Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
24s -
max time network
150s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
13/09/2024, 18:08
Static task
static1
Behavioral task
behavioral1
Sample
dea19b2f2315cff29fd65e91d6c76055_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
dea19b2f2315cff29fd65e91d6c76055_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
dea19b2f2315cff29fd65e91d6c76055_JaffaCakes118.apk
-
Size
29.0MB
-
MD5
dea19b2f2315cff29fd65e91d6c76055
-
SHA1
71bdb4456e053fcc92142ea9963e15c88450c91e
-
SHA256
7aa4eda770abd36495dd407cbcab402abc8e18f3a32bb5e35f4a395c9c4c46c0
-
SHA512
33e0a101ed1587fa8464314d1e1050927ccf5f7a30576aeeb37a5f9bb5ed60a8e08c16544d5d8f144f7f9f78fdee94013232651db52f60d769701d22753979b0
-
SSDEEP
786432:3/L/ndghA9QtAQjr1xAYE+Pl8mnpROy3FED:3D/ndSA+RX1xW+N8mpRt+D
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 16 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/data/txunda.com.decorate/.jiagu/classes.dex 4244 txunda.com.decorate /data/data/txunda.com.decorate/.jiagu/classes.dex!classes2.dex 4244 txunda.com.decorate /data/data/txunda.com.decorate/.jiagu/classes.dex!classes3.dex 4244 txunda.com.decorate /data/data/txunda.com.decorate/.jiagu/tmp.dex 4244 txunda.com.decorate /data/data/txunda.com.decorate/.jiagu/tmp.dex 4276 /system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/data/txunda.com.decorate/.jiagu/tmp.dex --output-vdex-fd=43 --oat-fd=45 --oat-location=/data/data/txunda.com.decorate/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=& /data/data/txunda.com.decorate/.jiagu/tmp.dex 4244 txunda.com.decorate /data/data/txunda.com.decorate/.jiagu/classes.dex 4313 txunda.com.decorate:mult /data/data/txunda.com.decorate/.jiagu/classes.dex!classes2.dex 4313 txunda.com.decorate:mult /data/data/txunda.com.decorate/.jiagu/classes.dex!classes3.dex 4313 txunda.com.decorate:mult /data/data/txunda.com.decorate/.jiagu/tmp.dex 4313 txunda.com.decorate:mult /data/data/txunda.com.decorate/.jiagu/tmp.dex 4313 txunda.com.decorate:mult /data/data/txunda.com.decorate/.jiagu/classes.dex 4500 txunda.com.decorate:mult /data/data/txunda.com.decorate/.jiagu/classes.dex!classes2.dex 4500 txunda.com.decorate:mult /data/data/txunda.com.decorate/.jiagu/classes.dex!classes3.dex 4500 txunda.com.decorate:mult /data/data/txunda.com.decorate/.jiagu/tmp.dex 4500 txunda.com.decorate:mult /data/data/txunda.com.decorate/.jiagu/tmp.dex 4500 txunda.com.decorate:mult -
Queries information about running processes on the device 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses txunda.com.decorate Framework service call android.app.IActivityManager.getRunningAppProcesses txunda.com.decorate:mult Framework service call android.app.IActivityManager.getRunningAppProcesses txunda.com.decorate:mult -
