Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
178s -
max time network
134s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
28/07/2024, 01:03 UTC
Static task
static1
Behavioral task
behavioral1
Sample
0463719b17d6d11d364aefe067669468_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
0463719b17d6d11d364aefe067669468_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
0463719b17d6d11d364aefe067669468_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
0463719b17d6d11d364aefe067669468_JaffaCakes118.apk
-
Size
4.7MB
-
MD5
0463719b17d6d11d364aefe067669468
-
SHA1
e7dc170ecb885081a95c9ca6940bbb2b8c6d2ae9
-
SHA256
afe9d5ea1d5b43b83c35ec40464a1dbe05ffeb563c059cba0b8e153a90d87e08
-
SHA512
b97a43174028b3ded889f0f3c77947b847da2a45d81a8fd03b4057c7e1f3c3de91488c3c85beb99ecdca55ed55669e6418d05cc1b653676cd4a1afd1660aa8f7
-
SSDEEP
98304:38iFw0+DXKG6sgZOkLQphj3vmw+v+wzQNqttVbvqZKfGgp4JI:3B+7KG6Z4hrRe+wzhFbS4f4O
Malware Config
Signatures
-
Hydra
Android banker and info stealer.
-
Hydra payload 1 IoCs
resource yara_rule behavioral3/files/fstream-2.dat family_hydra1 -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/cxu.smnlgnhuqdihggdl.oxynkjgraxubptjtmitri/app_DynamicOptDex/yWmxt.json 4450 cxu.smnlgnhuqdihggdl.oxynkjgraxubptjtmitri /data/user/0/cxu.smnlgnhuqdihggdl.oxynkjgraxubptjtmitri/app_DynamicOptDex/yWmxt.json 4450 cxu.smnlgnhuqdihggdl.oxynkjgraxubptjtmitri -
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId cxu.smnlgnhuqdihggdl.oxynkjgraxubptjtmitri Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId cxu.smnlgnhuqdihggdl.oxynkjgraxubptjtmitri -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 23 ip-api.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo cxu.smnlgnhuqdihggdl.oxynkjgraxubptjtmitri -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone cxu.smnlgnhuqdihggdl.oxynkjgraxubptjtmitri -
Reads information about phone network operator. 1 TTPs
Processes
Network
-
Remote address:1.1.1.1:53Requestandroid.apis.google.comIN AResponseandroid.apis.google.comIN CNAMEclients.l.google.comclients.l.google.comIN A142.250.178.14
-
Remote address:1.1.1.1:53Requestip-api.comIN AResponseip-api.comIN A208.95.112.1
-
Remote address:208.95.112.1:80RequestGET /json HTTP/1.1
Authorization: 26a1b1020753576f
Content-Type: application/json
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: ip-api.com
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 311
Access-Control-Allow-Origin: *
X-Ttl: 60
X-Rl: 44
-
Remote address:1.1.1.1:53Requestgist.githubusercontent.comIN AResponsegist.githubusercontent.comIN A185.199.111.133gist.githubusercontent.comIN A185.199.109.133gist.githubusercontent.comIN A185.199.108.133gist.githubusercontent.comIN A185.199.110.133
-
GEThttps://gist.githubusercontent.com/freel4nc3r/c10c58f61cd0a4e1ad5e1b7a3c31fb77/raw/gistfile1.jsonRemote address:185.199.111.133:443RequestGET /freel4nc3r/c10c58f61cd0a4e1ad5e1b7a3c31fb77/raw/gistfile1.json HTTP/1.1
Authorization: 26a1b1020753576f
Content-Type: application/json
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: gist.githubusercontent.com
Connection: Keep-Alive
Accept-Encoding: gzip
ResponseHTTP/1.1 404 Not Found
Content-Length: 14
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
Content-Type: text/plain; charset=utf-8
X-GitHub-Request-Id: 31D2:1F6895:DC4B2:11AE32:66A598FF
Accept-Ranges: bytes
Date: Sun, 28 Jul 2024 01:03:59 GMT
Via: 1.1 varnish
X-Served-By: cache-lcy-eglc8600035-LCY
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1722128639.045704,VS0,VE125
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: f45e7e30c1581509eb252fea9e8be6d3a70b244a
Expires: Sun, 28 Jul 2024 01:08:59 GMT
Source-Age: 0
-
Remote address:1.1.1.1:53Requestssl.google-analytics.comIN AResponsessl.google-analytics.comIN A216.58.204.72
-
1.5kB 40 B 1 1
-
5.6kB 8.7kB 24 24
-
1.8kB 5.8kB 11 11
-
452 B 660 B 5 4
HTTP Request
GET http://ip-api.com/jsonHTTP Response
200 -
185.199.111.133:443https://gist.githubusercontent.com/freel4nc3r/c10c58f61cd0a4e1ad5e1b7a3c31fb77/raw/gistfile1.jsontls, http1.6kB 5.9kB 13 13
HTTP Request
GET https://gist.githubusercontent.com/freel4nc3r/c10c58f61cd0a4e1ad5e1b7a3c31fb77/raw/gistfile1.jsonHTTP Response
404 -
1.3kB 5.9kB 8 9
-
847 B 40 B 2 1
-
11.2kB 12.8kB 31 42
-
3.7kB 11
-
69 B 109 B 1 1
DNS Request
android.apis.google.com
DNS Response
142.250.178.14
-
56 B 72 B 1 1
DNS Request
ip-api.com
DNS Response
208.95.112.1
-
72 B 136 B 1 1
DNS Request
gist.githubusercontent.com
DNS Response
185.199.111.133185.199.109.133185.199.108.133185.199.110.133
-
70 B 86 B 1 1
DNS Request
ssl.google-analytics.com
DNS Response
216.58.204.72
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.9MB
MD50cb066c7a2a1249ee30d8b90b238402a
SHA15cbb73cd307d5c0ee7103fdd999bad8a46ee7bd0
SHA2562f6bd86c2b5b099e103dd4bce68a6381168252c2cc79877f6f98bc22c9ca452e
SHA5120f322b15d2118a5956dee6996c8eeeba704595e04de3f7196a3f64f2204cb430f257bb0c46242d16e9d9a6b6cf3e36888849707bbceb89fe25f9269ee677eda5
-
Filesize
2.9MB
MD5af3ef3631ec1dfc409b5b6386931ea4a
SHA198bbfc27653cbef6dd710ca9bcb3d99c4f650993
SHA2569016b8bd33393af5e6ae56386513afa0f67f6a664ad5f9f121895a76af963e80
SHA5123af0794561a7bbd07629c3a59c3205465e7c74d90f352fd1f5eb259ac32f13111f9cef80960348ba11b705f75c0cdcc91edc80a83b46df19e2398c526a409e7a