Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
86cbf58a89d1924589717665084f3242_JaffaCakes118
-
Size
17.0MB
-
Sample
240531-nap8dsfd91
-
MD5
86cbf58a89d1924589717665084f3242
-
SHA1
3e1d3f1c0ab87d5e9be9de0b1454353b34d8e735
-
SHA256
98252d35caa7a50f6f2a8be42e219fe75e79e30ced991567d74531eea50a215c
-
SHA512
05e5ef439c4799a917b6a7ffa066e76c11a36d5ca781f36b9a312752364035e2ec6b5326b51b4f9a27428eeefced95189c943dc309070cf81cb3019052db82c3
-
SSDEEP
393216:apXWmFrxuPMS+eBK3GwKiM5w3vXS7y1rQHN0doiKIPrHylmsoqCyA:gXJtIUSZBK3CD5w3PS7crQHNkoivelmP
Static task
static1
Behavioral task
behavioral1
Sample
86cbf58a89d1924589717665084f3242_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Malware Config
Targets
-
-
Target
86cbf58a89d1924589717665084f3242_JaffaCakes118
-
Size
17.0MB
-
MD5
86cbf58a89d1924589717665084f3242
-
SHA1
3e1d3f1c0ab87d5e9be9de0b1454353b34d8e735
-
SHA256
98252d35caa7a50f6f2a8be42e219fe75e79e30ced991567d74531eea50a215c
-
SHA512
05e5ef439c4799a917b6a7ffa066e76c11a36d5ca781f36b9a312752364035e2ec6b5326b51b4f9a27428eeefced95189c943dc309070cf81cb3019052db82c3
-
SSDEEP
393216:apXWmFrxuPMS+eBK3GwKiM5w3vXS7y1rQHN0doiKIPrHylmsoqCyA:gXJtIUSZBK3CD5w3PS7crQHNkoivelmP
-
Checks if the Android device is rooted.
-
Checks Android system properties for emulator presence.
-
Checks known Qemu files.
Checks for known Qemu files that exist on Android virtual device images.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries information about the current nearby Wi-Fi networks
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Queries the mobile country code (MCC)
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Checks if the internet connection is available
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Schedules tasks to execute at a specified time
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Listens for changes in the sensor environment (might be used to detect emulation)
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Execution Guardrails
1Geofencing
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
4System Checks
4