Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

6

ea645c27a1...18.apk

android-9-x86

7

ea645c27a1...18.apk

android-10-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    19/09/2024, 02:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ea645c27a1c7f7d550dec9432f115232_JaffaCakes118.apk

  • Size

    7.2MB

  • MD5

    ea645c27a1c7f7d550dec9432f115232

  • SHA1

    427718902016a3c9df577dab87817d6e13cd3050

  • SHA256

    1b5dbc8d5f8315dcd2c22f94b49d5ac0ecc388785eb2fccfcbe58253dd5c696a

  • SHA512

    d5595803ea14d247170009462c7bd6a634649c6261d50501b962c2a52e36a96f3a6008f320a36c4299700e47403006399855e7f39120f7abf0ddec893c26d767

  • SSDEEP

    196608:E3w4tg1TNIr+7q+uPfQr0PRnYpeLGqHc24j43NiZ0IE7R8:EAIg1d76P9SeUj4XIGq

Score
7/10
collectiondiscoveryevasionpersistence

Malware Config

Signatures

  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 2 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
    persistence
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.honeywell.hch.airtouch
    1⤵
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    PID:4337
  • com.honeywell.hch.airtouch:remote
    1⤵
    • Queries information about the current nearby Wi-Fi networks
    • Requests cell location
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4389

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.honeywell.hch.airtouch/databases/airTouch.db
    Filesize

    36KB

    MD5

    b64e693a76b9d41dae36248d46577ced

    SHA1

    7ae5781a54943560115619a6006c1b2a4a4c03b9

    SHA256

    cd16dd89eda64538fbfaa77beb965e4444a68c6fe8e9d521bd3734d1091fef7e

    SHA512

    0db153ec73fcb5a2e3d14d2a7a0e8e2e4e661bff304078ec2c664b85d437c368fd176791d87e54b85b3ae98111739813cb39b5f73bb7a5f7eac9c49cb0fbd045

    Download Submit

  • /data/data/com.honeywell.hch.airtouch/databases/airTouch.db-journal
    Filesize

    512B

    MD5

    e7c4c8a4c6f7830cd1a796dbdb5b345d

    SHA1

    8a263b42575b3344d2b992e02e789aaac1488729

    SHA256

    ef9601f79b145f9a269b55de4e904fca34c38d39458be9cf13ffe2b65f8fc6a4

    SHA512

    ebc44fabcb77dc4c5923c395a0a14c58479fbd5e5ea88c03c174473b8b2a5cf032d89bf5b134a0ec3dab9a7fa70e076f31225c594b87048179dca5c0d8238717

    Download Submit

  • /data/data/com.honeywell.hch.airtouch/databases/airTouch.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.honeywell.hch.airtouch/databases/airTouch.db-wal
    Filesize

    40KB

    MD5

    095502b68902af422f25286f61210aa3

    SHA1

    515af72bc457f667b84df07aa89f076a128d20a7

    SHA256

    b9bca96c8a31ff959ab79adef0d0c9e9ca400bd48f5f62d73868f19ca7c528e7

    SHA512

    4ee20aaafb1a6c02353411fb911218f399790b5447826510447af72f4fa9e4e78b242dafd40ebdf77fb8c7e1828489a07e7a2b77f6bf563b7ff4e93b6206886a

    Download Submit

  • /data/data/com.honeywell.hch.airtouch/files/lldt/firll.dat
    Filesize

    56B

    MD5

    df1e4f280fd12113233cf55f6ddd6456

    SHA1

    723ce2b4929e37a12b843ce3d27f080d76a09bac

    SHA256

    32fd0ad27d5b920824ec23051a98c9ecdeef547c95a9496a5ee463be67f947ed

    SHA512

    e4cd53ef06c150bc7f20929f1e3fe9f9081fc858a8822169488948090370afa05f5119e5ec4ac9e04efbcf40b97dc6a0c8f59985d7fcaa153bfd0ee942e18685

    Download Submit

  • /storage/emulated/0/baidu/tempdata/conlts.dat
    Filesize

    12B

    MD5

    8d80bc8ea90e9cac010d3ddf97bda5f5

    SHA1

    f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07

    SHA256

    f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93

    SHA512

    9ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7

    Download Submit

  • /storage/emulated/0/baidu/tempdata/conlts.dat
    Filesize

    163B

    MD5

    adaa2a79c181fc7556b40771654f14bc

    SHA1

    25f5a7416d398e5c46c7fe1cd1ad9b82f5657f95

    SHA256

    5d2e19321fca4c90c74048c3a85472a754d0d2463a915305936602bddb453e00

    SHA512

    442eb70d4dea833455e68a47bd7d4eeacb7f1e01f59c4fbb20545129a8d09b8bb5cb42dde5c311473838439a43db30077660b665beb21d0c4eb95699b29ca2f9

    Download Submit

  • /storage/emulated/0/baidu/tempdata/lcvif.dat
    Filesize

    96B

    MD5

    e7494f666bf4089bef28c12ef1a9828f

    SHA1

    2cd39187210037a0162cb8a8dcf2a1d4be27d5cb

    SHA256

    52d68c06fcb9c16fae9bdf5bf7fa04f6b27cadad57b4f114f2197141f84cb2f6

    SHA512

    6db2d6e8acad3b8c200416d1e7a52f925684e63f000907a1d5869eb6b36ecba9d6cf654f7f9fb88fb515063e021aff5bd8e78aabf36525cfe3a4d14ff6289388

    Download Submit

  • /storage/emulated/0/baidu/tempdata/ls.db
    Filesize

    64KB

    MD5

    2853e22c49c930cc576f5b3838472339

    SHA1

    6184d61295fc3b80bc79aa3c7ed9030190f96773

    SHA256

    c65b0450f2a2f7057557bd7a6020ee06cfd74784a0db32f00f6200fb08e6776f

    SHA512

    358a06ca3d77169ca9e56d1bebad12865a0e996a350818d386a366ef12969ea480467529b225f07a57ac4d9992b2bd20d0f0a35ec8ef8a24a8406c0bc34d7404

    Download Submit

  • /storage/emulated/0/baidu/tempdata/ls.db-journal
    Filesize

    512B

    MD5

    36d6c42a622c996b0cff85868522ac31

    SHA1

    c3ec8c8f018df2b85fd131ddeaad53bab4ee131e

    SHA256

    0b814f3006ab08013f2e32b8760327c23422799ca423eb3f25d1ea0e3fb193f1

    SHA512

    6829b8081b2b3bbc9306dca778aba0ea4427c847a874a575f0531d285ea658011ae7ee304e63577dce3b89e8c0f5bd536d655384b371f49bf0933b45283de2a6

    Download Submit

  • /storage/emulated/0/baidu/tempdata/ls.db-wal
    Filesize

    52KB

    MD5

    3c0c62d1c8e7ffc22f7e059147e819e1

    SHA1

    8fe9e36970ca742dc497d45d4e7a031d177ab726

    SHA256

    c9603facb5833231e33b37bc98d6731f1783f194c2feb9726f47bd48405acbca

    SHA512

    1d4c5d6b7222b97ce1a3644203d3d412ecb0143853a4402d55365976682b35c238d214407a7688cec8115d0d7fb4311a6fd788b31b1fae1279cbfdca331e8ba5

    Download Submit