Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f05bcf30367ab9829fda4d2961afdced_JaffaCakes118

  • Size

    14.2MB

  • Sample

    240921-wqvrtawakd

  • MD5

    f05bcf30367ab9829fda4d2961afdced

  • SHA1

    ea44de626b0d80235ab160cf162bf10b04ead4e4

  • SHA256

    00207fe7b7b9f08d6db522de16d3389b5e62947849572fc7341359c879fc1c7b

  • SHA512

    0c8066c6edeff0c1349c79c7c21bd9455830076d57b0b4813a1daa49b4b8119a0f342df491d106b030fdbde9eb1eafbfff6518447d846c545701754f043446a3

  • SSDEEP

    393216:iFJqHytU0V/Fa5uVTTI8iO3NFF7sYX4PpzEPqH:izqHy1/bXI8RDAEA

Malware Config

Targets

    • Target

      f05bcf30367ab9829fda4d2961afdced_JaffaCakes118

    • Size

      14.2MB

    • MD5

      f05bcf30367ab9829fda4d2961afdced

    • SHA1

      ea44de626b0d80235ab160cf162bf10b04ead4e4

    • SHA256

      00207fe7b7b9f08d6db522de16d3389b5e62947849572fc7341359c879fc1c7b

    • SHA512

      0c8066c6edeff0c1349c79c7c21bd9455830076d57b0b4813a1daa49b4b8119a0f342df491d106b030fdbde9eb1eafbfff6518447d846c545701754f043446a3

    • SSDEEP

      393216:iFJqHytU0V/Fa5uVTTI8iO3NFF7sYX4PpzEPqH:izqHy1/bXI8RDAEA

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Requests dangerous framework permissions

    • Target

      7723box_pjz.apk

    • Size

      2.0MB

    • MD5

      3862a974eef6f3c01fc58b85dec4e6ea

    • SHA1

      8a482f68e74c8b406b5dc87f7f6e46f348e1a673

    • SHA256

      912d30f69f69a2e36a4cb0a13a25832c4ce4deb31470275273104f778ffb9bb1

    • SHA512

      1701259d85b6b8a5841d6761ce54f4ff432fe8cf7d7f51b16212a06b58cbdcf48414fecdd10ab5347e6b59e879fbf896bc1f3c1b9c602444868b94f23e4ba7e8

    • SSDEEP

      24576:hjzi7dLe3+Z14UtlvSF1RKzYz65o2pgZebQOS4w/PHMZSoOiLdkikNeuV42oh56K:NH+ZbSJH+5o2pi74+vMMoOiL9kjCZHL

    Score
    6/10
    • Acquires the wake lock

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Reads information about phone network operator.

    • Target

      GH.data

    • Size

      1.6MB

    • MD5

      e6647c7982823f7e0c49bf9de9e8ca1c

    • SHA1

      56669c77eb3bbb867a470d623496a555d935aa1b

    • SHA256

      6da698faf823ce4cd97d214609d54291da5e3a18561c9a648cba8bbe47595f02

    • SHA512

      bcfc2924ee57b898475fd5c3fb8c9cb001ad2ebca717e60f384720c05441fef4ec00ad777d144c9d15dad8c2e34e3b8b78e067bd1b72a8dc59c2f20d5002b05b

    • SSDEEP

      24576:ygaJGEBLRACbCG4jh4k3QiDkrsPTVwogNeAranxYfks:ygaJGENRACubjh4k3Q0WmHgNlr0xwks

    Score
    6/10
    • Queries information about active data network

    • Queries the unique device ID (IMEI, MEID, IMSI)

MITRE ATT&CK Mobile v15

Tasks