Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

6

ddae921fe4...18.apk

android-9-x86

7

ddae921fe4...18.apk

android-11-x64

7

Analysis

  • max time kernel
    64s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    13/09/2024, 04:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ddae921fe4c3f308b49720e0e5de5373_JaffaCakes118.apk

  • Size

    3.6MB

  • MD5

    ddae921fe4c3f308b49720e0e5de5373

  • SHA1

    4d5565280fe8aafe3a8cbdb5cabfae699c3e581d

  • SHA256

    2ae8b9266e6fd8e2a840692ffa3fb5728332660be61ee80e123605fd28922912

  • SHA512

    48cb90790269a1fb00d3febac770b127af3c137d40f8aae661e2dcbcfbb32fe41317142f3b06059b15e9a3d59b7a39e9d09bba81010356469d59db6f4195c559

  • SSDEEP

    98304:Q0JZyHWsnx/Qg4WjhVKn85gVNanW8tP7x9xS8062G:dZyHp4WDKNanTP7xLt062G

Score
7/10
collectiondiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Requests cell location 2 TTPs 3 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 2 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.dfxw.kf
    1⤵
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:4308
  • com.dfxw.kf:remote
    1⤵
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4339

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.dfxw.kf/databases/work-db
    Filesize

    4KB

    MD5

    28f1a8031aba175c92e6a325a7110c0b

    SHA1

    08b86d72160154cbb8ee5eecb25fe32030d0859a

    SHA256

    c49a273d1fd096fccabad2ed99f57e2c718b680d779643248fcf69f7b998911b

    SHA512

    03fa84848b2183034249b2e7ef7d8bdfbf1f6102f8abef1c0533d1a9583f8e0668f35ad5055bc1621250c7cd7d0845505d0a784bd7755737c20d11471a0b4031

    Download Submit

  • /data/data/com.dfxw.kf/databases/work-db-journal
    Filesize

    28KB

    MD5

    0d3e99204c6401ea499fe9e6d9855497

    SHA1

    09829f00ca458eab7374d5079393a2cd69a2348a

    SHA256

    63ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca

    SHA512

    8d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68

    Download Submit

  • /data/data/com.dfxw.kf/databases/work-db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.dfxw.kf/databases/work-db-wal
    Filesize

    52KB

    MD5

    f6d5d9b23b881d8d88f709b26721fab6

    SHA1

    f2d80511c739830ca352f97ded086ad9a333e915

    SHA256

    a38426baf551577316b57f2e32a145523c1772492221b9e8297e5f959301e262

    SHA512

    f05ed7bcf4098d4c637ac30fb3a655faceaed5e7845cad8c079cea36aa8c1bbd03801eb4ba3a454ba56fb3b2ef6b5df1ea7fdb4cb9cca36de229cfe124e06d9c

    Download Submit

  • /data/data/com.dfxw.kf/files/.umeng/exchangeIdentity.json
    Filesize

    512B

    MD5

    0d3e027df6d10e9e8644ba56746ca9ae

    SHA1

    39724932409b00c0d364084dac02801fc39c1718

    SHA256

    812a3f87516dbad0dfe7456eb88693e57114db0f694b23f8a95bd08838d82c82

    SHA512

    fb53245f65eb2f19280cc64f9e7fa5cce5caaa83bf85e55adbfef16accc23aff5fe7fb4cd5ca865c85c774bc97af44aeb3ba6f8b830c92ebeac9896fcc55fe67

    Download Submit

  • /data/data/com.dfxw.kf/files/lldt/firll.dat
    Filesize

    76B

    MD5

    465868fff8651144b8b4c96c37b90527

    SHA1

    111e2072193c32c9596d784c76c2717e46c24831

    SHA256

    f566a1bf6324212d7a456905a4feb9e45c869a7a6c9098fb8dd70bdaa273b9f5

    SHA512

    fbc950810f12f55b11cfc6363609086a58d871127b429bc77eac574e287a97be6082e7f36da82b0a75201a420970081d06bb4efbd3efa9c86199ce62d23660fe

