Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b33c10d321db51d0b1a4457d9a70e7cf_JaffaCakes118

  • Size

    6.0MB

  • Sample

    240616-neb7bs1eme

  • MD5

    b33c10d321db51d0b1a4457d9a70e7cf

  • SHA1

    68036bf1bf0a1a753402e698045efa94f3951c61

  • SHA256

    a862f15f9fc48c0a455be82e86f1f2c1a1f6191404b53ffc380e2780ffe9ef10

  • SHA512

    2fb212d91fedf6e40fdcdb75e45016dd47c8ec517e5881460a03b10b2de9b8ee6fcc7983a06f3a89982ce9e624521f6e91e8f1b79b0d41795b6d9f36587d6c6d

  • SSDEEP

    196608:yA0bWXGhDBZA4gGq14bCcJ8qeOGOBky4iRISXsNrPYLag:yAC+GhDfA4gYb78wBL4iBXMjEh

Malware Config

Targets

    • Target

      b33c10d321db51d0b1a4457d9a70e7cf_JaffaCakes118

    • Size

      6.0MB

    • MD5

      b33c10d321db51d0b1a4457d9a70e7cf

    • SHA1

      68036bf1bf0a1a753402e698045efa94f3951c61

    • SHA256

      a862f15f9fc48c0a455be82e86f1f2c1a1f6191404b53ffc380e2780ffe9ef10

    • SHA512

      2fb212d91fedf6e40fdcdb75e45016dd47c8ec517e5881460a03b10b2de9b8ee6fcc7983a06f3a89982ce9e624521f6e91e8f1b79b0d41795b6d9f36587d6c6d

    • SSDEEP

      196608:yA0bWXGhDBZA4gGq14bCcJ8qeOGOBky4iRISXsNrPYLag:yAC+GhDfA4gYb78wBL4iBXMjEh

    Score
    1/10
    • Target

      NewMuMaYiMarket.apk

    • Size

      3.5MB

    • MD5

      060475bb8935b6ce583372154fff7180

    • SHA1

      084a087002c04ece06626a3b2685eb62c731a8f5

    • SHA256

      4653d410a8fe58822e6eb45e8548a548a48feb33ea8eec31ab763974299ef4e1

    • SHA512

      98786b62c57c4b121c178bba53fcde931ab9c3d02b4f303561dd9fdb365799806923dd6f4728700d6a1732b9888fc919466d267650a7083cdcfe4a6ad2fda03c

    • SSDEEP

      98304:CODDQIol5oqAzyK/wcU97IbEENbcuHDl9X:JBol5bAzyK3UWRcujlN

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks