Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    63s
  • max time network
    143s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    29/08/2024, 18:30

General

  • Target

    c96215a2c12bc04b7cd9550ac41cdd4e_JaffaCakes118.apk

  • Size

    5.1MB

  • MD5

    c96215a2c12bc04b7cd9550ac41cdd4e

  • SHA1

    f0e006791504b3d3c4c30a5035c04a595b5a3c01

  • SHA256

    4de6211ee099e7113061d07099012d1d682d7773dc1c19b7518e07fb35418f4b

  • SHA512

    70afd35eb72e16155db4738e1856c43f9e8a5c7f389dcf6f9f21f712768792bc7e36989e6f6606f5752dfa66c629ab38770399d7ee698cec153086aae775d47a

  • SSDEEP

    98304:1AYS3r3emJMmp3XYbv0cepQlc9sn7ZEiuD9YBI+Z1xtv6QNyBebZ3t4L16ZQN0aA:Sr3XJMmpHZiuhUgeb5t6N0aDpjXds

Score
6/10

Malware Config

Signatures

  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 2 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Queries the mobile country code (MCC) 1 TTPs 2 IoCs
  • Reads information about phone network operator. 1 TTPs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.popuapp.popu
    1⤵
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:4447
  • com.popuapp.popu:bdservice_v1
    1⤵
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4502

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.popuapp.popu/files/.FlurrySenderIndex.info.AnalyticsData_MX8BBPJMW3M76YWT8SMF_157

    Filesize

    8KB

    MD5

    f1040f900655bd8c504489a500535da2

    SHA1

    e5f7ad6a676aeb58d684061c6bd348176aaec43c

    SHA256

    048ae812b94926cda500466aa2d3b057c7491188922ce3f4710c9fc61bb806d7

    SHA512

    cf75ee084bb32def0ac222a26b57f09881f3732ca502448ed93657aa6b3b716d0dd2cc9b827e27346f2acf0664f7f0eb5551c50e6116b574a2ceb3db5a99069d

  • /data/user/0/com.popuapp.popu/files/.FlurrySenderIndex.info.AnalyticsMain

    Filesize

    12KB

    MD5

    19b38af4b4f1b062c425e847299ce18d

    SHA1

    54320cff464ac0af73fe50bc3b46db94a20db807

    SHA256

    f2d9342f1c0ec52fa27efa3315b84c7b5bc7de1e86f25a21a417871fa64f9200

    SHA512

    992af38efdd18a104dd88229a1e312d24a1154acb79b49a0a708e5b2f505b2e1dc7df8f50955ed51e0cf63d8626d7800e18e53512e318094a979b81f7488031d

  • /data/user/0/com.popuapp.popu/files/.flurryagent.-fe6c940

    Filesize

    512B

    MD5

    aeac35416f43e8a69aed076b766a6057

    SHA1

    127b291e81872b7ac906ae5c8ef037fe44509d14

    SHA256

    148079df446288235cefd2dcf5e6894ac129cbbd18152d091fcf4af3547ca24a

    SHA512

    ae13fe4c52dfbe267cd04c1c4ec6979f4632c888561844741f57bc508a1845f5f54ca760c5213e179a84b29dd9876276310df22fff891c2ef9ab131016129b54

  • /data/user/0/com.popuapp.popu/files/.flurrydatasenderblock.b7ac59a9-e4ba-4d28-9766-142718de05db

    Filesize

    8KB

    MD5

    6efeda4243972c5915ec1a5a3edb8669

    SHA1

    334c9133a49f9b9235f793bc9ef1974eda29a30e

    SHA256

    20c5347bcbfe28f50073597ec95d6aca3a64b0403dd308d9e5c25b0f6bd3faef

    SHA512

    f4b8034cf099bb097975147f9ac3543801d96649f5fee91c4501d3a6915ef583257320e2b21309a3de368f01033d25718a44d3d7ecaa1891864ade9f8ee675c3

  • /storage/emulated/0/Android/data/com.popuapp.popu/cache/images/journal.tmp (deleted)

    Filesize

    31B

    MD5

    67f7df6ae01ab89b2b63ecee72533625

    SHA1

    1675cf510ec2444fe092ee52c3b291e307cceb15

    SHA256

    9d24995a8b7d2106fae71e505390f841c62bcc0470712fc3e59c566d4cbe2014

    SHA512

    3f6230161216a04964f13781d1e40a1e9b65578894ba5df52ce4665f1d865e9d07aafedbb2a9d1d458ff475aea0ab71c3001f2d86c761ebc30b9bcc64d81d93f

  • /storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat.db

    Filesize

    40KB

    MD5

    11c6976b17de51fb4d67c8f016d43da8

    SHA1

    68508b5c886be7f5a6ead6612cb92dcb292fa657

    SHA256

    99893ad9d26a12f46e7c12a00331bb320c43ffe03875acf413f3176756f2d7a8

    SHA512

    1845f04c78bae64ce8f5464dd57b64854323fb86434e15ed72d018b8b59f6a6b8c06d44acee7699c091ba63206a34d20acb78a8e7ecb66281136b4726c8908dc

  • /storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat.db-journal

    Filesize

    16KB

    MD5

    e0f95f6e1bcc6284d2b59657afdf6c7e

    SHA1

    649f3bcd4aa1be2033e84e8be38aa8f0602be46f

    SHA256

    6515472e25bc3e350d64f898f2308bcfb8d33267f2b55dfc3be044c9482ad808

    SHA512

    d3673a81c29876ffbd9f0f254e8e4abff7f2e9535f2164b9c7cc93ee9142cc9743f04c00e3c46e401134b1e6767a00dfcbf278075118501844521201f5b95333