Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7c483e372b2414653a8721e891687033_JaffaCakes118

  • Size

    31.0MB

  • Sample

    240528-j36zdscb8w

  • MD5

    7c483e372b2414653a8721e891687033

  • SHA1

    b7a58c6e9dd9b0ac5019bf2a710023fb26776421

  • SHA256

    c14a60558b26ad8952235ae418120dbe8d9809802115a11c2d6205c123b2cf51

  • SHA512

    752de6187238eb13eec21aba904d8c400e96992a4e8c8209c928cd95049d95f687aac882756e684770a898b9b9f6f88b3e8f66d1f8c3b848d05733a3a819d045

  • SSDEEP

    786432:mMviIRlEqjmFnYL4quYkgnFBe/3+bFTs9aQ:mMaI7tmYkquYi/3+bFTtQ

Malware Config

Targets

    • Target

      7c483e372b2414653a8721e891687033_JaffaCakes118

    • Size

      31.0MB

    • MD5

      7c483e372b2414653a8721e891687033

    • SHA1

      b7a58c6e9dd9b0ac5019bf2a710023fb26776421

    • SHA256

      c14a60558b26ad8952235ae418120dbe8d9809802115a11c2d6205c123b2cf51

    • SHA512

      752de6187238eb13eec21aba904d8c400e96992a4e8c8209c928cd95049d95f687aac882756e684770a898b9b9f6f88b3e8f66d1f8c3b848d05733a3a819d045

    • SSDEEP

      786432:mMviIRlEqjmFnYL4quYkgnFBe/3+bFTs9aQ:mMaI7tmYkquYi/3+bFTtQ

    • Checks if the Android device is rooted.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Reads the content of photos stored on the user's device.

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Checks if the internet connection is available

    • Requests cell location

      Uses Android APIs to to get current cell information.

    • Target

      com.baidu.appsearch.clean.apk

    • Size

      2.1MB

    • MD5

      0728a78f509210b743d7fa5d6a2ed47d

    • SHA1

      646548ba7f4fd6735ec3c67407facfe8b4da8b5a

    • SHA256

      3381d5fb20ca460907d9c73c5c3dc120062119a5e6de84e21e6dd5b3e83c0f5e

    • SHA512

      faa14176dbc20762ea7125a444578add80db0c84c2df094592c63134f90832acc2e39a4a68c9a7a258c5176263d7b7750d95821a05b1c13b92f5dd8204d16720

    • SSDEEP

      24576:oQu4Xif5lMi8xl6cTddCRnAdI9hFaA9IfyVz3K7JCDYgYza7uXBrb9xH6IShmX68:oQpXpiPSddCRnewhVDK7Ekg8XBzHCmf

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Checks if the internet connection is available

    • Target

      com.baidu.searchbox.novel.apk

    • Size

      2.8MB

    • MD5

      a91100974bbd2c98c6290f252c48eb92

    • SHA1

      77c42c566b682a5f9d5ca059fe92923f0645e6b4

    • SHA256

      dc1600c45a5d6db01aaf6d2a7505d517abdba01f30c089bf6560d4df65fd503e

    • SHA512

      33967e9ecba74206983909ecddf1176ef465460c10e0124434c954bfba6a6c08a3308044b6026970c30610b4bd2af888df54cea1cf0441f89f1eecbc6cc61fc0

    • SSDEEP

      49152:kLecQ1h4Oxcmem4RygNBo6fTP+neO51rUgIzw4YdYzJKKkMr/mRfmCG8I6v5Mthf:kWh42exRyel7PgL+M5sxcTzWhdJ

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries the mobile country code (MCC)

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Checks if the internet connection is available

MITRE ATT&CK Mobile v15

Tasks