Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

6

aa439d574e...18.apk

android-9-x86

7

aa439d574e...18.apk

android-10-x64

7

Analysis

  • max time kernel
    48s
  • max time network
    160s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    14/06/2024, 14:50 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aa439d574e05ed1296fb1f45a89fd846_JaffaCakes118.apk

  • Size

    7.0MB

  • MD5

    aa439d574e05ed1296fb1f45a89fd846

  • SHA1

    0f02d6ea66ab69d569a37da7ad74bd9c4bbe72f5

  • SHA256

    ef332aac877827fc112dae98b4fd904561a27570b54a05a7200095446a3442e3

  • SHA512

    7105233bfcf6726a212a79b449f6c8c81a7846b84e87528a8f46a8cd8986fd6cb8a0dbc26fe812b6db0c239c6efd1899c5b05ef93ff505ca950e721f04b3901f

  • SSDEEP

    196608:evAcNCDGk0MZQiqDXvvV42ZN4b5TYBLDoevVW0ovVW0XL:4AmkGFMSJXVzO9oge5o5b

Score
7/10
bankerdiscoveryimpactpersistence

Malware Config

Signatures

Processes

  • io.dcloud.H59D94B6C
    1⤵
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4282

Network

  • flag-us
    DNS
    stream.dcloud.net.cn
    Remote address:
    1.1.1.1:53
    Request
    stream.dcloud.net.cn
    IN A
    Response
    stream.dcloud.net.cn
    IN A
    150.158.157.83
    stream.dcloud.net.cn
    IN A
    43.142.22.58
    stream.dcloud.net.cn
    IN A
    43.142.67.81
    stream.dcloud.net.cn
    IN A
    43.142.150.110
    stream.dcloud.net.cn
    IN A
    43.142.166.20
    stream.dcloud.net.cn
    IN A
    49.234.42.40
    stream.dcloud.net.cn
    IN A
    49.234.44.193
    stream.dcloud.net.cn
    IN A
    115.159.41.92
    stream.dcloud.net.cn
    IN A
    124.220.154.50
  • flag-us
    DNS
    service.dcloud.net.cn
    Remote address:
    1.1.1.1:53
    Request
    service.dcloud.net.cn
    IN A
    Response
    service.dcloud.net.cn
    IN A
    115.159.204.155
    service.dcloud.net.cn
    IN A
    124.220.57.196
    service.dcloud.net.cn
    IN A
    110.40.169.99
    service.dcloud.net.cn
    IN A
    110.40.181.119
    service.dcloud.net.cn
    IN A
    111.229.199.57
  • flag-us
    DNS
    back99.artc100.com
    Remote address:
    1.1.1.1:53
    Request
    back99.artc100.com
    IN A
    Response
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.187.206
  • flag-cn
    POST
    https://service.dcloud.net.cn/collect/plusapp/startup
    Remote address:
    110.40.169.99:443
    Request
    POST /collect/plusapp/startup HTTP/1.1
    Content-Type: application/x-www-form-urlencoded;charset=utf-8
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
    Host: service.dcloud.net.cn
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Content-Length: 549
  • flag-us
    DNS
    stream.mobihtml5.com
    Remote address:
    1.1.1.1:53
    Request
    stream.mobihtml5.com
    IN A
    Response
  • 150.158.157.83:80
    stream.dcloud.net.cn
    180 B
     3
  • 115.159.204.155:443
    service.dcloud.net.cn
    180 B
     3
  • 115.159.204.155:443
    service.dcloud.net.cn
    180 B
     3
  • 43.142.22.58:80
    stream.dcloud.net.cn
    180 B
     3
  • 124.220.57.196:443
    service.dcloud.net.cn
    180 B
     3
  • 124.220.57.196:443
    service.dcloud.net.cn
    180 B
     3
  • 43.142.67.81:80
    stream.dcloud.net.cn
    180 B
     3
  • 216.58.212.238:443
    tls, https
    858 B
     40 B
     1
    1
  • 142.250.187.206:443
    android.apis.google.com
    tls
    4.7kB
     8.6kB
     14
    23
  • 110.40.169.99:443
    service.dcloud.net.cn
    180 B
     3
  • 110.40.169.99:443
    https://service.dcloud.net.cn/collect/plusapp/startup
    tls, http
    6.8kB
     5.9kB
     22
    12

