Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
63s -
max time network
143s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
29/08/2024, 18:30
Static task
static1
Behavioral task
behavioral1
Sample
c96215a2c12bc04b7cd9550ac41cdd4e_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
General
-
Target
c96215a2c12bc04b7cd9550ac41cdd4e_JaffaCakes118.apk
-
Size
5.1MB
-
MD5
c96215a2c12bc04b7cd9550ac41cdd4e
-
SHA1
f0e006791504b3d3c4c30a5035c04a595b5a3c01
-
SHA256
4de6211ee099e7113061d07099012d1d682d7773dc1c19b7518e07fb35418f4b
-
SHA512
70afd35eb72e16155db4738e1856c43f9e8a5c7f389dcf6f9f21f712768792bc7e36989e6f6606f5752dfa66c629ab38770399d7ee698cec153086aae775d47a
-
SSDEEP
98304:1AYS3r3emJMmp3XYbv0cepQlc9sn7ZEiuD9YBI+Z1xtv6QNyBebZ3t4L16ZQN0aA:Sr3XJMmpHZiuhUgeb5t6N0aDpjXds
Malware Config
Signatures
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 33 alog.umeng.com -
Queries information about active data network 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.popuapp.popu Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.popuapp.popu:bdservice_v1 -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.popuapp.popu Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.popuapp.popu:bdservice_v1 -
Queries the mobile country code (MCC) 1 TTPs 2 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.popuapp.popu Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.popuapp.popu:bdservice_v1 -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.popuapp.popu Framework API call javax.crypto.Cipher.doFinal com.popuapp.popu:bdservice_v1 -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.popuapp.popu
Processes
-
com.popuapp.popu1⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
PID:4447
-
com.popuapp.popu:bdservice_v11⤵
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4502
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
MD5f1040f900655bd8c504489a500535da2
SHA1e5f7ad6a676aeb58d684061c6bd348176aaec43c
SHA256048ae812b94926cda500466aa2d3b057c7491188922ce3f4710c9fc61bb806d7
SHA512cf75ee084bb32def0ac222a26b57f09881f3732ca502448ed93657aa6b3b716d0dd2cc9b827e27346f2acf0664f7f0eb5551c50e6116b574a2ceb3db5a99069d
-
Filesize
12KB
MD519b38af4b4f1b062c425e847299ce18d
SHA154320cff464ac0af73fe50bc3b46db94a20db807
SHA256f2d9342f1c0ec52fa27efa3315b84c7b5bc7de1e86f25a21a417871fa64f9200
SHA512992af38efdd18a104dd88229a1e312d24a1154acb79b49a0a708e5b2f505b2e1dc7df8f50955ed51e0cf63d8626d7800e18e53512e318094a979b81f7488031d
-
Filesize
512B
MD5aeac35416f43e8a69aed076b766a6057
SHA1127b291e81872b7ac906ae5c8ef037fe44509d14
SHA256148079df446288235cefd2dcf5e6894ac129cbbd18152d091fcf4af3547ca24a
SHA512ae13fe4c52dfbe267cd04c1c4ec6979f4632c888561844741f57bc508a1845f5f54ca760c5213e179a84b29dd9876276310df22fff891c2ef9ab131016129b54
-
Filesize
8KB
MD56efeda4243972c5915ec1a5a3edb8669
SHA1334c9133a49f9b9235f793bc9ef1974eda29a30e
SHA25620c5347bcbfe28f50073597ec95d6aca3a64b0403dd308d9e5c25b0f6bd3faef
SHA512f4b8034cf099bb097975147f9ac3543801d96649f5fee91c4501d3a6915ef583257320e2b21309a3de368f01033d25718a44d3d7ecaa1891864ade9f8ee675c3
-
Filesize
31B
MD567f7df6ae01ab89b2b63ecee72533625
SHA11675cf510ec2444fe092ee52c3b291e307cceb15
SHA2569d24995a8b7d2106fae71e505390f841c62bcc0470712fc3e59c566d4cbe2014
SHA5123f6230161216a04964f13781d1e40a1e9b65578894ba5df52ce4665f1d865e9d07aafedbb2a9d1d458ff475aea0ab71c3001f2d86c761ebc30b9bcc64d81d93f
-
/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat.db
Filesize40KB
MD511c6976b17de51fb4d67c8f016d43da8
SHA168508b5c886be7f5a6ead6612cb92dcb292fa657
SHA25699893ad9d26a12f46e7c12a00331bb320c43ffe03875acf413f3176756f2d7a8
SHA5121845f04c78bae64ce8f5464dd57b64854323fb86434e15ed72d018b8b59f6a6b8c06d44acee7699c091ba63206a34d20acb78a8e7ecb66281136b4726c8908dc
-
/storage/emulated/0/baidu/pushservice/database/storage/emulated/0/baidu/pushservice/database/pushstat.db-journal
Filesize16KB
MD5e0f95f6e1bcc6284d2b59657afdf6c7e
SHA1649f3bcd4aa1be2033e84e8be38aa8f0602be46f
SHA2566515472e25bc3e350d64f898f2308bcfb8d33267f2b55dfc3be044c9482ad808
SHA512d3673a81c29876ffbd9f0f254e8e4abff7f2e9535f2164b9c7cc93ee9142cc9743f04c00e3c46e401134b1e6767a00dfcbf278075118501844521201f5b95333