Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

6

8ce0dcfa57...18.apk

android-9-x86

8

8ce0dcfa57...18.apk

android-10-x64

6

__xadsdk__...__.apk

android-9-x86

__xadsdk__...__.apk

android-10-x64

__xadsdk__...__.apk

android-11-x64

Analysis

  • max time kernel
    66s
  • max time network
    132s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    02/06/2024, 04:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8ce0dcfa579444eb5eb4c0fbfb5e5842_JaffaCakes118.apk

  • Size

    2.8MB

  • MD5

    8ce0dcfa579444eb5eb4c0fbfb5e5842

  • SHA1

    b84d50de01feb152daa8eaf8415e0afd4fd3c9db

  • SHA256

    4a4f4314958c02123293022d18ed8d88171bdf6e43c86451b131a0db9ea4df55

  • SHA512

    f9683763c426b01cb033387812bd3ab4a71d7db9b40dfcdd88f839cc8b69d2a1efbf71fc9141b4c9e54870fa9c6f2f91df15738fa10d6be45559598dd2cec8dd

  • SSDEEP

    49152:y6xtl5LKA6Yh+pSJQURYe6TYTOe6otIAZT4ltaJrAlShs9hegenWubsr3AZW9wVd:lxNGAh+pSJWToV2AZTlrAEhsOgeDO3A9

Score
8/10
collectiondiscoveryevasionpersistence

Malware Config

Signatures

  • Requests cell location 2 TTPs 2 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs

Processes

  • com.bwlb.hshdhuiguniang
    1⤵
    • Requests cell location
    • Checks CPU information
    • Checks memory information
    • Queries information about the current Wi-Fi connection
    • Queries information about the current nearby Wi-Fi networks
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    PID:4256

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.bwlb.hshdhuiguniang/app_baidu_ad_sdk/__xadsdk__remote__final__builtin__.jar
    Filesize

    83KB

    MD5

    966547c106f73a784aca1aa135361d0f

    SHA1

    a53168f930ff22474537b2eead4b664add275086

    SHA256

    0da3a3da3e7d97417fdcea5e7474bd92ba5eb1d087726bff38421efb0d6aa751

    SHA512

    3d7cf4c1c501c2c7b4a9616608776a1085abdcc9555fc27ad99e199ff6d0eaae9e88fb98fe172d795884462bc20b1f276330b27029439519238184b0a6d78caf

    Download Submit

  • /data/data/com.bwlb.hshdhuiguniang/files/.um/um_cache_1717302207638.env
    Filesize

    718B

    MD5

    f50a2c4fe640d58e2f32c0dcfb35ef42

    SHA1

    1bdd623abd2481928b908cf54a2e89595991e9ad

    SHA256

    60128aec62edf0170fb715a290fa1f5c9885723fff1f6afbc7797c959c0986e3

    SHA512

    e6b75e655fc92976218143790f2548e4187cc315c735be75bf63fa1db0ac1ba9dc03341f04f03d7b14918d7a1befa0abc283719d149fcde1aaa2cc25e1f30e7e

    Download Submit

  • /data/data/com.bwlb.hshdhuiguniang/files/.umeng/exchangeIdentity.json
    Filesize

    162B

    MD5

    7c1d0253b7a2fd8fdde814d715d5eab6

    SHA1

    26dbeeae30d9b99d2c34ec83083f2d10a5bd4d1e

    SHA256

    f27f00206a2b8e4807c13fa9348ac2a078845c3d8e771a52510734edf9d86383

    SHA512

    fde9d554425464d9f6f8ad245cde21fe0b536909225edbaecf080b50bc3273e9277c9b99aa7116317cc726a3f58d92ffe78dc69fe79a9766435904f7446d1413

    Download Submit

  • /data/data/com.bwlb.hshdhuiguniang/files/umeng_it.cache
    Filesize

    415B

    MD5

    05733f1f06ca8babaacbb254ea88d7fd

    SHA1

    e5f9f445a9cd46c153ce131c8a67e2dbcf2af82f

    SHA256

    9d2754673d4e1f65c773a47472ebddd7334fec19e5e1a1dd9d437ccc016dc070

    SHA512

    c396812e4095b980ed7a7ef4a928962d6e4ee2db77433dcb1f934b7b810cb900a5406a926638c252f787789e9485a00c2ef11cefe66338540a2c9f737d141141

    Download Submit