Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    49s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240611.1-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system
  • submitted
    15/06/2024, 18:20

General

  • Target

    afc10a970ec6340ddfd1b70330433f82_JaffaCakes118.apk

  • Size

    2.9MB

  • MD5

    afc10a970ec6340ddfd1b70330433f82

  • SHA1

    6ac73d8fa403a832dbf162ca1cd5986355a31d77

  • SHA256

    c862d5bdd4491f7b38a920f42af87d6f80398cf29d3484d81ee63dd455046fb6

  • SHA512

    cec72a27e9e6e14bfa4432068ef033ac3a89d4a643fe8ddf8d27fc056826ca459e1644cfafeaef2335b2ab8032fd44e7f7e3d4d75ada8d8e9b4f6cc22feab8c1

  • SSDEEP

    49152:0AoiGnyJ0v6HpFVAqnq42tW019qcJzm8gzxsjTq1uP4zVA40bDpoWlrLwz6QiAJP:ho9Zv2FVAqq42o01tJ68gzxkWC4640bm

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.example.wzv
    1⤵
    • Loads dropped Dex/Jar
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:4241
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.example.wzv/files/com.djob.qxgtg.jar --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.example.wzv/files/oat/x86/com.djob.qxgtg.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4299

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.example.wzv/files/.imprint

    Filesize

    895B

    MD5

    4b1bfd91063427589757d3463c7db0d3

    SHA1

    ae124a335e13458cd73a565a42df59eb55e5db82

    SHA256

    8d0874d676d62a082726d90961face11c555acd89e34c96163fca2237762e128

    SHA512

    d7e28c1154e353a20502afe5632fc6b8b4c638b84afca7d499e0e4f97a34b22277be87a56cbf4a903b2514725c4a3e4b45cb4ca1c571518688db8163ee71c692

  • /data/data/com.example.wzv/files/com.djob.qxgtg.jar

    Filesize

    214KB

    MD5

    5dee8b5bcbb6ebc65895fc0c7165f70b

    SHA1

    b14d2fe53d4ea9215ae31b78e31b1675674cb2ab

    SHA256

    97f0bb9fc1078231499d6dd718486485be6a5e1172cc655fe355de085155c2d3

    SHA512

    c0a1c696ba7522d38e44306a3a462c186d13ee7f8946261b41a8fec7be603f899c870d32b87a1b8ac0754af33fea413ba22fa2ad145480173072374b056e5cbf

  • /data/data/com.example.wzv/files/umeng_it.cache

    Filesize

    310B

    MD5

    987b28586e6fbd9615ba61945a2ce9ca

    SHA1

    39908087c76d620a67a0a3e1546e74ab59e40a64

    SHA256

    c07b788cf06e338e07adca5b90c01506cf75ca68e658cf0acd3a808b1967a9e1

    SHA512

    1b991ce655c990b78363a9bdc044066d87692869b07d9c6339766c306170db23d0fa8dd009ba8c1c136d0b3ed86caf53f39301417dce588c8cabd4960ca1ff69

  • /data/data/com.example.wzv/files/umeng_it.cache

    Filesize

    158B

    MD5

    4de4c39bba9b19ed45c7385fa1ee8403

    SHA1

    49e099159dd94d4b8018596258fcc6a917ea06c5

    SHA256

    11a075601231234123fe422040372c267449a72d6351e826658fe68e8758334a

    SHA512

    3d5afdd82df033a9f3e9cfe119049752569c25845f3c2a12c126134345f6656827c204bacce431bae18bc89c52af34a5cce39dcefb77d493e87074c59818023d

  • /data/user/0/com.example.wzv/files/com.djob.qxgtg.jar

    Filesize

    416KB

    MD5

    f71ffb817352822f0d3b16099bd2d0b1

    SHA1

    a61e493c8af3dd0cda67b3a00adb802c0fee6aa8

    SHA256

    75a8cb0fc53bfd041b44643c989757066416d497bfbafdd15b4da07f67f1e5ac

    SHA512

    dcfcc5624c632b7f06ef87b3e044c5174fbc623e541c24d73baf872da96653be0b6742e2cf1891ba4242908a752f4a331d14ab5338ec4317a46f66b941328373

  • /data/user/0/com.example.wzv/files/com.djob.qxgtg.jar

    Filesize

    416KB

    MD5

    459742ab80299e574d063ff524ea1256

    SHA1

    992dc89f4c1119d998632adbe32abf2f7bf85f29

    SHA256

    3b84b1f26360b2f223fbd71928b56c464ca1bffd8309d3ca4d89e0edd462a868

    SHA512

    3fc91ad0d2414c0f1e9ed6df8027731cd10344fa762ec29d2f1d8f12ad4c2e6a12b4e983aa2527071b30bf23b1a2c28a59721264f666bfe1481f13c1e496249b