Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

6

b3a98bcc59...18.apk

android-9-x86

8

b3a98bcc59...18.apk

android-10-x64

8

gdtadv2.apk

android-9-x86

Analysis

  • max time kernel
    6s
  • max time network
    187s
  • platform
    android_x64
  • resource
    android-x64-20240611.1-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
  • submitted
    16/06/2024, 13:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b3a98bcc59829842b2f694e4de27d404_JaffaCakes118.apk

  • Size

    11.2MB

  • MD5

    b3a98bcc59829842b2f694e4de27d404

  • SHA1

    2dd9d085b61f8d02baa94c98252f84df01706c89

  • SHA256

    2d67d664a2e1b4881a71e5a6210152cf2b090438f37a40d9e1729c9fae67bcd5

  • SHA512

    45077ac7b74a49f535cefc0875b54e40e943ff6ec312acd8496aa805828d210705000b3264a557eedceb4eb035b107f2423fa1cbcdeb82ea9faed3f757cd2b44

  • SSDEEP

    196608:OCMGED9Rx6tjyd/8HupTmcY34EMiSafTdC9FwNdueb4p2kid7EJ3h84isvMKLVI:OvGIUt+OHupZKrMiHUuK2rI84ir+VI

Score
8/10
collectiondiscoveryevasionpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 3 IoCs
    evasion
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
    discovery
  • Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
    evasion
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.tieniu.lezhuan
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Listens for changes in the sensor environment (might be used to detect emulation)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    PID:5153

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tieniu.lezhuan/app_crashrecord/1004
    Filesize

    58B

    MD5

    0d210bfb2a0e1f1b4c082a6a0f79de07

    SHA1

    bb8ed9e364db79d1d9f2fcde3f15091893222faa

    SHA256

    988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

    SHA512

    536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

    Download Submit

  • /data/data/com.tieniu.lezhuan/app_crashrecord/1004
    Filesize

    228B

    MD5

    226fb0dcc61bc1b15e1c6811bc69cbe3

    SHA1

    305cd912dce227b2f4da7e6fdde61d7df16417b9

    SHA256

    eff8f84f1a9c737506b331edebe0a5748576f343408573d2312abf956d40991f

    SHA512

    d0d0e6730aa148081b59bc9c1a371baf66b1509d7c5bf36cda72348cad3cf237fac8e4ae836cd2bc6475936f9649123a0f6bbb3058a683eb2d5efb5ebe2bc78f

    Download Submit

  • /data/data/com.tieniu.lezhuan/databases/bugly_db_
    Filesize

    52KB

    MD5

    98eddae9b56be219b48c54a87fa3294c

    SHA1

    1fd1dd8a51e58c29f748ff389ab320faf86933d9

    SHA256

    c03d8d257494ae1f3e3fe4f0c22d0a569ab1e45835749f03fa30c8b9849f9aa5

    SHA512

    242ec10fe16e04ce0836540815a7d9e92bcdb86ad5cca954f23da91b6005f5f0744a956e5cb6807d4a46ec1a2db7be01f7ffe9e3cec5b385f67f8dfc19d3891d

    Download Submit

  • /data/data/com.tieniu.lezhuan/databases/bugly_db_-journal
    Filesize

    8KB

    MD5

    087f47bdf2f2d0503ee882c2174126e1

    SHA1

    c47fe2f66dfb95b484c0053190b6646d1118053d

    SHA256

    f98595dc441f7fab7ee8739120d551504e745511748af615c16042b42aeb834f

    SHA512

    fb7200e16d2c0272f30c304895161b314bae8075baaad75e5b4d7efe4cf5d44955898bed8adb843ec3790ed90ae43bcc8f5d506ba5d9d5473959694fc6d2fcbd

    Download Submit

  • /data/data/com.tieniu.lezhuan/databases/bugly_db_-journal
    Filesize

    8KB

    MD5

    b65e7994909a9801d8fb1067f613bcd3

    SHA1

    81771017332e67555f503f28d8cdadbabc88e2d3

    SHA256

    198f42e8977f7af2250834bce8cb8a8243a3532a778ae5b992beeb225e0462af

    SHA512

    35d58f6f733fc5cb5f8676a88ef51ff662e343deca33d408e1bf451ecfd595961d0652a9e0f137b83f89b54fc9e86e15f0784456daec68ec8276eeb06c111436

    Download Submit

  • /data/data/com.tieniu.lezhuan/databases/bugly_db_-journal
    Filesize

    8KB

    MD5

    91d5c77d9e73e3971ef50583a984d61a

    SHA1

    a67b7a4c5c70824ab9bbaa81d7cad3fe561095ec

    SHA256

    aaadc0bacab5a07ec61f3e8518e8e1b42919890dc6c3eeb533b9af20287dc4f7

    SHA512

    deff7b36666da38e400f12364b3fbfc9f5529da67c966c8a746af3530e03893e3702b3241d9467478ecf08b9203697d7d67de4684ded6cbf52e8be1f3abdd1fa

    Download Submit

  • /data/data/com.tieniu.lezhuan/databases/bugly_db_-journal
    Filesize

    512B

    MD5

    d931531957a9d85f2e8817a8efdc0b1f

    SHA1

    886cbf42f296ddac1a92561ea31f4158a4d0fc8a

    SHA256

    8718a35158201a85e17d620ae52befc790e411bcbd9831ddd14c81238a7e8aaa

    SHA512

    14b23a061e3c86203de3ce8f66b482e389f5245b7094a5fde8d9214ee122ddbdf6f427c25ad7bf01b6ac902f68f757af94964ca4ac88e4670ac2214663154725

