ad7d4d70a4d38a2abbff49c3d16a9
SHA25679d9bcd73f13bea4eafe700c61ff1de23c4e2627230012409fc627c50dbc04ba
SHA5129c9167f6e759ac0b3c56d1803d6e62e956d360feab192564007f74a9a1932e6c436b33602ebf077a3b5faaf096dd1fb51e5f07da9a24b08087202ff9a6b0b93e