Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

6

7ab47a8138...18.apk

android-9-x86

8

7ab47a8138...18.apk

android-10-x64

8

Analysis

  • max time kernel
    170s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    27/05/2024, 22:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7ab47a8138f0d59a6088e165165c6087_JaffaCakes118.apk

  • Size

    11.0MB

  • MD5

    7ab47a8138f0d59a6088e165165c6087

  • SHA1

    1551a18945b49d48ce610ee244622a823b08675f

  • SHA256

    4cacf28cfe177667521015cd6c1eabee62922efc78a77df509df491691f5cf4f

  • SHA512

    b01b5c6861f187b0dcc7f2a2d5f2d5699d1927b4d70d819e4c8e0ba74d92a3e947d3f484afc05bed3f4926ab2b27e5acb8f32203d30294a0b14ebdbdf75ca2c7

  • SSDEEP

    196608:l5LuKjlAl1kyEHWVu0hA8hRZEF9lr4csJNyyBlcHR8dpGbhdIuGADl8PEtLx4:WKjlGSyc0Ir4XN3cHR8fGbhdIq2EtLx4

Score
8/10
collectiondiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 2 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.uhspace.feiwa
    1⤵
    • Queries information about running processes on the device
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4281
  • com.uhspace.feiwa:remote
    1⤵
    • Requests cell location
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:4348

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.uhspace.feiwa/app_sslcache/www.easemob.com.443
    Filesize

    5KB

    MD5

    ba16a061e8dcd32ed690f6373ef9191b

    SHA1

    3e25ff622ef91ecea0ee2b7b02857b7e9940cf73

    SHA256

    9b5ba05318c938588632e5b96c013078d812535a787b3e8d82e51a64e59257cd

    SHA512

    9445786d76a3f8d8b14701e4acd7688035aef2f3a0f391dcccd4ea82cb08657d960baa344e99bb3a31271d4dd9eaa70b9f70e1568c02e2c630308ab83c8dcea4

    Download Submit

  • /data/data/com.uhspace.feiwa/cache/com.parse/applicationId
    Filesize

    40B

    MD5

    a689895f98eeba3ad54c857fb7d3d491

    SHA1

    7b4bbe717287a91a5a6ab19a0bfd0a314fcca556

    SHA256

    898acf5a8ab518b0b83c6df22462def9085de719e0f25dbe6097acf4fd140206

    SHA512

    6e3594e8dd35521f5b8aea180ec54b6a09365a5f418241a0eacbd131cb41883b3a60f23fe0cbaa216ade13b29e73a35283ded1c5c4330c07e85068af0e17b803

    Download Submit

  • /data/data/com.uhspace.feiwa/databases/ParseOfflineStore
    Filesize

    32KB

    MD5

    4afd9b9b59bba8c5097f276a64929f3f

    SHA1

    be4bafecf05b0f8960c21675f782e08aa5685d14

    SHA256

    a6ee1bcf03771d2117b8f9138884e3865d733bdd1ad3f5c8b029182f9e0722d8

    SHA512

    6c62d3816c9f1e353dc162dc9a6f1ae39e86bd3c211c5db27c5ceed0c5cae61cb6f6444c64b5b40a7a685ce93dd27d22982644848b1dcb89b822035e0386578c

    Download Submit

  • /data/data/com.uhspace.feiwa/databases/ParseOfflineStore-journal
    Filesize

    28KB

    MD5

    35c156519488e49fea2f58c4346150d8

    SHA1

    603ffe6382219ee5b8a838598592258eec7cf83b

    SHA256

    ec9dc15a84bb695278084460a4ae6ef25f7f8ca0917ebdf1ff5c6df9ffb9262c

    SHA512

    aa691d10792a67f51f4915a1e726d5b701620fa6865ab75698324cb96ad68e07c5d67967ca38b53488bf6d420295ccf0c4614d6dd3fd9ed42cef913e72196ae9

    Download Submit

  • /data/data/com.uhspace.feiwa/databases/ParseOfflineStore-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.uhspace.feiwa/databases/ParseOfflineStore-wal
    Filesize

    44KB

    MD5

    9c002b71861df84cc032b5facab116ea

    SHA1

    47da03c7e0b85eaee05be31f20e4a41a0cbc24cb

    SHA256

    fdee473443e3101dbfec7c82d38ddd40cb378e5f0e2472af73a4f319010db404

    SHA512

    b392df8479a48cd67b5983cddb2e4843454c1eeb9d20f7db3e6d729e8e9349cfecf447340bab785ba212f43f83dd08c75c9b782c1e351ca3a6e24f25f6055112