    Download Submit

  • /data/data/com.tieniu.lezhuan/databases/downloader.db
    Filesize

    12KB

    MD5

    163b0e3f017becbc89b9d7f330b78f09

    SHA1

    1ef9cd8ac8655190468d0ccece0a4738634ab0f9

    SHA256

    cf01452c3b494692386f6c5faac340eb3eb894bd416391002d56645aa8a9ea36

    SHA512

    6a85a30d16fa58a4fbbb05d469778ee69ca79deaa74316ccb5be3ee07fdf78dde22e95db3edb1b88b18478e8747047445f85baaf9556b9a1e55d9a02a80baffd

    Download Submit

  • /data/data/com.tieniu.lezhuan/databases/downloader.db-journal
    Filesize

    512B

    MD5

    bab5fd7d5c687f807b71a567950987dd

    SHA1

    454aee3bfb781b18ad5facb1c8e3967f8c3bfbf7

    SHA256

    eb67a536e70b9e897d572664fc772a68774f3153b4f832dbf7df8913ef769a97

    SHA512

    8c1f0e20154a99a53d5947fc4958c5337e0570852081be8b3424bf1fb9197eba79b02c3fd06e162dcbfb76315a445f13e30e49b2a8b7ef47e707400a4043cf10

    Download Submit

  • /data/data/com.tieniu.lezhuan/databases/downloader.db-journal
    Filesize

    8KB

    MD5

    7e0468676a32492b3fa0ff11518eb17f

    SHA1

    4cc6997380dc8c0f5ccdc04c24967c87cac9dda7

    SHA256

    8b4f458d05df3ad3ee137e073404d68b1c4886ff3ac7b3d9db9e0a020bef1806

    SHA512

    0b4c481bc45a4bf0df78131111f62fcd7b91ca29df4da8dfb486b8cb485dd1a30482c16b95fbad09d133f2c8da4d5da7bfe3d4dd8373638bf27a1e15eb552644

    Download Submit

  • /data/data/com.tieniu.lezhuan/databases/ttopensdk.db
    Filesize

    48KB

    MD5

    b42c49b45ea1479a7c13f64e8c0d6ae6

    SHA1

    5a1874d7adacd65a87b0a49ca877a7f291c2caec

    SHA256

    e2dd34c69551bf6026cc452ee3e94bc6a9d1861126f72212a092899a12a8dd54

    SHA512

    cb4dd39007dd0ae6ee4a8aedf27d2eb7eb907940bc9c1097b43070568dcce0a8eafe0b81b60d224a4c90c1d3261f584c62205b447bae701073250b9ce1971510

    Download Submit

  • /data/data/com.tieniu.lezhuan/databases/ttopensdk.db-journal
    Filesize

    512B

    MD5

    2b3f8a769be5e867b1556a844ff0206a

    SHA1

    bb9ce071dfeb41a855cd373106a0311a960ba223

    SHA256

    f04ff4147751a34b666c91f2be6fc17cb3101b4a4830853bc7695af1d49f6199

    SHA512

    4154f52d01ebeb7de83c06df3b205916246c82218da3ea2615a2f0b5b128598c81d3924a4b7da1637e97d44e41947c5c25e4eacbe4c8a11af3ce42d5ff53c612

    Download Submit

  • /data/data/com.tieniu.lezhuan/databases/ttopensdk.db-journal
    Filesize

    8KB

    MD5

    9abd3bbd63b3544918be48885279eb89

    SHA1

    9356b76e19c02a3804f3b1f4ccd421ad2adfcdcd

    SHA256

    11bd08babc3e94c965f803c775aa8c6d8f7b60446af3616708f42f6c93e31ce9

    SHA512

    f7a2c3e010d83bbdc8ff31b24f01edcd8f072c9ddeb1bafc3695f7792b3248a8a37396e5bb3c898d4c9bd998caaf20f06215208d2078751252078861196d02be

    Download Submit

  • /data/data/com.tieniu.lezhuan/databases/ttopensdk.db-journal
    Filesize

    8KB

    MD5

    8859a40f99e768f378de3d2ea1fcc940

    SHA1

    405411e0eb209fae65f6116529d8dc5a2140b053

    SHA256

    31f6a36507af8b8cbef68eb4ab46ba74ebc58e8a02809fabc87f2eccc44fa903

    SHA512

    4df5ab1d1bc34d19adafb23de8eb537ac488d0adeddac4c06e6edb645d59e06b7ac73e9e61a4a4b9a77fd6a0a55a175f8f24944696aacd878bcbbbb5c9c04c4c

    Download Submit

  • /storage/emulated/0/com.tieniu.lezhuan/config/5ac714da7be6d534dd74c84a097f98e0
    Filesize

    344B

    MD5

    81c233ab39a49c5e1804695652694a44

    SHA1

    bf4f2988a1c6c395c13540e2bf28bf2fa4f9eb1b

    SHA256

    11e46fbbe530ec0e8405fbf05a12ccbe41a71d07a5a8375c3d3fd1cc5c85c4c4

    SHA512

    d8f4be78a6ac599f81824722d47a93a387e09d01bee21faa47def64ddd14cc2d1efc6529bcbcd8fc92012658c6a27fe2cb02cf85ecf6deb7b9c2ca1699c618bd

    Download Submit