Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
179s -
max time network
145s -
platform
android_x64 -
resource
android-x64-arm64-20240611.1-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system -
submitted
15/06/2024, 09:00
Static task
static1
Behavioral task
behavioral1
Sample
ada7bcd4c5c115200374cc7c17c011ba_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
ada7bcd4c5c115200374cc7c17c011ba_JaffaCakes118.apk
Resource
android-x64-arm64-20240611.1-en
General
-
Target
ada7bcd4c5c115200374cc7c17c011ba_JaffaCakes118.apk
-
Size
5.1MB
-
MD5
ada7bcd4c5c115200374cc7c17c011ba
-
SHA1
3824cb205b894c5898be4c1fcaef08dfe3977953
-
SHA256
d34975ef63b80421f6ce1bc0ff603f3d7fd60202b6c80da7e3f1d67d8b91c264
-
SHA512
bb2a92b6b48fd451bb8592c0752bbee5a92f64c4ced33185867ce34da2f9ecb4015053045091cea54328655f22e45bee91bf3670d4185d7603e5827591100a69
-
SSDEEP
98304:88RIlBLSBiZeDqdAPrdDpK30WocCfI+Kk576ntYuSSMPqBvzSJTa62:8CMLvxdMJDpK34IZXn1MPKvzZ
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.xiaochen.android.fate_it Framework service call android.app.IActivityManager.getRunningAppProcesses com.xiaochen.android.fate_it:remote -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
description ioc Process Framework service call android.net.wifi.IWifiManager.getScanResults com.xiaochen.android.fate_it:remote -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.xiaochen.android.fate_it:remote -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 21 alog.umeng.com -
Queries information about active data network 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.xiaochen.android.fate_it Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.xiaochen.android.fate_it:remote -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.xiaochen.android.fate_it -
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.xiaochen.android.fate_it:remote -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.xiaochen.android.fate_it -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.xiaochen.android.fate_it
Processes
-
com.xiaochen.android.fate_it1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4409
-
com.xiaochen.android.fate_it:remote1⤵
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4452
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD5dfbec8e78dd4ce3d40ade2d0f07e1718
SHA131c6b50d5d7d7998f3167584b0bc22f2acf5c613
SHA2560f1fe25e9b52ae9c6d63251192d5f711d89a8a1126dcb524a6f6d40b047324c8
SHA51285f96bf390c14a17bf9755c94a3e2df4fcf30857147b3e2717e2e44a61db2f3afc29b7e9f2aeb871b6bdf72d042921a0c9db00d493619134d7e88d44127897de
-
Filesize
512B
MD5456d5c50d3c8e52e741d8c1f21252dde
SHA1d4e3922b8d0dc8b6cefa49d1b1533b139f73f606
SHA2562101eda72c295f167db2e5d97f4ad56afb0a94cd560ab530c98a0eadf33b7316
SHA512c90d06ccb2dd94278bf2a16402ee0debb5f0fed8b0b140ff12c9d972e093642c5c1395cc1811a404733501976f53a8ee145712327a0806d0b22fb2530b4af425
-
Filesize
28KB
MD5e2c58b77c8409b969743565ec4a39d38
SHA1cf67fd7fe48b4c0d371c7038953d96ae66cee0a4
SHA25656574ed9d8db3a39aa60baaafa9f8b1c55353a494718918eceebb096ef1f773c
SHA512768db6a41301f9b0d6e36911e2635bd5d4f69e7b5ca755787b7d53669e2ce740669b8a5d2d0c5e49c765195af9098f6c61a87c12be7cfe435d4f19e26597813b
-
Filesize
8KB
MD50f7940ed8383d8693c8e44f7121e0e45
SHA1474b7fb0d3f13628a550857ffa33daaa304648f4
SHA256a53c4f6d7b1470d6fbfb1a93eb5def432a378f17242a638d38f9a938f3b60b0e
SHA51264c486c5dd613063e6f3ecde9804286bb35b27e87c3425e09403de9d272f0bfd0d28619391a590a6cbc360f094692c63c9dd2a92a38cfe6c5447ce92da4dbbf8
-
Filesize
8KB
MD5ae04aa56658992577ff5bcc38356c514
SHA1f4e35baa4295342ca20f0afe7e03af21e47434a5
SHA25604245187d59c42fea1a750336a11928787a0efbc364a303e43439fefbca03926
SHA512cef36e3d9412225c299b1c95acbd9b18cfce276e40a3eda454006a6cab429f6e9818c178173b8fe523e9f3644a72c01c58a46474ca1b12e1be6a24079d566533
-
Filesize
8KB
MD56e15a11413a4b5bad22f3f552b8d1551
SHA10eb442a0bbda7fab81b3e9e86eb2618b16edcc9d
SHA2560c2ab3f6e53abb3487b9ffc2616b53bb6198e83609b31c17efcf68e375d6bb64
SHA512f4402378643f3a82c466786377f13b6a063e162a079d8fbc48e1d3c197efd95a924bb5827b0b74b23e862066d186b5c11e7de5d0610e1706d9afd05b1969a771
-
Filesize
4KB
MD581e86e292028f3d0a886c28201c12fcf
SHA1f47b1f25bf9e76d998f99c80c7928ddc78722396
SHA2560c6b7e70850c48088ccc38623702edc9558b5f29b8b1313433e62fb8ff2c4972
SHA5125aa454987a3dbc423085dd170ffcaa61b602d42392a48986bdb8f316cf151279f1d6a96d5151c93ab2f89e6a782bc38353fe816af88a58639ec604344cf9b992