Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
22s -
max time network
156s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
13/07/2024, 01:42
Behavioral task
behavioral1
Sample
3fb2c2368484295cc33db07dda7be124_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
3fb2c2368484295cc33db07dda7be124_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
3fb2c2368484295cc33db07dda7be124_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
3fb2c2368484295cc33db07dda7be124_JaffaCakes118.apk
-
Size
8.5MB
-
MD5
3fb2c2368484295cc33db07dda7be124
-
SHA1
23eb40d927ed79e225e78354c4af7d47f0f93e82
-
SHA256
fbd62f0273f0f4f7f9937bdc8a2d9d3cb0ce0687ede74a4a8c34e9c601688db1
-
SHA512
66a3def5c70398bbef54db97f6a8f567e8fdef1a9dc76c2f7a73656e8cae709b7fd05588f67a1b983c59e04ebf527f0faa99de9fb8cccf20b9bc2dfabb89f1dd
-
SSDEEP
98304:CcGgiTW5I9PDSn7wyngcfjDZLjBRTso56FSm8mvaThSDlD:Cc3+W5I9bccMg+ZHTso5038mvaTh8D
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/app/Superuser.apk net.dinglisch.android.taskerm /system/xbin/su net.dinglisch.android.taskerm -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener net.dinglisch.android.taskerm -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone net.dinglisch.android.taskerm -
Checks the presence of a debugger
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver net.dinglisch.android.taskerm -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal net.dinglisch.android.taskerm -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo net.dinglisch.android.taskerm -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo net.dinglisch.android.taskerm
Processes
-
net.dinglisch.android.taskerm1⤵
- Checks if the Android device is rooted.
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4970
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DB7C0375-0001-136A-29C08961211BBeginSession.cls_temp
Filesize77B
MD5dddfbe56ce2dc68521695a1e4466b463
SHA160f0a42f620ce0bacc661e2524bb5df73aa24dde
SHA2562ad7e65c715b0d7e6e7e768842c9bd4eb03efceb36a4df10628de7c51f3b3974
SHA51218b60df97cf4668950fb21feb00cbb684e9ec8d8a0f87bade09103e7fe48b34167378dd2e70ee6eea355fb6aa751cd7fa2a20f00dad4bf2119bfbcbf1e8ef7a9
-
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DB7C0375-0001-136A-29C08961211BBeginSession.json
Filesize132B
MD54165b4b4e7db4dc70fea1140aa0a5dd1
SHA16dc59a5e9c09491ed6d68149234a410573425f1e
SHA25620cc17ee703915e6930e6d80ab3dba570998d3deda2f8c1fc8a84f1ff3e347b3
SHA512270605e3b46b665398bff4dec1ec50ba96e2d989badb829cefdcf7e8dae73e8bfc9bd39304f5f35f432a65a0960b75433d8154fb77782e198167beeb298f8ff2
-
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DB7C0375-0001-136A-29C08961211BSessionApp.cls_temp
Filesize132B
MD58ac2fcd2f11c28896dc75f3ae4726ef0
SHA112267c435b93d3f3ffbfe56831adf17666201618
SHA256647009e9be2a9c7ad4f0f10e8b1d5d5a4b16bfcb8e01cb08cc42933d9735848b
SHA512c5902323ec8736817f6698d1451cfdc79c9f30e374110068a21070b789cb5ebef611a80edfd1c69fdade77bc45d025a497870344faad7429e79f70253a634128
-
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DB7C0375-0001-136A-29C08961211BSessionApp.json
Filesize245B
MD5936e68c1ec303a8dc7ce35f47118c085
