Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

6

8eadeb05c0...18.apk

android-9-x86

8

8eadeb05c0...18.apk

android-13-x64

gdtadv2.apk

android-9-x86

gdtadv2.apk

android-10-x64

gdtadv2.apk

android-11-x64

Analysis

  • max time kernel
    56s
  • max time network
    172s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    02/06/2024, 16:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8eadeb05c0ffeaff2852e024afae4de2_JaffaCakes118.apk

  • Size

    5.1MB

  • MD5

    8eadeb05c0ffeaff2852e024afae4de2

  • SHA1

    401ad561d9dd73839dfef06984cc8031f5f107ee

  • SHA256

    e627c406e9873ba476b7aa80cbcc2cd7000d66712e74cf164effdbe287f30e89

  • SHA512

    33a8baf1382a11fab8b46c21a2fd0ba87fa870e54740ae83fa2c14f9cea1789a0033eb898db7cc2c9569e859f6e26ec44e104d21aa9222882ee81e9419444a64

  • SSDEEP

    98304:7WaMOc421jhgvl4Coo/oCDlC98NtE41M+eUjaCVRoYtdwV2n6ji8Ug6:KaYLggoHmkt82rZAV7Ug6

Score
8/10
discoveryevasionimpactpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
    evasion
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery
  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.xqyuyinbao.yy
    1⤵
    • Checks if the Android device is rooted.
    • Checks CPU information
    • Checks memory information
    • Loads dropped Dex/Jar
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4239
    • chmod 755 /data/user/0/com.xqyuyinbao.yy/.jiagu/libjiagu.so
      2⤵
        PID:4274
      • sh -c ps
        2⤵
          PID:4421
        • ps
          2⤵
            PID:4421

        Network

        MITRE ATT&CK Mobile v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/data/com.xqyuyinbao.yy/.jiagu/classes.dex
          Filesize

          728KB

          MD5

          0079ad734f5bb6bbd3f1b7edb155cea5

          SHA1

          79b9c8041cb369f5e2bda8bac726d22ff1fbf7b3

          SHA256

          3912133d3ea4b2914ac0f10286d7281798626cff927e853bd224697eb0bafd0e

          SHA512

          0f4107391ae663076f635e50abd63a0302559636fd80ada91bc237edac885967b1b78aaa7b76ef7f390694e39555fc47c0ec02a6c73eb3595e2889d289fd1531

          Download Submit

        • /data/data/com.xqyuyinbao.yy/.jiagu/libjiagu.so
          Filesize

          382KB

          MD5

          aa01dd97609092ce310e17bf791069ce

          SHA1

          f000840a8f68ea7beb2e29ea466088daf55609db

          SHA256

          e432c191f918053ce368e1b1f155b2e1f9e84379611b93aabec0106172b73aa2

          SHA512

          766c120a06215d0950aae32026fcde3eafed8d18ae0de7bc8135a7378a9055c8f0040d61574d9af67fe2b5b90eeae64c62d787343858ae375bb6658df8afe7b4

          Download Submit

        • /data/data/com.xqyuyinbao.yy/.jiagu/tmp.dex
          Filesize

          284B

          MD5

          f1771b68f5f9b168b79ff59ae2daabe4

          SHA1

          0df6a835559f5c99670214a12700e7d8c28e5a42

          SHA256

          9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

          SHA512

          dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

          Download Submit

        • /data/data/com.xqyuyinbao.yy/files/.jglogs/.jg.ac
          Filesize

          40B

          MD5

          60c613feb89570d733125759c1a51a93

          SHA1

          c32e5619a83f7e503eb7310a24746add5c8cbcb4

          SHA256

          38ed7ec6bec30a511a6bfb304e68616df9dedf009eec331f7af7c15b29066dec

          SHA512

          a3943f98a97f8d9cd054587fe8a3511d71c44ca3fdb69610b6116ef391790aeb11192dcdf5a0b67c18d20b7e532d2b5c32e0163d86317085f85f184b21b45a1e

          Download Submit

        • /data/data/com.xqyuyinbao.yy/files/.jglogs/.jg.ac
          Filesize

          40B

          MD5

          69edb49d886df05a78ee1c4fc5d22cb1

          SHA1

          77df2a0a4ffab59db15c899fb2be2060d3220413

          SHA256

          1a2e9c84145b361dc6b5b36efdfaafe2f7535a4416082f71967d2e811aff9960

          SHA512

          acb3870fd1e1975adb36ca501180b83b2e4cffbdb26b00c2aa8bcf207b14abfb6026b42188248f6b4701dce5cfd29e7cc1dca9d060145a6f744a83c9d10a7cb6