    Download Submit

  • /storage/emulated/0/Android/data/com.uhspace.feiwa/uhspace#feiwa/log/20240527/000.html
    Filesize

    113B

    MD5

    83110b04316f2b0f7925e04aac6aa996

    SHA1

    01739afe26a24ce178cc0d7172a47b0407cbf690

    SHA256

    2a8a4c033bb75c8fa50ee6b4db0a0b00abb3d3e477892f2fec00ab2865548c9e

    SHA512

    a19c818e05a36b22a30c205f80f2dc76d86256b67d96ad50e0d1d92f4e9fc03518a66c4fdf30e20aca3c40c49b89f4bee6afe373abba13092925674126f685a7

    Download Submit

  • /storage/emulated/0/Android/data/com.uhspace.feiwa/uhspace#feiwa/log/20240527/000.html
    Filesize

    905B

    MD5

    4a8d41e980800c83ab1577628c094b88

    SHA1

    e5cabdf77f1c1fb5e7d7440c13d284cdcdbdf559

    SHA256

    d0e0efc90127855c3c2f1062b15ef728de544d4475cd0a8fec07aecc0b72f286

    SHA512

    50c875d5be7b97e618d8ee9e1cff8783f2e36087d5dd11fbc591d2dcc207fa118b3798484a04d7a858de08aa1b622e311c2d8a34517b63358802b0dd07d55c85

    Download Submit

  • /storage/emulated/0/Android/data/com.uhspace.feiwa/uhspace#feiwa/log/20240527/000.html
    Filesize

    8KB

    MD5

    f119030ca4f300955671bae66f9c49d2

    SHA1

    857f20a7083a8c6421bf839fec5f2064bc1f5337

    SHA256

    6bd759219be723fed47bcd7b4c0d1f95443340a770d430e212e28e0659024064

    SHA512

    f1398bf04da09714e195c87d39b1724c7791bb939f182abc2714d44b89f9d13bf2a1d621c865b436bbee45dc5ccec42cf13314843f1b4390ece0ab2d76e9526b

    Download Submit

  • /storage/emulated/0/Android/data/com.uhspace.feiwa/uhspace#feiwa/log/20240527/000.html
    Filesize

    85B

    MD5

    348f8a6ba5b199ea72f9f6fba3b9b4f5

    SHA1

    b11853d813ed8dac033a16fab21eaafb97bbd88c

    SHA256

    6dcb1a064159629ec4616a1b9d40703b13a5e4ec6591e5440c195c5944696cd8

    SHA512

    960976538bc70259901db108b410cca08c992b301b190d5343a4d3249c2e22d8849b4496f81357fb9ea5f380dff39f4a2f030edeae1cbfdec0c99504d574b4c5

    Download Submit

  • /storage/emulated/0/Android/data/com.uhspace.feiwa/uhspace#feiwa/log/20240527/000.html
    Filesize

    82B

    MD5

    6ffc60be0d0d2f00e7c9d68782af3ee9

    SHA1

    825fc2c2f92637337aa227926f653b38d676037e

    SHA256

    47cb729631386c2dd8a945d4be8338ed5b8454875781cfe0f1b490a1f261d099

    SHA512

    4d6d955ffe1f197c0bfe64fb1925c4ef979441081fc00b1507ccd644e2d04c1022d43578f84f233948619c425a8adb768c6672a6a96ed9ce28f5234216abe452

    Download Submit

  • /storage/emulated/0/baidu/tempdata/ls.db-journal
    Filesize

    512B

    MD5

    a11d01ef3d0cbb7dd08e76e6a9a449a1

    SHA1

    20e0af2d22548117a3bcc62fa14c3d0eeca0b8fa

    SHA256

    1f1fba1f3ac29aac52bdd8d4590a64a97fff72420b20e31d2a765381021e382a

    SHA512

    260bfdb5b1927267e9a3a182c5e12f83042ae758d27f1daa9f45cccedaa5ed50ed094367258577b54ca92d3e15dee91886c71ad21803aa00b0f6946edeaa1bd7

    Download Submit

  • /storage/emulated/0/baidu/tempdata/yol.dat
    Filesize

    24B

    MD5

    a936690571e9104e1922dda4a0ba5bd1

    SHA1

    65f49c57edde2f96be2a1dbdfc3f7351f1e66554

    SHA256

    f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412

    SHA512

    3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

    Download Submit

  • /storage/emulated/0/baidu/tempdata/yol.dat
    Filesize

    24B

    MD5

    1681ffc6e046c7af98c9e6c232a3fe0a

    SHA1

    d3399b7262fb56cb9ed053d68db9291c410839c4

    SHA256

    9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0

    SHA512

    11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

    Download Submit