SHA19437b9f8475216b2da00c979071896a9eb67a12e
SHA256ed66b1a3c84fe6f41a2703fd22b9cd7f81699cb6a4fdf00b816075b0a1075526
SHA51292f75a6bcfc30ee6c6b0693d2b698748ad4dd0129ffe100c6cb6ef6546fd3cc6a4e7e55a05a6ca9dbbfa84231a22aeaf4494d789f6a17fe57f7d6bfa502fd3e3
-
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DB7C0375-0001-136A-29C08961211BSessionDevice.cls_temp
Filesize48B
MD52390c1f21db00b20c07107e3ec7275fe
SHA1e663a646460acc071aebee942cc1776c23d77655
SHA256d348072a01496839cfcde3a18866423aee74aefd613fa3bf1ff4a203ef46a699
SHA51243ff60754eb60795ca1c318f44dcfe49194add26cc3d92c2eac7bef538fd65b6290f2e5953b8f1693b9425ebbcdd022ab16a18280146ee0b0c2eefe27bc0bd63
-
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DB7C0375-0001-136A-29C08961211BSessionDevice.json
Filesize202B
MD5afa07370d07ed0a8ac9554ee7001bb72
SHA1d1e9de22fda1295087525ff3a377f7d7dd410ac7
SHA2568d4b99fc4968c9cdff4626ff6c1467cdb427f7a597b153f03b4bfb62dde6c07d
SHA512a7a974b1c4ca3d7ca92e1449dc9718d5ea2af7f8e4c605d25c731fb4bbe891fdf340835e2a4e3a363558744e5ee30aec22542f377eb5bffc0097c70d24f241d1
-
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DB7C0375-0001-136A-29C08961211BSessionOS.cls_temp
Filesize15B
MD52566d27ce8c28d8961f082c375d7535e
SHA192fe585b1a2c9c523d2fa1f65ab5c1b6a1a6edaf
SHA2565acdb54ddba2e264f6822fbdbc4e9b5158f57d43785c2f01d981956b18f7a90a
SHA5121c70679bbd25a57f9ac02083d5af0fe72b1417cf3070a195497f03d6f492e87b1ed3f570de7ea7c814c995a1530e32610d9570f31a480648f4062e8d3287be8f
-
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6691DB7C0375-0001-136A-29C08961211BSessionOS.json
Filesize55B
MD55caea4b68c57072f7f52a5a41720566c
SHA14d9712f1702c7238949da43f7d8ae6efb233a666
SHA2563223857b618b924c2b0fbc7bfb373a1aacf300a7b5ab585e18fffcf19039f363
SHA512fe1455d21c521aeae3292bdcc386f6d2005dc253930c03e44dbcb972f96b849670d2aba039ea59e1a5ebc0350e6315151d17bcda55c161a62987d4bb01e91f9f
-
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize4KB
MD5459f585e357bb40ffa20d7ee60569fc5
SHA1e3ebb44ee6dea99362c395e3f22f7acbda041aea
SHA256e94d454e33f47fab0e3470fdf20bdeb16989dd314f87dceacfe132105c4b1fe7
SHA5121203f61329c3e44abf407eb2268f7660cd2f9d368dff5cadb66d85246ba6c5a0c763e9680b28384dd2ce145bb3ec6e57561ebbee8ee26ed974f9f63fe35f8380
-
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize449B
MD592758adf2600b0029e82de77f44659cb
SHA166ad143de7f56bd84090079e2cfd6ec6cb7a65cc
SHA2564258d6b1273bcdfd9677f8326e0fa59dba8e94532d9987b9b64747ccf3a55ccd
SHA512f0bf1c921ecae1b2dc362b8f51eb9ff7f069858e881064c005fc04a1bea212b483261bd5b478dfdc518f7113ef13bd6512408346d11c4acc15b1e4805117a4a5
-
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filesize16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/data/net.dinglisch.android.taskerm/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_dc6d9ff9-fa03-46ab-82c6-214aefedd067_1720834941349.tap
Filesize359B
MD5b70af28c6ad80a3b7f6373585b14b50c
SHA18d4296c3fdd2361b389468f6add681cc24503759
SHA2565288f64242d37f35875c4516b879a37107fb5117f221a37d1f9300bc13f5f0bf
SHA512093bf53276874ee61c781f46be5236142b33d840e217d4883ef6d68e4de2d3775f683f246b482d0899b9ee8c067f093dd912b38cfce4db8f01d9a3fef00c4995