Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
186s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
15/06/2024, 09:00
Static task
static1
Behavioral task
behavioral1
Sample
ada7bcd4c5c115200374cc7c17c011ba_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
ada7bcd4c5c115200374cc7c17c011ba_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
ada7bcd4c5c115200374cc7c17c011ba_JaffaCakes118.apk
-
Size
5.1MB
-
MD5
ada7bcd4c5c115200374cc7c17c011ba
-
SHA1
3824cb205b894c5898be4c1fcaef08dfe3977953
-
SHA256
d34975ef63b80421f6ce1bc0ff603f3d7fd60202b6c80da7e3f1d67d8b91c264
-
SHA512
bb2a92b6b48fd451bb8592c0752bbee5a92f64c4ced33185867ce34da2f9ecb4015053045091cea54328655f22e45bee91bf3670d4185d7603e5827591100a69
-
SSDEEP
98304:88RIlBLSBiZeDqdAPrdDpK30WocCfI+Kk576ntYuSSMPqBvzSJTa62:8CMLvxdMJDpK34IZXn1MPKvzZ
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.xiaochen.android.fate_it Framework service call android.app.IActivityManager.getRunningAppProcesses com.xiaochen.android.fate_it:remote -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
description ioc Process Framework service call android.net.wifi.IWifiManager.getScanResults com.xiaochen.android.fate_it:remote -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.xiaochen.android.fate_it:remote -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 10 alog.umeng.com -
Queries information about active data network 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.xiaochen.android.fate_it Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.xiaochen.android.fate_it:remote -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.xiaochen.android.fate_it -
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.xiaochen.android.fate_it:remote -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.xiaochen.android.fate_it:remote -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.xiaochen.android.fate_it Framework API call javax.crypto.Cipher.doFinal com.xiaochen.android.fate_it:remote -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.xiaochen.android.fate_it
Processes
-
com.xiaochen.android.fate_it1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4170
-
com.xiaochen.android.fate_it:remote1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4206
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5887e87741a427709580f86cce5e30fe0
SHA193a7d57a9e54abf6e734a41b65046e29971ac863
SHA256b7fa6ac5c1ea7f7573590fe8f9aeeaf959c9d44f413e58471aa08a4f0e0a4386
SHA512032d90e70476301eddeaee004df565188b012abcb7f59f6eb2d7f65bb9bbc140aae6d760f69a46f59f8d12ec2d26c307fa89802a01550bebf2963522850c5c5a
-
Filesize
512B
MD5b91882ef84e193c15e744710828facc6
SHA17050c205621e676bce237eae20217b587799a3ed
SHA256906c2ff01e2ad0a66c93acdb1664d47323ff155c770bd98375b62f7ca5290faf
SHA5126ef3a4299685f7e7ba5aebcac51a6d284023435f2e50f4ea05b654b39f2b61782b6fc374d5a43ff4f2bb86e99c170a58a4f8222cb7faff4583b4c5498102562b
-
Filesize
32KB
MD53bc1f072a0de0314dc3d8d1dcfbc992b
SHA100745aeae33221dd2efb9d34e647777460c7eecc
SHA256622784ebd10f0b38785cb07f23fe16a578d41b5274486458b346ad7af6b3cd64
SHA512422d5b1e81685f1ebdbbc256d7170f2c7ca84e0be08958bc0f1a0ab38e17f32552d025a99222cbca07da7a58a7e59cbcb07daec49737fd07dd57ecc075f5f5a8
-
Filesize
80KB
MD50a9b4420f7e6ef724de307fdfdb5bc59
SHA172a4d535fa0f606f56899e0d7b54eb8bb7a001c7
SHA256d399681824d2cc1621adeca566cea852de6327dd922d9a1c96afb627796975f8
SHA5129e837bf827a680c27f5fbc3c80efbbea7c2c7949301ab470d0251b96d350d0054689cc5e49309b17d91db6e93b0c08105ba10e4070ca95cff67d2e6cccdcf1ed
-
Filesize
567B
MD511c0e75d8fc3cd7f034c1456d8202dcd
SHA147253249b22cd8e25f43aad8186830b837124a3f
SHA256702274bd5f0e4adb4c559923a19082f7cb1fb4ae7f6ef8377a06eea73838864b
SHA51281511263ed3ad0f36ad8a637a9d86d2a47097282d14ebf6de51814838cccdaed9499ac4ec32ab6f961d73be4e2e51743608d1661945a2f9eac25be80f72db792
-
Filesize
32KB
MD5d717ac120e505923f43be48040f7508b
SHA1ef97b3ba668ec684dc382a3ae5dc0a19da549fa9
SHA256acc7a98b7de36c092ff2e5a0f12653426ed7b064af2695389d7f411f953e1832
SHA51223403c598e2e1f786f732c3b7d2b4ea8b1efca3083b59a24da9e5746e3c5ad4c5e9916521fd0a418d2f1899b9db9d7e0f5abd19ef56a509a814064a17798f279
-
Filesize
52KB
MD54b277421f6eaf126845eaf778a1af030
SHA1d86633eeb0907deb46bde16826cf2acb8dcba369
SHA25613a003ecf262d31e100e4c0c7c2d0576ae889661dfc98c4243500b9c8a36146d
SHA512ad0774d6fac52a0be945fa91d4a4e117a2b9bc6afda76d5c2aaaf7cfec5f21119c2e95996cbe11a19506077c515ef6c343500fb685c1d6a570bd44cb565e0e4a