Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
32s -
max time network
152s -
platform
android-9_x86 -
resource
android-x86-arm-20240910-en -
resource tags
-
submitted
07/09/2024, 21:46
General
-
Target
d2e6e918cd652ec76f68081f48c23cde_JaffaCakes118.apk
-
Size
31.5MB
-
MD5
d2e6e918cd652ec76f68081f48c23cde
-
SHA1
fa9a154c389869c1d1710a27d0f301376aebcc94
-
SHA256
7e4d8e190af1c6ae27652c6c5e100dc47440c83932c4eb54bee1275a59acfd35
-
SHA512
17d08684fe304a32c3e587a967f7c604bf94389b301bb068eb1fba66e1b08c5e1aace835cc71ec94187ce244efe98d7b9ffa253cfa33aaab93025bd4c9e23b71
-
SSDEEP
786432:yb5MHgl62qHhXMnunshKyBRQWAfWddWCz5fFF:ynXOheW2bAfgd9FF
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
-
Loads dropped Dex/Jar 1 TTPs 11 IoCs
Runs executable file dropped to the device during analysis.
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Queries information about active data network 1 TTPs 2 IoCs
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.auntec.zhuoshixiong1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.auntec.zhuoshixiong/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.auntec.zhuoshixiong/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
-
com.auntec.zhuoshixiong:core1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.6MB
MD5c0233a8cfedb59cf89082b282257e774
SHA12c71db1829b78322d596203f2f4b88b88fd48de5
SHA25687f113eb6190618ad0973231337f5954f367b5347d40e8beb53f461deb8b71ac
SHA512ee83705a0e20c4974da42da8f995139abf89c5a11ab2f0951789a6e59a967cfb942a6b29bb2c53b57f98b72237faea059b107ab98fea9163681b781d449b1593
-
Filesize
6.6MB
MD5d3d736de6560c31f7baa9537def34ad5
SHA123de5344920c8d6e3d67e8b0561bf50810462a46
SHA2566eb8afbec9e4fa6b95e93558d77ab7d32994a719ff5faba8643aec600ae46b45
SHA512c590d189c2d3664678bee2880cc23d651e5c331429264d634aae87075b24ae3d58a1ac13d24ae9d44c06dd90a5f4fa95d1dd25915e3edbbf34aa2cd98d3e1284
-
Filesize
467KB
MD590f0aa5795df327c45b430b972e3e21c
SHA19f9136728988e3722daca146cf9344b8851df564
SHA256361510ebc931781b63c1df0df5cbfcda73025889f3349c9407e5190c03ab95e2
SHA51278a93d7460ff2f321d3559e6f04bd6543253d231442027e717dafe1fa08188e290d961550732edcc8329bd40b865db1d66874466bc960598bbc6cbd9d271b504
-
Filesize
475KB
MD55aea02f4e4c77fbf2e7a27f7ca9cc06b
SHA1522db1748608e9173547b29b7aa82ddc3542c534
SHA2565a1c513b347e2a929769e2be67552c1d591704f08f7b5590282b66cc2c7d7bd2
SHA5125c979a11f5e896829db906f533756efc1cf3c5a7e35ecc9e376a0aae818f2dada013441649feac2e188bd51affbbf35156e32fdc6552e185bddbc547f3850316
-
Filesize
64KB
MD5fcd6bcb56c1689fcef28b57c22475bad
SHA11adc95bebe9eea8c112d40cd04ab7a8d75c4f961
SHA256de2f256064a0af797747c2b97505dc0b9f3df0de4f489eac731c23ae9ca9cc31
SHA51273e4153936dab198397b74ee9efc26093dda721eaab2f8d92786891153b45b04265a161b169c988edb0db2c53124607b6eaaa816559c5ce54f3dbc9fa6a7a4b2
-
Filesize
284B
MD5f1771b68f5f9b168b79ff59ae2daabe4
SHA10df6a835559f5c99670214a12700e7d8c28e5a42
SHA2569f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5d2a67fc5080a6a8cc5cf531728a87b96
SHA1d813d3da7919b048aee3672df37ed8ed1b45faad