    Download Submit

  • /data/data/com.dfxw.kf/files/ofld/ofl.config
    Filesize

    235B

    MD5

    660a268fd33b5030ebe476f7adbd5e23

    SHA1

    fe881edfb8b6110d0dbb31ddccf01613baf613d7

    SHA256

    4b62a7b1d03f411263903ac94c7c5c878ba8bcddc6a900a37f5d4ed047b1add8

    SHA512

    53e3acbf5f25b387752f176be8e15384f1522d3e61921b8093ab4b97307ac30a6ab78444da1bcf37bf04f39ace22599653ea25bdbe28b68cc9e67cf965ca9c2e

    Download Submit

  • /data/data/com.dfxw.kf/files/ofld/ofl_location.db
    Filesize

    4KB

    MD5

    99ceec5180397f4840f477efa7112e7a

    SHA1

    9a52b9d0bcd1fdf83e3f8f3dfa260a4ab8280617

    SHA256

    07cde071763407a98d4d5458785ad9002f8286cb50e5a31f3f4e7ee4c584d6d4

    SHA512

    476bfba5da8c48a848fcc14522fb226cab152cc75d0e08b4975685291dfd2783ab9ef0b410eb7987476d89732f170d4d2ca29811788507d53f083a88803e5b01

    Download Submit

  • /data/data/com.dfxw.kf/files/ofld/ofl_location.db-wal
    Filesize

    48KB

    MD5

    266891deb1e2858025c151fa09037cf6

    SHA1

    4363c7207c6aae841d27ad79a8c5baf39f51cda9

    SHA256

    10be28cde8f0dc5f87095b3760c1bd406770c563ddde87b27a83d651302894c2

    SHA512

    1de0cd5ff617bc60c778338d1bb94ecae9e6c72930645878eec428c32dcd6497775c651beebbc293b4fc9725f4dae4cb70a4bff7656fa28a7ffc54c29694d783

    Download Submit

  • /data/data/com.dfxw.kf/files/ofld/ofl_statistics.db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.dfxw.kf/files/ofld/ofl_statistics.db-journal
    Filesize

    512B

    MD5

    a7c7b343a58af24112a02bf8d21cb42d

    SHA1

    50767452f114fbdc12d6c82794bdeddcb855b208

    SHA256

    d97361424fb008ed67d7a9e8989a6bd7739ec34a51912d2a230f1be6f035b032

    SHA512

    fa6f61e869c382dd43918e4fab1a4c5fa9bb8efebb8ecee5630b9de0f627357b9cfb7c60017fab01226ed5c43fdc45010f03207bacc83faae718cfd55e704333

    Download Submit

  • /data/data/com.dfxw.kf/files/ofld/ofl_statistics.db-wal
    Filesize

    156KB

    MD5

    4da814a266a8a3baa447664b3da01bfd

    SHA1

    ab7b114948b557f262f2f62d8b6655621540eeb8

    SHA256

    514b1e3642bda5e5c4df3f0c93d9046e033f0c93d9a3e4127371d8aec04f71dc

    SHA512

    93c7ccda4df7413c41eebccd423734ff5152fe84d1862dd75bd6260dd13d4c0fb74399c772f782f5bed622125343040b5525b4f32579873ae141fceb61288f1c

    Download Submit

  • /data/data/com.dfxw.kf/files/umeng_it.cache
    Filesize

    415B

    MD5

    2c668648c0a1fd6fdfbcd636feb11a93

    SHA1

    58bf8bb821fd41ef0ee143a91a4a4472a19d158f

    SHA256

    93550f5ab9a23266e34bec56599253dc58ceec4120e9aa8f4b351d0a21bfae91

    SHA512

    c01e98623834c02bf2627a3e6e951f7e239eb2258d999a32a39bca15a0a2b39bdf2b311c413d0bec3c04668409d49627ed878cf06074d5f88f9bbbb58cbde13d

    Download Submit

  • /storage/emulated/0/Android/data/com.dfxw.kf/files/baidu/tempdata/conlts.dat
    Filesize

    12B

    MD5

    8d80bc8ea90e9cac010d3ddf97bda5f5

    SHA1

    f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

    SHA256

    f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

    SHA512

    9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

    Download Submit

  • /storage/emulated/0/Android/data/com.dfxw.kf/files/baidu/tempdata/conlts.dat
    Filesize

