Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    daa3928804d44274b39ab59a0cfc27ff_JaffaCakes118

  • Size

    4.3MB

  • Sample

    240911-sqpc9axfkm

  • MD5

    daa3928804d44274b39ab59a0cfc27ff

  • SHA1

    c0debf305aa2e23316f4ab7c2417e8648f278efe

  • SHA256

    ac4db404f91cf289fb01be4fc3585414b013a5f8313639306a48c9096ea963e8

  • SHA512

    4decb4a3ef995cd3e84767c0fdfb84912e1d9634a5e6ffa539928cad407951fe75a0594eb96b02fddef8dac4f291431e2e292b631d1e94e5bdbac7013d630f07

  • SSDEEP

    98304:qYWeoZRiyP9GEQrwM9yi0XN4+VO4GGjXmsbfD/+A8Dy1ZU:qv1ZRTPJQrw7i02+VOEjWyfCibU

Malware Config

Targets

    • Target

      daa3928804d44274b39ab59a0cfc27ff_JaffaCakes118

    • Size

      4.3MB

    • MD5

      daa3928804d44274b39ab59a0cfc27ff

    • SHA1

      c0debf305aa2e23316f4ab7c2417e8648f278efe

    • SHA256

      ac4db404f91cf289fb01be4fc3585414b013a5f8313639306a48c9096ea963e8

    • SHA512

      4decb4a3ef995cd3e84767c0fdfb84912e1d9634a5e6ffa539928cad407951fe75a0594eb96b02fddef8dac4f291431e2e292b631d1e94e5bdbac7013d630f07

    • SSDEEP

      98304:qYWeoZRiyP9GEQrwM9yi0XN4+VO4GGjXmsbfD/+A8Dy1ZU:qv1ZRTPJQrw7i02+VOEjWyfCibU

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Acquires the wake lock

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

    • Target

      alipay_preset.apk

    • Size

      350KB

    • MD5

      b1305a5e4779e06a6c654258b02dfb15

    • SHA1

      f9e387482bc9649fba2aaf04ba6ae02334651223

    • SHA256

      258c17f04df6697fccf9ae1479f35543bd4a4081edda48a1ea2c37bc1b870e6a

    • SHA512

      9a3f94b5d38dfa8f7e6b24c0dde0b940e48a757e8634754f3c37050d826e620dfc1838c783d99e94f97b08dd7474d7b619a22d037d414300c3874476fdc90cfd

    • SSDEEP

      6144:5FeKnPt0/sEGId2fuRmlxLwEd0r2FfS4QlV7G8v9oKvFuQL2bBV2fnayx5:5FeKFFEGc2ymsMa4QlV7G8Ge62fnayv

    • Requests cell location

      Uses Android APIs to to get current cell location.

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Target

      huafubao.apk

    • Size

      289KB

    • MD5

      f85cf7fa8b498c833a7432ec70aeb7ac

    • SHA1

      30a89809790ad7ee687e374e6543f32ecb74c856

    • SHA256

      fbe72488ac9f404838175fb6eaf0212828ccda19f27f9a9f75f89ac4d753d466

    • SHA512

      11ef42f2bcbf5ff4429d72ab33f3e723002be330e797226f50b822d88be55078ca32b59099514919d3d36229947f5733b0aea3c08589d793de149afb762faeb5

    • SSDEEP

      6144:TbnpAKB42qBBaQWl8FjjKHG66ufzxD+CzygMT:OKBeBaQM8ZR69h+tV

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Queries information about active data network

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks