Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    63s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    29/08/2024, 18:30

General

  • Target

    c96215a2c12bc04b7cd9550ac41cdd4e_JaffaCakes118.apk

  • Size

    5.1MB

  • MD5

    c96215a2c12bc04b7cd9550ac41cdd4e

  • SHA1

    f0e006791504b3d3c4c30a5035c04a595b5a3c01

  • SHA256

    4de6211ee099e7113061d07099012d1d682d7773dc1c19b7518e07fb35418f4b

  • SHA512

    70afd35eb72e16155db4738e1856c43f9e8a5c7f389dcf6f9f21f712768792bc7e36989e6f6606f5752dfa66c629ab38770399d7ee698cec153086aae775d47a

  • SSDEEP

    98304:1AYS3r3emJMmp3XYbv0cepQlc9sn7ZEiuD9YBI+Z1xtv6QNyBebZ3t4L16ZQN0aA:Sr3XJMmpHZiuhUgeb5t6N0aDpjXds

Malware Config

Signatures

  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 2 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the mobile country code (MCC) 1 TTPs 2 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.popuapp.popu
    1⤵
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:4253
  • com.popuapp.popu:bdservice_v1
    1⤵
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4296

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.popuapp.popu/files/.FlurrySenderIndex.info.AnalyticsData_MX8BBPJMW3M76YWT8SMF_157

    Filesize

    72KB

    MD5

    f1d001a1b996267afbafb5d06f3bdb64

    SHA1

    88719934b06b45fb637e58411227a482f51650b0

    SHA256

    2f0bf88d7f7a806748f7aa273d16e1391d0bb40ba71ff209199e6a5b35d1ecd8

    SHA512

    7c5e2871eb4790374bafd3ff6995dad4ef613cee7f6854b4d61e4df08fd122f8bcef6457ceb56970d88a7746bcaa5655db9e52754ad125d3280f71a06be23a89

  • /data/data/com.popuapp.popu/files/.FlurrySenderIndex.info.AnalyticsMain

    Filesize

    32KB

    MD5

    3da45631aab448b669c72574900b1128

    SHA1

    7f3b31298369fd84ee8a8a1d123fdfb5ee08dcbd

    SHA256

    1c648a92cc4d0e728475c200458bc725fe20d46f23d5f43b627a2946ae9e132e

    SHA512

    3d91430b86284e5552004fe2c9493410291674a39c954271d2d7ecd7bcbd5c070dc83dbd3d8ea49b1f36b81012eb10d3c52aa513dd014bbf40bca4463b698629

  • /data/data/com.popuapp.popu/files/.flurryagent.-fe6c940

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.popuapp.popu/files/.flurrydatasenderblock.b348d4f8-ffa1-4cd0-a239-e2a09375b68a

    Filesize

    512B

    MD5

    886c7197a984b37300f5c4aa945df17e

    SHA1

    c50b9fa71b09bd4cd73f8d2901d8bd7b7ed28357

    SHA256

    f3278dfbf523733a7fc6cf0c7e207fc90cadc35758105a09314ece096dff7da9

    SHA512

    0b5d9ac4f844186079c94d833ab73158de811138fa5317be4ab406f9058eec2a2e238d5f4b5314d180c176949db06852a571db72dd07f85a3c97a09bbb0dc291

  • /data/data/com.popuapp.popu/files/mobclick_agent_cached_com.popuapp.popu

    Filesize

    199B

    MD5

    4f8ee865643305522ecdbdb5f82b4f3f

    SHA1

    d03f72767afb813746cb10ddb009c12ec6184239

    SHA256

    082c31e1f4781a67cc3f80787c3a1488ceae1925cb7d74015233faa0bc12d42e

    SHA512

    59ec89d20d6e5a598051981e0762473311e8cb52d7b5596c75c2329cf00f192f4c64e63ffe9a989db6b767abf5a72c2902e122bf88784558d753c6c3251bb739

  • /storage/emulated/0/Android/data/com.popuapp.popu/cache/images/journal.tmp

    Filesize

    31B

    MD5

    67f7df6ae01ab89b2b63ecee72533625

    SHA1

    1675cf510ec2444fe092ee52c3b291e307cceb15

    SHA256

    9d24995a8b7d2106fae71e505390f841c62bcc0470712fc3e59c566d4cbe2014

    SHA512

    3f6230161216a04964f13781d1e40a1e9b65578894ba5df52ce4665f1d865e9d07aafedbb2a9d1d458ff475aea0ab71c3001f2d86c761ebc30b9bcc64d81d93f

  • /storage/emulated/0/baidu/.cuid

    Filesize

    89B

    MD5

    ce40aa021ea0fa6b4af5752fe39370fd

    SHA1

    5c6d3c555b65ba963457a75ec7ff3016f085aa51

    SHA256

    0e4a70550046fed0efc7fd88c307233af32de2cca53fcc9f528d0321d0915037

    SHA512

    cb5926b599c29960f99b5123a8751a5debf1a2a71035b15c5e91ce5593470233e685a2538644554158e1afbb8fd405367da4db4960c12f98c18e409abaa863de