          Download Submit

        • /data/data/com.xqyuyinbao.yy/files/.jglogs/.jg.di
          Filesize

          340B

          MD5

          8be6b500130d7099d7ca612f17cf9d1e

          SHA1

          c71fe78a7f78ff8adad0337d2aec34e9d98918d2

          SHA256

          2170be04c3cb915d2f00f603c5c0bab2e61c072dce4e057bf0f107a34d5ddf5a

          SHA512

          aafcba2dc44e938c41eec82dc5d5ea3bb42ce591b89da42dc4bc37e27102fdc17207c3037140060a8264a795812d378c2fe7e9b9218139106df0bcacd0b1528c

          Download Submit

        • /data/data/com.xqyuyinbao.yy/files/.jglogs/.jg.di
          Filesize

          340B

          MD5

          ee6b736b9646fe9c02e667a348b81d3d

          SHA1

          f43023a85cb52bd7c5886d0b5fbc2d1cab477a03

          SHA256

          1d34d58fc06495e41fc0df48ef3cbc73f7c9dd472b203a5b1f342b7754aefdd0

          SHA512

          44faa00d7f6872cb452d590eb66b5f7e0f873f941750d2bc30fa6e2033d5515afbd41708127dcf871c2a16ca852768d4ec3901b60965c467cfa1248bee948b1a

          Download Submit

        • /data/data/com.xqyuyinbao.yy/files/.jglogs/.jg.ic
          Filesize

          40B

          MD5

          3db21bee01c5260d37b61a697a24a957

          SHA1

          cd070efe9f103dc94d31b0960b5809da47ba6e90

          SHA256

          51299671f9674c0d13711e7563f77cef182a6f523f7a134703d5f1218ec87eab

          SHA512

          c88f7893d711b718b043d77240930ffa96b7a9f35a4984233a807b8b1b27d25db3f54e35392717600007088ee091e195a0f441cb7d5e72525f14bb116b8b1c36

          Download Submit

        • /data/data/com.xqyuyinbao.yy/files/.jglogs/.jg.ri
          Filesize

          314B

          MD5

          38672fe2f1d3ef8d455848cf564af4e8

          SHA1

          b17b733231aaf5f6e3641ddb066cb188ca6f4140

          SHA256

          8e2ed5d5e9c4ae037e94c5e3c0bd69a21158b3f7a0d7e5fec3b911c68baeefcb

          SHA512

          c153cfcb60d9c71344d6e5261e30bce916ae4416a48b10a7f5b9eec98841528119cf41cf9ae68e22133d24b1c32efadde295653a308cfd16eabe4ced0c3dca6e

          Download Submit

        • /data/data/com.xqyuyinbao.yy/files/.jiagu.lock
          Filesize

          27B

          MD5

          a6e16d4dd0283623781c1eefb3cbe599

          SHA1

          61dbd53cd584b26e409fd783f840e809c00895ee

          SHA256

          f464b8607ab3ada67ca8a6725c7076b7a713078de1effe279955a0e7593724b7

          SHA512

          37759b63550a92ff131bed90396601baddb27c1a0a8d724431b3ee434664cee07ace804787c9a897a939e5c8b3bf0dd0e9de0b8c7955564d37e196f5bdc95502

          Download Submit

        • /data/user/0/com.xqyuyinbao.yy/.jiagu/classes.dex
          Filesize

          2.3MB

          MD5

          d6c9c14eca87bc1b3804cc371b18052a

          SHA1

          00c20adc91fa052532641bd78cf0fdb6b2e3310b

          SHA256

          942ecc77fb5a5d36942ad4d37e114aa41517c30e521af1917817f35b4c604ba4

          SHA512

          d95e081ef75aae7178e3d9cd9e1e6740eb654e3d63e2b21f0705e8f72619c1096fe95c550c585908698eb6f9a18fa2f1a9725f43464c1678bce8c28c254cff27

          Download Submit

        • /storage/emulated/0/360/.deviceId
          Filesize

          48B

          MD5

          1d8d16c4e3b19ebf18988530d9b9a757

          SHA1

          bc94c1cce05cd848a53271ecb9c5311e27ffebf5

          SHA256

          abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7

          SHA512

          4562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82

          Download Submit

        • /storage/emulated/0/360/.iddata
          Filesize

          32B

          MD5

          c6ffc46dc0e638ea1f52c5ecb83e5037

          SHA1

          3bf1ab50033b93a3873e300b9f28927eed67d66c

          SHA256

          ccae4d4644d456ae4253906ac275061b1690e554ad3312bb61e6cf9d29a238db

          SHA512

          2188c70fe8dc644a1582feb3f99656290c40cc6e1e9b4666ea8c01aa4fc201d0470fed8c91176ef57e095bef7e6cdada6b27c04cc89a3e55159f07c7cc9aeb59

          Download Submit