    148B

    MD5

    abe7502b358c5871df038e8c6f347892

    SHA1

    9f25dc7568742778869347c1deab6af68ab4dc40

    SHA256

    f253c9952c0cc00bf5cffc6bb63157b2235fb5decc4f335c9610291ce457a5bc

    SHA512

    5a23944c35437f60565755a4642d815879891609a9e71ad5e1347fe374f3a03a1683812ca6f09835964c0535f0bae436d6d0242e3ecfbeae5f22da2a6457868b

    Download Submit

  • /storage/emulated/0/Android/data/com.dfxw.kf/files/baidu/tempdata/llg.dat
    Filesize

    24B

    MD5

    161557b06b4a4d3ce095528dea370eb7

    SHA1

    8bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f

    SHA256

    f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4

    SHA512

    96ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449

    Download Submit

  • /storage/emulated/0/Android/data/com.dfxw.kf/files/baidu/tempdata/llg.dat
    Filesize

    438B

    MD5

    6cc4d151168d179c3c0035ba1e38a558

    SHA1

    3d6786b70880676ee049e407139e013a235114c2

    SHA256

    fd4dba20b59d38b8ac8ccb30ee0e9a1999bf921daffe58797fedb2ce70127986

    SHA512

    a8dc73b69ac02c36f69282c18a89c93bbceab105b7f31ee253ce644fb162e4b1c4294068381acd60d785feb287242325b7a8dbb04b6125f0c005898516c560a9

    Download Submit

  • /storage/emulated/0/Android/data/com.dfxw.kf/files/baidu/tempdata/yoh.dat
    Filesize

    24B

    MD5

    a936690571e9104e1922dda4a0ba5bd1

    SHA1

    65f49c57edde2f96be2a1dbdfc3f7351f1e66554

    SHA256

    f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412

    SHA512

    3be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394

    Download Submit

  • /storage/emulated/0/Android/data/com.dfxw.kf/files/baidu/tempdata/yoh.dat
    Filesize

    24B

    MD5

    1681ffc6e046c7af98c9e6c232a3fe0a

    SHA1

    d3399b7262fb56cb9ed053d68db9291c410839c4

    SHA256

    9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0

    SHA512

    11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

    Download Submit

  • /storage/emulated/0/baidu/.cuid
    Filesize

    89B

    MD5

    697097f61427cbd07ccbfa7f761330c3

    SHA1

    a397dfb86a5a94f2b996392532cc9efae56979bb

    SHA256

    0c0f1ebca58a2382576933da80f63fe08594920dc5897f44c27215ce8c453265

    SHA512

    dc6dfeea9c67da280df252e84732b5caf7314034cc8d8d0d18bd96e5406f1cfbd59a40798f1c8fabb1bbd152096f26f800b40806adf5bffe9ec65d4d260fc45c

    Download Submit

  • /storage/emulated/0/baidu/tempdata/lcvif.dat
    Filesize

    96B

    MD5

    b56bea2b93b101c82357397257b6885b

    SHA1

    6d34d82d601af5932cad111f2776692864f6c5ca

    SHA256

    9dcedc5be7ec187d8984e8429f6d7d84fb31e3ccbc81da3ce3d8223831f88aab

    SHA512

    7239e534054ed9e1ce274b3d183e55dc87828b27d02ea3539cb2e115dadd2a775838f00bf76df11eb87ed2d48f27c7ddaa9dc45a4d06db857c0b05c33225addf

    Download Submit

  • /storage/emulated/0/baidu/tempdata/lcvif.dat
    Filesize

    96B

    MD5

    10111f91b730824ce772edd512afdf77

    SHA1

    caa5fa0c3f86be54ebc996826eddc356db0e57b8

    SHA256

    daed8dae3b1cb967602c7056ba9cf3d786404655b1d8bf5306d000648982fda1

    SHA512

    869165e3a7c1308ac92caed5a6d316e173caa425a60473d33ae5fe19afae59934bd6223e647a25501e2a860e964544e2bc1a40b8e1fa1f94c170ca4871a6241f

    Download Submit