Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
179s -
max time network
156s -
platform
android_x64 -
resource
android-33-x64-arm64-20240624-en -
resource tags
androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system -
submitted
12/08/2024, 06:26
Static task
static1
Behavioral task
behavioral1
Sample
8da944f74aebdeec26b05ceb37ff0d24_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
8da944f74aebdeec26b05ceb37ff0d24_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240624-en
General
-
Target
8da944f74aebdeec26b05ceb37ff0d24_JaffaCakes118.apk
-
Size
24.3MB
-
MD5
8da944f74aebdeec26b05ceb37ff0d24
-
SHA1
3d94bc5ed196ce1e253a301fd625013bd86561cd
-
SHA256
4e504f2bfc5c55253613dc091697c9e906aa833d8c681b3beb18c3e21600afbd
-
SHA512
28291de744ff48ace18e7ddaf4206171110c5306f185ce1a506b15b2260c6cd2f4239476acfaf7028ebd166890e7a179428f166321c1bc6852357ee87b7a5a95
-
SSDEEP
786432:SlNADTdfS6ol6nzSofe15izq/yM5d0+phbh:SlNA3k9lOmoql/yM5dvhbh
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 3 IoCs
ioc Process /sbin/su com.mmo.android /system/bin/su com.mmo.android /system/app/Superuser.apk com.mmo.android -
Loads dropped Dex/Jar 1 TTPs 10 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.mmo.android/app_working/facebook.dex 4345 com.mmo.android /data/user/0/com.mmo.android/app_working/yandex.dex 4345 com.mmo.android /data/user/0/com.mmo.android/app_working/adcolony.dex 4345 com.mmo.android /data/user/0/com.mmo.android/app_working/vungle.dex 4345 com.mmo.android /data/user/0/com.mmo.android/app_working/flurry.dex 4345 com.mmo.android /system_ext/framework/androidx.window.extensions.jar 4345 com.mmo.android /system_ext/framework/androidx.window.extensions.jar 4345 com.mmo.android /system_ext/framework/androidx.window.sidecar.jar 4345 com.mmo.android /system_ext/framework/androidx.window.sidecar.jar 4345 com.mmo.android /data/user/0/com.mmo.android/cache/1664557424545.jar 4345 com.mmo.android -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.mmo.android -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.mmo.android -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.mmo.android -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.mmo.android -
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.mmo.android -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.mmo.android -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.mmo.android -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.mmo.android
Processes
-
com.mmo.android1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4345
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
274KB
MD5256cc19df120ca7656151cb749990a8a
SHA1a87a5dba2eacf71ba631e9e10475fc6854a19019
SHA25669be503bc8e9ddef4e7262f81ad12d069544bda6756f10d59c4f8061f68b581c
SHA512c17d8ff43e06fa593cb9aea46977178fc6c5eed8438d244fc96c1771edf35169fef6c3eab6d344cf5c8ac46d9fe41da89b17d479be9c41ee492d3fe20fca11df
-
Filesize
254KB
MD5bded5ff06b05d91bc98fa8444b9035e9
SHA1a55da71119c6c2ebac9c0b635c112900292cc2d3
SHA256c39d0a1069340803fd36de4e679ec864f8e5b15b3c3f114e3d0ccf105a9a2ba5
SHA512b0fb71452b2a98390af7c09f9a2a1f894d171a8c10d20efd88d4b0297f3918e7733bfe3c0880c346aba235bcec0bc824499472b84c554aa2909fa6f67cdcd917
-
Filesize
641KB
MD5323bc8808355cb3f103ddd69bdc68827
SHA1a1562b4b5a3d93315a56506c5b82448c9c711220
SHA256063d9bb14b2f8c90d9b876e6756e10d1bde67bff000224ddcc076f20555db1dd
SHA512452c4b8db3cddb33d56dee3460969addced4382ace85275b414f2276a7f04e05ac82e61548d6a3075c1b7e731f9114a2e95f053e6ef0d4fcac3705df83cb300d
-
Filesize
666KB
MD5037372059a90ea133b7fd0e740df3e04
SHA1122bc2f30bae8043f5c68af95a6c898313f5b74c
SHA256a6ecab5c3c0e321c565894ff3a08bdc0355540fea4fc0621ce16f7fbbd9b763b
