Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d5e1f3ff3bdc1694db89c16fa5a99248_JaffaCakes118

  • Size

    11.0MB

  • Sample

    240909-jfv9daxdqr

  • MD5

    d5e1f3ff3bdc1694db89c16fa5a99248

  • SHA1

    a162a1c4c3aed92b35f22147a6e5bbf5f62a01fd

  • SHA256

    1509ce10b3640a4996571a12770c244653d66202ba7c614571ee4aeeb1ca946f

  • SHA512

    276039f07949fdb52ebcf86e5aa97674b4b5d6e91995838779971d285a90dbe4bab2e6bb843de85c2b233d8f9e85fbfbfc806a29473b398fedc8d70d95a63f15

  • SSDEEP

    196608:uifshTxmAu3/qaQRKv90wQAzyF5hfYTr8my3LR4AWmLmN4iMIA+yR1neJL7oBrIh:uXhTnu3CUv+w1z6x08d3LRtq+iWR18Ll

Malware Config

Targets

    • Target

      d5e1f3ff3bdc1694db89c16fa5a99248_JaffaCakes118

    • Size

      11.0MB

    • MD5

      d5e1f3ff3bdc1694db89c16fa5a99248

    • SHA1

      a162a1c4c3aed92b35f22147a6e5bbf5f62a01fd

    • SHA256

      1509ce10b3640a4996571a12770c244653d66202ba7c614571ee4aeeb1ca946f

    • SHA512

      276039f07949fdb52ebcf86e5aa97674b4b5d6e91995838779971d285a90dbe4bab2e6bb843de85c2b233d8f9e85fbfbfc806a29473b398fedc8d70d95a63f15

    • SSDEEP

      196608:uifshTxmAu3/qaQRKv90wQAzyF5hfYTr8my3LR4AWmLmN4iMIA+yR1neJL7oBrIh:uXhTnu3CUv+w1z6x08d3LRtq+iWR18Ll

    • Checks if the Android device is rooted.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

    • Listens for changes in the sensor environment (might be used to detect emulation)

MITRE ATT&CK Mobile v15

Tasks