    HTTP Request

    POST https://service.dcloud.net.cn/collect/plusapp/startup
  • 43.142.150.110:80
    stream.dcloud.net.cn
    180 B
     3
  • 110.40.181.119:443
    service.dcloud.net.cn
    180 B
     3
  • 43.142.166.20:80
    stream.dcloud.net.cn
    180 B
     3
  • 111.229.199.57:443
    service.dcloud.net.cn
    180 B
     3
  • 49.234.42.40:80
    stream.dcloud.net.cn
    180 B
     3
  • 49.234.44.193:80
    stream.dcloud.net.cn
    180 B
     3
  • 115.159.41.92:80
    stream.dcloud.net.cn
    180 B
     3
  • 124.220.154.50:80
    stream.dcloud.net.cn
    180 B
     3
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    stream.dcloud.net.cn
    dns
    66 B
     210 B
     1
    1

    DNS Request

    stream.dcloud.net.cn

    DNS Response

    150.158.157.83
    43.142.22.58
    43.142.67.81
    43.142.150.110
    43.142.166.20
    49.234.42.40
    49.234.44.193
    115.159.41.92
    124.220.154.50

  • 1.1.1.1:53
    service.dcloud.net.cn
    dns
    67 B
     147 B
     1
    1

    DNS Request

    service.dcloud.net.cn

    DNS Response

    115.159.204.155
    124.220.57.196
    110.40.169.99
    110.40.181.119
    111.229.199.57

  • 1.1.1.1:53
    back99.artc100.com
    dns
    64 B
     137 B
     1
    1

    DNS Request

    back99.artc100.com

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.187.206

  • 1.1.1.1:53
    stream.mobihtml5.com
    dns
    66 B
     139 B
     1
    1

    DNS Request

    stream.mobihtml5.com

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/io.dcloud.H59D94B6C/files/cnc3ejE6/eje3cnc
    Filesize

    335B

    MD5

    585839d66722cfd02e40cb740cccb633

    SHA1

    374c19200fee201b26d0153487a281a934615884

    SHA256

    86a9bb4985cca6c9636c4fd071bef4b70ba7b3a5eb51af869a1299dc2b1574a8

    SHA512

    09bbe1bf1455861fd4732f2d1945c84bac34090906ac2fab75d144c22ffcf6bc585c8209e94a2b1919c8402df53966081a1af2993e12261ae4c4ac5568667d88

    Download Submit

  • /data/data/io.dcloud.H59D94B6C/shared_prefs_ext/test_app
    Filesize

    24B

    MD5

    39c27456f2f4093f9d19df890031bb0b

    SHA1

    c42eefc1a7c128ca92b09e54c1ca423f2c13a3cf

    SHA256

    07c3e8b4414c37b35ecadb4d76f7ae9eabe367ef387c06213a756b3ab6eb9294

    SHA512

    4bb9dab37b5be5a9c95c6de02ba7404f8ee74e458eb4b1e4ee523f3bae90cc5fff7047e364fbb3dec9ad7e994eeb71a46cc08c547610c4ff929cfb635d02002a

    Download Submit

  • /storage/emulated/0/.imei.txt
    Filesize

    32B

    MD5

    fe03ca0240e5a707705d71c10e7f9f46

    SHA1

    f9030d3d733a1cd485626fb6b399e3095e2eb123

    SHA256

    2ee68249228053191a735f7b10beea14aa4ddeb465a9baf29e7a69700e85e157

    SHA512

    a289424b462ca39e0deba8c6dfea9e31bf1e04e8d93904e8e9cb1b2ecd395cc124a1703496f2646fd863dee97c9530173cec2807f69c5c758dd4c35efd42fd5d

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.