Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
48s -
max time network
160s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
14/06/2024, 14:50 UTC
Static task
static1
Behavioral task
behavioral1
Sample
aa439d574e05ed1296fb1f45a89fd846_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
aa439d574e05ed1296fb1f45a89fd846_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
General
-
Target
aa439d574e05ed1296fb1f45a89fd846_JaffaCakes118.apk
-
Size
7.0MB
-
MD5
aa439d574e05ed1296fb1f45a89fd846
-
SHA1
0f02d6ea66ab69d569a37da7ad74bd9c4bbe72f5
-
SHA256
ef332aac877827fc112dae98b4fd904561a27570b54a05a7200095446a3442e3
-
SHA512
7105233bfcf6726a212a79b449f6c8c81a7846b84e87528a8f46a8cd8986fd6cb8a0dbc26fe812b6db0c239c6efd1899c5b05ef93ff505ca950e721f04b3901f
-
SSDEEP
196608:evAcNCDGk0MZQiqDXvvV42ZN4b5TYBLDoevVW0ovVW0XL:4AmkGFMSJXVzO9oge5o5b
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo io.dcloud.H59D94B6C -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo io.dcloud.H59D94B6C -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone io.dcloud.H59D94B6C -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver io.dcloud.H59D94B6C -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal io.dcloud.H59D94B6C -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo io.dcloud.H59D94B6C -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo io.dcloud.H59D94B6C
Processes
-
io.dcloud.H59D94B6C1⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4282
Network
-
Remote address:1.1.1.1:53Requeststream.dcloud.net.cnIN AResponsestream.dcloud.net.cnIN A150.158.157.83stream.dcloud.net.cnIN A43.142.22.58stream.dcloud.net.cnIN A43.142.67.81stream.dcloud.net.cnIN A43.142.150.110stream.dcloud.net.cnIN A43.142.166.20stream.dcloud.net.cnIN A49.234.42.40stream.dcloud.net.cnIN A49.234.44.193stream.dcloud.net.cnIN A115.159.41.92stream.dcloud.net.cnIN A124.220.154.50
-
Remote address:1.1.1.1:53Requestservice.dcloud.net.cnIN AResponseservice.dcloud.net.cnIN A115.159.204.155service.dcloud.net.cnIN A124.220.57.196service.dcloud.net.cnIN A110.40.169.99service.dcloud.net.cnIN A110.40.181.119service.dcloud.net.cnIN A111.229.199.57
-
Remote address:1.1.1.1:53Requestback99.artc100.comIN AResponse
-
Remote address:1.1.1.1:53Requestandroid.apis.google.comIN AResponseandroid.apis.google.comIN CNAMEclients.l.google.comclients.l.google.comIN A142.250.187.206
-
Remote address:110.40.169.99:443RequestPOST /collect/plusapp/startup HTTP/1.1
Content-Type: application/x-www-form-urlencoded;charset=utf-8
User-Agent: Dalvik/2.1.0 (Linux; U; Android 9; Pixel 2 Build/PSR1.180720.122)
Host: service.dcloud.net.cn
Connection: Keep-Alive
Accept-Encoding: gzip
Content-Length: 549
-
Remote address:1.1.1.1:53Requeststream.mobihtml5.comIN AResponse
-
180 B 3
-
180 B 3
-
180 B 3
-
180 B 3
-
180 B 3
-
180 B 3
-
180 B 3
-
858 B 40 B 1 1
-
4.7kB 8.6kB 14 23
-
180 B 3
-
6.8kB 5.9kB 22 12
HTTP Request
POST https://service.dcloud.net.cn/collect/plusapp/startup -
180 B 3
-
180 B 3
-
180 B 3
-
180 B 3
-
180 B 3
-
180 B 3
-
180 B 3
-
180 B 3
-
3.7kB 11
-
66 B 210 B 1 1
DNS Request
stream.dcloud.net.cn
DNS Response
150.158.157.8343.142.22.5843.142.67.8143.142.150.11043.142.166.2049.234.42.4049.234.44.193115.159.41.92124.220.154.50
-
67 B 147 B 1 1
DNS Request
service.dcloud.net.cn
DNS Response
115.159.204.155124.220.57.196110.40.169.99110.40.181.119111.229.199.57
-
64 B 137 B 1 1
DNS Request
back99.artc100.com
-
69 B 109 B 1 1
DNS Request
android.apis.google.com
DNS Response
142.250.187.206
-
66 B 139 B 1 1
DNS Request
stream.mobihtml5.com
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
335B
MD5585839d66722cfd02e40cb740cccb633
SHA1374c19200fee201b26d0153487a281a934615884
SHA25686a9bb4985cca6c9636c4fd071bef4b70ba7b3a5eb51af869a1299dc2b1574a8
SHA51209bbe1bf1455861fd4732f2d1945c84bac34090906ac2fab75d144c22ffcf6bc585c8209e94a2b1919c8402df53966081a1af2993e12261ae4c4ac5568667d88
-
Filesize
24B
MD539c27456f2f4093f9d19df890031bb0b
SHA1c42eefc1a7c128ca92b09e54c1ca423f2c13a3cf
SHA25607c3e8b4414c37b35ecadb4d76f7ae9eabe367ef387c06213a756b3ab6eb9294
SHA5124bb9dab37b5be5a9c95c6de02ba7404f8ee74e458eb4b1e4ee523f3bae90cc5fff7047e364fbb3dec9ad7e994eeb71a46cc08c547610c4ff929cfb635d02002a
-
Filesize
32B
MD5fe03ca0240e5a707705d71c10e7f9f46
SHA1f9030d3d733a1cd485626fb6b399e3095e2eb123
SHA2562ee68249228053191a735f7b10beea14aa4ddeb465a9baf29e7a69700e85e157
SHA512a289424b462ca39e0deba8c6dfea9e31bf1e04e8d93904e8e9cb1b2ecd395cc124a1703496f2646fd863dee97c9530173cec2807f69c5c758dd4c35efd42fd5d