Queries information about active data network 1 TTPs 3 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo txunda.com.decorate Framework service call android.net.IConnectivityManager.getActiveNetworkInfo txunda.com.decorate:mult Framework service call android.net.IConnectivityManager.getActiveNetworkInfo txunda.com.decorate:mult -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo txunda.com.decorate -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver txunda.com.decorate Framework service call android.app.IActivityManager.registerReceiver txunda.com.decorate:mult Framework service call android.app.IActivityManager.registerReceiver txunda.com.decorate:mult -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal txunda.com.decorate Framework API call javax.crypto.Cipher.doFinal txunda.com.decorate:mult Framework API call javax.crypto.Cipher.doFinal txunda.com.decorate:mult
Processes
-
txunda.com.decorate1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4244 -
/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/data/txunda.com.decorate/.jiagu/tmp.dex --output-vdex-fd=43 --oat-fd=45 --oat-location=/data/data/txunda.com.decorate/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4276
-
-
txunda.com.decorate:mult1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4313
-
txunda.com.decorate:mult1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4500
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.5MB
MD54191fe6989c4b5f400bfcc8948509abf
SHA13ad42b89fad698bc5b4b2deebc5ec23c3079145e
SHA25668da33cb1fcf0eefa7a0bc1cafa0461d284bf5fdd50e96e1785c0ddcb782f21f
SHA5125e1e0632f974175a48330cdb19e61a177f538453c69cda890713107712269fa6b88c934cf666ba4943a4d1016ac5a16fa88f8f23fd0bb3b7af9be90ab11d7b4d
-
Filesize
6.9MB
MD501169b82f460c8fd4dc9136e0b8070b4
SHA127c7690dd8aa6c13cdbc78fb60dae41dfe0c7d46
SHA2566edb4f69349d2701b75150caf6403514423992e93c8fa0fdd8e68c2d808b3b09
SHA5125c6b8cdf6bdd119bfeb846e79f34aa4b983ee3854ad61449a27b01ac75e732d96a7da31730f23e3b5b5cb65414e438111ac5800282c1929f28ddacfc1e6cbbb6
-
Filesize
831KB
MD59e9ba819dcf5a0b94108a8cfd6bdf592
SHA12d062ada1db46be2ec99981599f863e43845a705
SHA25673772ed0c564aac519822802a00fbb3d29e244cfb6f6105bcc211ab4b6ea72fd
SHA5127ebd09c5dee16a651d3746a3d972c3eed36057532afd353b4911a074257401423682f57e313cfa4b43e11221929fbf68c302f0d7ed51a3e1938473fde61317d6
-
Filesize
485KB
MD51da618896802fdb4b6f17c92703424f4
SHA1b48aa81ac014a5a7f6e95e618e4f951ee12d34c3
SHA2562cbf986b5e1357e00347d75d6f631539c0f368208079df36bb44603ac4e6973f
SHA512620a06d8df24597467318582a12bce45e2e2cb66069ffbd6fa27ac5a164c58398ddb9c2348e6ef443272a22ca85fcfa03439d0f0f22109a93708d562e0737cb6
-
Filesize
284B
MD5757eea85e09a10be12a976cffad7ac6c
SHA1eb080a3aaf7bb16f2b3f38e35f7b7aecd8d5003c
SHA25610b14100e544ada0418de6c344cbd4e0e1f1b82539801d3a07435c510190518b
SHA5125a09bec4aed1091411d90479dada4e4ac7edde919f14710bb7929769a162f0bcccfcd7a1042c7b521882edbeff8102b2e4cbd002477686679989975340215f39
-
Filesize
284B
MD5f1771b68f5f9b168b79ff59ae2daabe4
SHA10df6a835559f5c99670214a12700e7d8c28e5a42
SHA2569f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939
SHA512dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d
-
Filesize
32B
MD5108840d6bd255a72d755dbee9c42e900
