Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
63s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
29/08/2024, 18:30
Static task
static1
Behavioral task
behavioral1
Sample
c96215a2c12bc04b7cd9550ac41cdd4e_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
General
-
Target
c96215a2c12bc04b7cd9550ac41cdd4e_JaffaCakes118.apk
-
Size
5.1MB
-
MD5
c96215a2c12bc04b7cd9550ac41cdd4e
-
SHA1
f0e006791504b3d3c4c30a5035c04a595b5a3c01
-
SHA256
4de6211ee099e7113061d07099012d1d682d7773dc1c19b7518e07fb35418f4b
-
SHA512
70afd35eb72e16155db4738e1856c43f9e8a5c7f389dcf6f9f21f712768792bc7e36989e6f6606f5752dfa66c629ab38770399d7ee698cec153086aae775d47a
-
SSDEEP
98304:1AYS3r3emJMmp3XYbv0cepQlc9sn7ZEiuD9YBI+Z1xtv6QNyBebZ3t4L16ZQN0aA:Sr3XJMmpHZiuhUgeb5t6N0aDpjXds
Malware Config
Signatures
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 13 alog.umeng.com -
Queries information about active data network 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.popuapp.popu Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.popuapp.popu:bdservice_v1 -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.popuapp.popu Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.popuapp.popu:bdservice_v1 -
Queries the mobile country code (MCC) 1 TTPs 2 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.popuapp.popu Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.popuapp.popu:bdservice_v1 -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.popuapp.popu -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.popuapp.popu Framework API call javax.crypto.Cipher.doFinal com.popuapp.popu:bdservice_v1 -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.popuapp.popu
Processes
-
com.popuapp.popu1⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4253
-
com.popuapp.popu:bdservice_v11⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4296
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD5f1d001a1b996267afbafb5d06f3bdb64
SHA188719934b06b45fb637e58411227a482f51650b0
SHA2562f0bf88d7f7a806748f7aa273d16e1391d0bb40ba71ff209199e6a5b35d1ecd8
SHA5127c5e2871eb4790374bafd3ff6995dad4ef613cee7f6854b4d61e4df08fd122f8bcef6457ceb56970d88a7746bcaa5655db9e52754ad125d3280f71a06be23a89
-
Filesize
32KB
MD53da45631aab448b669c72574900b1128
SHA17f3b31298369fd84ee8a8a1d123fdfb5ee08dcbd
SHA2561c648a92cc4d0e728475c200458bc725fe20d46f23d5f43b627a2946ae9e132e
SHA5123d91430b86284e5552004fe2c9493410291674a39c954271d2d7ecd7bcbd5c070dc83dbd3d8ea49b1f36b81012eb10d3c52aa513dd014bbf40bca4463b698629
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5886c7197a984b37300f5c4aa945df17e
SHA1c50b9fa71b09bd4cd73f8d2901d8bd7b7ed28357
SHA256f3278dfbf523733a7fc6cf0c7e207fc90cadc35758105a09314ece096dff7da9
SHA5120b5d9ac4f844186079c94d833ab73158de811138fa5317be4ab406f9058eec2a2e238d5f4b5314d180c176949db06852a571db72dd07f85a3c97a09bbb0dc291
-
Filesize
199B
MD54f8ee865643305522ecdbdb5f82b4f3f
SHA1d03f72767afb813746cb10ddb009c12ec6184239
SHA256082c31e1f4781a67cc3f80787c3a1488ceae1925cb7d74015233faa0bc12d42e
SHA51259ec89d20d6e5a598051981e0762473311e8cb52d7b5596c75c2329cf00f192f4c64e63ffe9a989db6b767abf5a72c2902e122bf88784558d753c6c3251bb739
-
Filesize
31B
MD567f7df6ae01ab89b2b63ecee72533625
SHA11675cf510ec2444fe092ee52c3b291e307cceb15
SHA2569d24995a8b7d2106fae71e505390f841c62bcc0470712fc3e59c566d4cbe2014
SHA5123f6230161216a04964f13781d1e40a1e9b65578894ba5df52ce4665f1d865e9d07aafedbb2a9d1d458ff475aea0ab71c3001f2d86c761ebc30b9bcc64d81d93f
-
Filesize
89B
MD5ce40aa021ea0fa6b4af5752fe39370fd
SHA15c6d3c555b65ba963457a75ec7ff3016f085aa51
SHA2560e4a70550046fed0efc7fd88c307233af32de2cca53fcc9f528d0321d0915037
SHA512cb5926b599c29960f99b5123a8751a5debf1a2a71035b15c5e91ce5593470233e685a2538644554158e1afbb8fd405367da4db4960c12f98c18e409abaa863de