SHA25645c256da6b71b3552b20178d5c6125d15f8096c6678e55afb2252b213d7feab8
SHA5120332e5dc6ad5c2a53c0291af34337dab043c744091addbcdafe617bbd0d4ec896a278b741e4d04b9da78f869189a8026f071371be3dc29d3a07ee4accf797b90
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
132KB
MD554bc3c3beab85d9cc6d440c37eb08344
SHA156f508b47e08f97ac9d82d746ae67cc265548e53
SHA2560212962bd085edaec73f48834637a1cae39169925d74c1892877f7cbfe1e39a1
SHA512adf47eadd767b5bd075a3f346784c0fd0b95fdda9b42daa7919aa5aa8becba7e19da587fe673c2065623a22e28bbe445055672cd675bb1983132d06bb68c50d3
-
Filesize
32B
MD5cbb0eba2d93cbe69f24efb213909384b
SHA1dd1d3c919d9a93b0f00b5241167a7c8404165af9
SHA2561e77b3812490a12908c0945799a0a888782bdb6622d05efdf5fc34c3114d8981
SHA5128c022ad79d37e3f5c4771c09ec8d037f50820070474dd3196ab9005d4d137c41b95359d9170971ef5a76b8eca0b24f1fb7b2e3d982a94ea0f74560d4ffe49960
-
Filesize
32B
MD5861973367d07f48e2ce5880a6fa2024b
SHA1eb142e1ca0b40786c25b595f090a960057af467b
SHA256c8aef2c2d791bb2bee62cb03df7a076600eddb5f31070055e6e59cda0df4360e
SHA51262241c0c66f10e341ecbb4f1edf3f2ce1d76ab197f9115a1a1f0a19e21124de62a2665a33816a02517a9098d9985dd611613022d4ca02225888895f2f95c39c0
-
Filesize
73B
MD503ab27f889884a062c8174b9e7856fb5
SHA1d6348888d9eb300d90858bb5a0a6fc0e97474f8a
SHA2567de0b3445fb5829b7eee36c0321345f1aa163031a768adb628146c3abec1e129
SHA5123bebbb656750b8b5faf2a411c93885b869af687c925f3f83f6c17932ee9236d974fc3af20d7c0608caa7f77d6207d281446fbda2a84952fe9adf35137236ab2f
-
Filesize
307B
MD5a7b3fe8414a3d0a8ea663cd53d2a3026
SHA1884091ccfc73f6077c8b1e7a9f854e5a50191fe4
SHA25674981086a069f34be982d1e1f7d09c7752fcb25e3b8dd140f9ede405c0cd524e
SHA5120652e0467dc50256ecf76c6aa1f029f673b9ec4b320fde6c19cbe88af8bd1a49078d5b93487a29dd64f536ce2ae5523dd546b579400c271dc3b3fd4a33473ec6
-
Filesize
314B
MD5883007ee6591d3c67ef246a839b02a04
SHA104649f17ebd7ac55bfa257aa83dc9c0c16b9d157
SHA256df6fa21ad4276a07270da5b1cc66665ffbf6adf351af80ff3ed225b4c452f755
SHA512f5a234170953fc722cfdc2614eb6b6cb3450a7b31fe5876b301923a97c4db0348894550f7210674dd94fb32ba9fdfb8ea9ba26c82d8b1c71b821aaa8af64ae10
-
Filesize
32B
MD5b3af7ad7cba07d7595012612aa236388
SHA1aac811547e3eac9a6aa0433723806da19dfd5f35
SHA256cd6b3f592763b659bdb859b7657cbee0e8d366e0a9c28989db3423603a7f4545
SHA512d15dd8e60f486b3e0ba41196ff3c8afe356db686e625297ac1c0102e0045fe21b42dee0c379d71de77a87e54920853b9acbcca61b1af4e8649c5937527d447c2
-
Filesize
27B
MD50cc91cec9875ad0b345877ee3870fad6
SHA11bb4198c18e35b93ea9c905b90daefa44b9d2d0c
SHA25698cfdfc13eadb8317dafa1a19e49a8609abf365e9ffb2514e3bfd4811b838d85
SHA512a19c3fe3fe8e789d9bd5827e961e557c3585402cef5f353996fa27cee86c6cce4acbed94a5544917245a0a6c5068260fa6add8bbc7b4d8d84e6eee7bd1d632a6
-
Filesize
3KB
MD5424851cdb459972df6baf7e8efdd1009
SHA1926ab9b67c2f46b532804cad81d63cea0d1f5662
SHA25669f272454acc1568997bfa8c907c40e1db449bf5e10cb7237c8e42f9a97e72ec
SHA5129280010576a7774de30b4e3c39cb3951f5d15b4147bc66cb562a008e4226997f675567194939a9f48dab9bc1eb10a19cee56fe9a0559836bf9b3cc69a82b0d27