SHA512e2e911f16ec4d9dae4b0ab98514929efa8c6993d626e51c127364eebfeddeaffbaeb2aa5981190bbb315065ea3eba970d5909c769fbe5c34c92ba5774f6daf3d
-
Filesize
313KB
MD56212fbe3065327953a1318a687ab02a6
SHA1d82e7d7398958dec5cedd78d7807045fc6e030c1
SHA2568c88aee708cdb9f46abb80d671c043470a9540e628d28e2b9a64a6de4f709070
SHA5124c6fff8722bb458f4d33bf064d28b6775c4b0123d35784fdd8146cbe74f0aa3b0d6446a47a6beebfaf4163fba83f9d3351d7ec1573b88d970b6bfa052f28a84f
-
Filesize
10KB
MD5dfb68e70e8eb84d844c9ce623ee069c1
SHA1369e761858a904fe9fb89efcfc9bd3e6e56ee44f
SHA2568ba015cb192f34326e6a46f765c6712d87c3797661541275c84b9a30ee449eec
SHA5120d5f8ff91d3cd5c976cadf774b8d5cd6f276793b9eb9f3d8e7168eae122b0bfcffd833be9762de441d4b52f7bb3eb3850479aea37ac327be9b71910c6fdc566a
-
Filesize
21KB
MD5722310b17c81cc3d780d23e1a63eb450
SHA10a0c1a939f923570e5da88aa5c7b105052f056e3
SHA2569f2d7ff525ca785553557c351812252c0beface31440517e2f19929fe76472b1
SHA5121a48e9383a0befb0c6b4755a8b56f352fba317910308f701e13ce8189c465cade6b0af510165d586745f1913a61cc68f91395949202394336a59c34596691a91
-
Filesize
28KB
MD52d6369c2aadf54583e28827cd93fbb22
SHA116677e586adbfb954578ba4168fb4faf57f2321d
SHA256ab357c3a06244d8d9d2ee436a630332e8dd4d920be0672f6e88f75569335fa1e
SHA5120a93cfa177412cb8ba6e2162ed7218c547801d95d5d482a23b9e7dcdd0dc7bba3816e609befe614f6315df8102e9fcdce3e254931f9f8d54e1016fe2fe24cae1
-
Filesize
512B
MD5a5dfd3124d4d8efd8b1a0351870b19b1
SHA12308c4bad26e10f7d6aa7cf6463d6a6ab99a7250
SHA256d211b1160b838ca1ad9c306cd409bc626104d80e50a2c75204c52a83ebd3324e
SHA512804b5f5a9b2f7d64944d7ac31fc6f7ba299639217c7ec40b6559c6b2f15fa1a0e3d7de8b81c7a387a4fd32f31b8de4bbd50ff0af0c7b476c63390158a4e39205
-
Filesize
8KB
MD5bd7ab4519115733b64d318d2a2bdc5d3
SHA1355b6320bf439db4fbe607ced9e6246b7d08db5b
SHA256ef8e4c0ab4d7aab722cd29acf498bae8baaef6e3365a45c8b4f04a89e4930956
SHA5123caa0082ca55cf8c8cba8a1f063d79e039c1b5468dc3cba267d32c2b1df165b3e9297c8863485ab110e7dcb3077fce7cc439c93c18e3409a6ff17108f4c88cd2
-
Filesize
4KB
MD5ea38dc42a666cd6f89d0950b49c86dc6
SHA15d0c69c5ce65ed17ceb8a6ad40b272ffdab8a442
SHA2569bfed04b692295c51ac8acf7ee67b50a5ce8ed0bdf0867256f101ddc366afe6a
SHA5120556b5772478f69eb192248e66b13cea03ae2f76069bd9831ac05b5f9b3775bf7db128b5bd2817d2938ba7ce12dea554ce86d6e2bc1cee2d7742481d587ce571
-
Filesize
8KB
MD514e4a88f22f829e3106e880e1262b90e
SHA1b623f7e791bb27a787bf48de1348a4d5f0b81168
SHA256566e1da226c672dc5b46244936045fb85c389c6909eb0001c06acb94bebc5f98
SHA512c44bc3f33d47ed46b12b49e0b4bf5226f6ea5619e49de89c96dec2eff83ad43b6e425e11ac74968751f45763b994a0ab8061cf3dae39ce78392686b11ce427e7
-
Filesize
8KB
MD53eff848bb0490b96f155f0791429cb61
SHA11eacd8f493cb79f43bb70eb718169cfa0f0a8d7d
SHA2569de1f698683b559ff9db65ad2fa3f4f5a87aa17f941010467f2d6c780b5516cb
SHA51227e2ff16f8c1a11cc022805508892ef09c5c909ce06ef4b82948569de4ac809ae5101066653496671d38b7a55a44ef2bd4a6acbd3a53773431d80413842c4cce
-
Filesize
5B
MD588278dd6f1c310e699905218a9161893
SHA1616e70e35b2ce06b150fb71911606ea34fa100b6
SHA256469abedf5797bb56f1afa35a227eba1d8f7b3e22c99426e527da4b0d839dde15
SHA51286b75a46ffbd2c5f9d3dc8c3a3ab8c52a5a93ae22c669c3f20b7a715be6875af0fdbe25e7899e6b4c8ec9d328b634d2674d5749c2174ad3af0e95b3483fbb106
-
Filesize
123KB
MD53056e1bdb7d4e19789d0319eff484bd0
SHA16791ae47aa9466fe0bca27ad6643f846853bbee4
SHA2568e6331a07c9f2ac139214c527dcaff2c82d126bbe7bd3420cdc36d6a8c9204b0
SHA512c790980fd68d9f89e32743bc28846807d5e5947c555f494de47714dec5cbd0c08d81c3260fa463759d1b17a953af3c44ec30b14fb08bf6b29db3837346c9f658
-
Filesize
25KB
MD529469324e59dfcc052f24b5af4e7b2c4
SHA110c1e17ac6f598037bb51baa07945663645de4eb
SHA2569195dc6a1c75a841384050240dfc972e48178964993fba6619788625f4b40d1a
SHA5125e27c2b1431369a248298f2f749136a575005584f9999f2a4c204a0c47adce2e33c8df9f058bdafa1bde1c99e46d175560cedfcddcd8581718ed1d9973c37cc2