SHA1a078453fc00701a3186dec53c397e5d5d819045a
SHA2560ef716ecb7972ee3178798afa826c566697e63a57b276f40ede6a8625d7b619e
SHA51200054f4a06a1da3f0839ade76ba29321260eef1008e1032ea59e9066e05694e291997b28b992c52b8776fdb43f2826c33c365a2d504ff3b91c5b79607f2fe710
-
Filesize
340B
MD53c80c8e28198d4d6a45a1a155a03ca73
SHA1c73701caa81ccf2e3241c67ffc9754348d050236
SHA256d584f65a3fabbd4a8512c17be1cca7a2e459f1e83462ee2e39e2ca60060bf3b7
SHA51278dade164290a164afb6007fcea7c5a7e21844acf409cadbb15612f6f2b0d943e0a0f589df68a3c101d55ebacfbf4d6d05f63414a27ecf65f76809dbbe80e96d
-
Filesize
32B
MD5ca8439ff9c84b368db70a9ac19ebcdfe
SHA15c589c8ebea5b976a1ff62e948d14f52ad5f7c42
SHA25606e1bb38d6a89b54483f950e0466656d8845b68c065b0588e3e7e7812f81f2f9
SHA512646d19b703ef7a006c4c321539c9c596a8a5726f365537726b364252a4ac1ec65c44880ae2292519988b37299feff409d441474c28b3020928820d0f0aa64dca
-
Filesize
73B
MD51361b812342074bfd7e58c3a80fa01bf
SHA184c4edc5852b38ed74aab2f4dd419bdebc1a2e17
SHA25633af3851b7fa84840d0111f52a30b08a04b636d0668437aacca27bd399f1deb7
SHA512d04fd43c0d63abea3bdfd4a9b3477cf0bb69db333e9c235b66853fd1ee650556950fe208a6f84de5c4ad6689014bb69ca29dc57752c14445e2791ffb65249e99
-
Filesize
314B
MD5a211bf6a468d90a7e13e6a74f1e49d38
SHA11b693079fc6ff18d360e84c893ebd5c18ef0ec6d
SHA256ac207711efd437a185cd4f8125b3715e98b5855696757a67b5637c2901efe550
SHA512ed83424429405fd35dd71c6f9c334eb724655fa26117a21e35e6db832c71cc294eefa4634dc2be7fe4d83ff32eee44d83388658c2e5309891731384b67b8e632
-
Filesize
146B
MD5d695c26bbe4655315fd012b28d764d0d
SHA1a819e7d619d2873c512df511e9d6a92dd6451416
SHA2563f52b784cf3314e1dd17f36cc612e7c9bc7080df6ba2589422bcbded1732b06a
SHA512b3ef2f675904b687a72da02f28351187b970d7d1baad56be5484863294b886c6538c61f8cfc16dcd28c9b903fda1abbe13c6ca9966d88b2cd969be692af4aa58
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
48B
MD51d8d16c4e3b19ebf18988530d9b9a757
SHA1bc94c1cce05cd848a53271ecb9c5311e27ffebf5
SHA256abd87140da8de3d0aa39a24a8d52bfe7b2eb28f7a3d505f205471c7e8f4964d7
SHA5124562d1eedbc5c2dd7f25cd1c70343053fd451026403585182b142a64f17016c1bd0bf6ad51667b439b220e425640e55fbbda08517e7106376cdc220a4555da82
-
Filesize
32B
MD52ea1fe12bd223191413a7a23416bf60f
SHA1352aee699cfd889394b56ec3ac7523b51445ce13
SHA2562f45c45de8b8ca11797398bce5b786f2fcdf0a24adae2a643ca683ce88d63c7b
SHA512552b28813221b5d1c92eb76a7dc0b7f3d70b914f863f50d8d9ca9ccb128ab7182fbeaa84aada2e89b261b5dbb3216478c030fd221de2ab7e04dee830a329ca8a
-
Filesize
130B
MD5f321656a466363e5192773d92000e401
SHA13a6abe9be1a6f4deffaa98fd27f3449c888d3c4a
SHA25653efd5207de6ed80429ec3c7865eed2b64023a0ed66e0fd29e7f45b708a1751c
SHA512fcf6884bf5ce8d10b3a3dd461fad96cb6cf0bc4129e01788de112551230fbc4d8ea6961b04411d1c7816e248437c4560277069d9c544e5450612abc0e2c0171d
-
Filesize
57B
MD570a42cba408700f9a6c01c7941a8829e
SHA1eab01cc2c0671538795fb0b1146017dc099d0984
SHA256499576707ce2623293166979e59c832be5b8636c64ad39aa63ebcf961910c35f
SHA5128900d4dc8eed0430babbacb72942401bd22ef7fe5430cad90d3ce0c2c53010220d666aa0e2eb1026f3ec81d574c7fa12585b49222a5f15b01637f6ba134fe70c