Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    86cbf58a89d1924589717665084f3242_JaffaCakes118

  • Size

    17.0MB

  • Sample

    240531-nap8dsfd91

  • MD5

    86cbf58a89d1924589717665084f3242

  • SHA1

    3e1d3f1c0ab87d5e9be9de0b1454353b34d8e735

  • SHA256

    98252d35caa7a50f6f2a8be42e219fe75e79e30ced991567d74531eea50a215c

  • SHA512

    05e5ef439c4799a917b6a7ffa066e76c11a36d5ca781f36b9a312752364035e2ec6b5326b51b4f9a27428eeefced95189c943dc309070cf81cb3019052db82c3

  • SSDEEP

    393216:apXWmFrxuPMS+eBK3GwKiM5w3vXS7y1rQHN0doiKIPrHylmsoqCyA:gXJtIUSZBK3CD5w3PS7crQHNkoivelmP

Malware Config

Targets

    • Target

      86cbf58a89d1924589717665084f3242_JaffaCakes118

    • Size

      17.0MB

    • MD5

      86cbf58a89d1924589717665084f3242

    • SHA1

      3e1d3f1c0ab87d5e9be9de0b1454353b34d8e735

    • SHA256

      98252d35caa7a50f6f2a8be42e219fe75e79e30ced991567d74531eea50a215c

    • SHA512

      05e5ef439c4799a917b6a7ffa066e76c11a36d5ca781f36b9a312752364035e2ec6b5326b51b4f9a27428eeefced95189c943dc309070cf81cb3019052db82c3

    • SSDEEP

      393216:apXWmFrxuPMS+eBK3GwKiM5w3vXS7y1rQHN0doiKIPrHylmsoqCyA:gXJtIUSZBK3CD5w3PS7crQHNkoivelmP

    • Checks if the Android device is rooted.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Reads device subscriber ID

      Uses Android APIs to read subscriber ID (IMSI on GSM devices).

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Checks Android system properties for emulator presence.

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

    • Checks known Qemu files.

      Checks for known Qemu files that exist on Android virtual device images.

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Queries the mobile country code (MCC)

    • Registers a broadcast receiver at runtime (usually for listening for system events)

    • Checks if the internet connection is available

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Schedules tasks to execute at a specified time

      Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    • Listens for changes in the sensor environment (might be used to detect emulation)

MITRE ATT&CK Mobile v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.