Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    179s
  • max time network
    145s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240611.1-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
  • submitted
    15/06/2024, 09:00

General

  • Target

    ada7bcd4c5c115200374cc7c17c011ba_JaffaCakes118.apk

  • Size

    5.1MB

  • MD5

    ada7bcd4c5c115200374cc7c17c011ba

  • SHA1

    3824cb205b894c5898be4c1fcaef08dfe3977953

  • SHA256

    d34975ef63b80421f6ce1bc0ff603f3d7fd60202b6c80da7e3f1d67d8b91c264

  • SHA512

    bb2a92b6b48fd451bb8592c0752bbee5a92f64c4ced33185867ce34da2f9ecb4015053045091cea54328655f22e45bee91bf3670d4185d7603e5827591100a69

  • SSDEEP

    98304:88RIlBLSBiZeDqdAPrdDpK30WocCfI+Kk576ntYuSSMPqBvzSJTa62:8CMLvxdMJDpK34IZXn1MPKvzZ

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Queries information about running processes on the device 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 2 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Reads information about phone network operator. 1 TTPs
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.xiaochen.android.fate_it
    1⤵
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:4409
  • com.xiaochen.android.fate_it:remote
    1⤵
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Queries information about active data network
    • Listens for changes in the sensor environment (might be used to detect emulation)
    PID:4452

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.xiaochen.android.fate_it/databases/weshot.db

    Filesize

    68KB

    MD5

    dfbec8e78dd4ce3d40ade2d0f07e1718

    SHA1

    31c6b50d5d7d7998f3167584b0bc22f2acf5c613

    SHA256

    0f1fe25e9b52ae9c6d63251192d5f711d89a8a1126dcb524a6f6d40b047324c8

    SHA512

    85f96bf390c14a17bf9755c94a3e2df4fcf30857147b3e2717e2e44a61db2f3afc29b7e9f2aeb871b6bdf72d042921a0c9db00d493619134d7e88d44127897de

  • /data/user/0/com.xiaochen.android.fate_it/databases/weshot.db-journal

    Filesize

    512B

    MD5

    456d5c50d3c8e52e741d8c1f21252dde

    SHA1

    d4e3922b8d0dc8b6cefa49d1b1533b139f73f606

    SHA256

    2101eda72c295f167db2e5d97f4ad56afb0a94cd560ab530c98a0eadf33b7316

    SHA512

    c90d06ccb2dd94278bf2a16402ee0debb5f0fed8b0b140ff12c9d972e093642c5c1395cc1811a404733501976f53a8ee145712327a0806d0b22fb2530b4af425

  • /data/user/0/com.xiaochen.android.fate_it/databases/weshot.db-journal

    Filesize

    28KB

    MD5

    e2c58b77c8409b969743565ec4a39d38

    SHA1

    cf67fd7fe48b4c0d371c7038953d96ae66cee0a4

    SHA256

    56574ed9d8db3a39aa60baaafa9f8b1c55353a494718918eceebb096ef1f773c

    SHA512

    768db6a41301f9b0d6e36911e2635bd5d4f69e7b5ca755787b7d53669e2ce740669b8a5d2d0c5e49c765195af9098f6c61a87c12be7cfe435d4f19e26597813b

  • /data/user/0/com.xiaochen.android.fate_it/databases/weshot.db-journal

    Filesize

    8KB

    MD5

    0f7940ed8383d8693c8e44f7121e0e45

    SHA1

    474b7fb0d3f13628a550857ffa33daaa304648f4

    SHA256

    a53c4f6d7b1470d6fbfb1a93eb5def432a378f17242a638d38f9a938f3b60b0e

    SHA512

    64c486c5dd613063e6f3ecde9804286bb35b27e87c3425e09403de9d272f0bfd0d28619391a590a6cbc360f094692c63c9dd2a92a38cfe6c5447ce92da4dbbf8

  • /storage/emulated/0/baidu/tempdata/ls.db-journal

    Filesize

    8KB

    MD5

    ae04aa56658992577ff5bcc38356c514

    SHA1

    f4e35baa4295342ca20f0afe7e03af21e47434a5

    SHA256

    04245187d59c42fea1a750336a11928787a0efbc364a303e43439fefbca03926

    SHA512

    cef36e3d9412225c299b1c95acbd9b18cfce276e40a3eda454006a6cab429f6e9818c178173b8fe523e9f3644a72c01c58a46474ca1b12e1be6a24079d566533

  • /storage/emulated/0/baidu/tempdata/ls.db-journal

    Filesize

    8KB

    MD5

    6e15a11413a4b5bad22f3f552b8d1551

    SHA1

    0eb442a0bbda7fab81b3e9e86eb2618b16edcc9d

    SHA256

    0c2ab3f6e53abb3487b9ffc2616b53bb6198e83609b31c17efcf68e375d6bb64

    SHA512

    f4402378643f3a82c466786377f13b6a063e162a079d8fbc48e1d3c197efd95a924bb5827b0b74b23e862066d186b5c11e7de5d0610e1706d9afd05b1969a771

  • /storage/emulated/0/baidu/tempdata/ls.db-journal

    Filesize

    4KB

    MD5

    81e86e292028f3d0a886c28201c12fcf

    SHA1

    f47b1f25bf9e76d998f99c80c7928ddc78722396

    SHA256

    0c6b7e70850c48088ccc38623702edc9558b5f29b8b1313433e62fb8ff2c4972

    SHA512

    5aa454987a3dbc423085dd170ffcaa61b602d42392a48986bdb8f316cf151279f1d6a96d5151c93ab2f89e6a782bc38353fe816af88a58639ec604344cf9b992