Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
157s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
-
submitted
29/09/2024, 09:10
General
-
Target
fe35ff228d50f455b03fbb4924835564_JaffaCakes118.apk
-
Size
21.4MB
-
MD5
fe35ff228d50f455b03fbb4924835564
-
SHA1
81aa3e27117bad986255c8dd31b77e74f33749fa
-
SHA256
fee555490c45e1837c61c5aa5e2072165acadb28380144239d61d815965bd339
-
SHA512
10769297c7fdc042a1f54c33c026b1317f6570b58c8a253ae0482b7e5d12fcc77ca254251abc94c3f72775f683df69e90a6b290e54b0193b0288136915f468b2
-
SSDEEP
393216:prVovGPBysFljihfegblBuhLKNwMxtYhf4wYVh87lfX8Vd9zDA7yjpT1qukiOhZ:tVovGPBvji4gZBuhLKNwLf4w3729zDLe
Malware Config
Signatures
-
Checks Android system properties for emulator presence. 1 TTPs 28 IoCs
-
Loads dropped Dex/Jar 1 TTPs 33 IoCs
Runs executable file dropped to the device during analysis.
-
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
-
Queries information about active data network 1 TTPs 1 IoCs
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC) 1 TTPs 27 IoCs
-
Requests dangerous framework permissions 10 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 28 IoCs
-
Checks memory information 2 TTPs 28 IoCs
Processes
-
org.chromium.caster_receiver_apk_FMMusic1⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Queries information about the current nearby Wi-Fi networks
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/org.chromium.caster_receiver_apk_FMMusic/app_dyload/cast-receiver.apk --output-vdex-fd=68 --oat-fd=75 --oat-location=/data/user/0/org.chromium.caster_receiver_apk_FMMusic/app_dyload/oat/x86/cast-receiver.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/org.chromium.caster_receiver_apk_FMMusic/dex/qcast_sdk_core_client.dex --output-vdex-fd=94 --oat-fd=98 --oat-location=/data/data/org.chromium.caster_receiver_apk_FMMusic/dex/oat/x86/qcast_sdk_core_client.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
-
org.chromium.caster_receiver_apk_FMMusic:castlinkerservice1⤵
-
org.chromium.caster_receiver_apk_FMMusic:sandboxed_process01⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Checks CPU information
- Checks memory information
-
org.chromium.caster_receiver_apk_FMMusic:sandboxed_process11⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Checks CPU information
- Checks memory information
-
org.chromium.caster_receiver_apk_FMMusic:sandboxed_process21⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Checks CPU information
- Checks memory information
-
org.chromium.caster_receiver_apk_FMMusic:sandboxed_process31⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Checks CPU information
- Checks memory information
-
org.chromium.caster_receiver_apk_FMMusic:sandboxed_process41⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Checks CPU information
- Checks memory information
-
org.chromium.caster_receiver_apk_FMMusic:sandboxed_process51⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Checks CPU information
- Checks memory information
-
org.chromium.caster_receiver_apk_FMMusic:sandboxed_process01⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Checks CPU information
- Checks memory information
-
org.chromium.caster_receiver_apk_FMMusic:sandboxed_process11⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Checks CPU information
- Checks memory information
-
org.chromium.caster_receiver_apk_FMMusic:sandboxed_process21⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Checks CPU information
- Checks memory information
-
org.chromium.caster_receiver_apk_FMMusic:sandboxed_process31⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Checks CPU information
- Checks memory information
-
org.chromium.caster_receiver_apk_FMMusic:sandboxed_process41⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Checks CPU information
- Checks memory information
-
org.chromium.caster_receiver_apk_FMMusic:sandboxed_process51⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Checks CPU information
- Checks memory information
-
org.chromium.caster_receiver_apk_FMMusic:sandboxed_process01⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Checks CPU information
- Checks memory information
-
org.chromium.caster_receiver_apk_FMMusic:sandboxed_process11⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Checks CPU information
- Checks memory information
-
org.chromium.caster_receiver_apk_FMMusic:sandboxed_process21⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Checks CPU information
- Checks memory information
-
org.chromium.caster_receiver_apk_FMMusic:sandboxed_process31⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Checks CPU information
- Checks memory information
-
org.chromium.caster_receiver_apk_FMMusic:sandboxed_process41⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Checks CPU information
- Checks memory information
-
org.chromium.caster_receiver_apk_FMMusic:sandboxed_process51⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Checks CPU information
- Checks memory information
-
org.chromium.caster_receiver_apk_FMMusic:sandboxed_process01⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Checks CPU information
- Checks memory information
-
org.chromium.caster_receiver_apk_FMMusic:sandboxed_process11⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Checks CPU information
- Checks memory information
-
org.chromium.caster_receiver_apk_FMMusic:sandboxed_process21⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Checks CPU information
- Checks memory information
-
org.chromium.caster_receiver_apk_FMMusic:sandboxed_process31⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Checks CPU information
- Checks memory information
-
org.chromium.caster_receiver_apk_FMMusic:sandboxed_process41⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Checks CPU information
- Checks memory information
-
org.chromium.caster_receiver_apk_FMMusic:sandboxed_process51⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Checks CPU information
- Checks memory information
-
org.chromium.caster_receiver_apk_FMMusic:sandboxed_process01⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Checks CPU information
- Checks memory information
-
org.chromium.caster_receiver_apk_FMMusic:sandboxed_process11⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Checks CPU information
- Checks memory information
-
org.chromium.caster_receiver_apk_FMMusic:sandboxed_process21⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Queries the mobile country code (MCC)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
3System Checks
3Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.8MB
MD5016b7c560b53fe4fcf41f4b2eca9f61f
SHA1b7e60915aeb077c7e4ba54f87b4b8b8c4f335956
SHA25686030aafd3e4128b37d50bfa63aecad20bcccacd8037925f9ada49a40620394c
SHA512867b84f196609c212736904ed733ca9c24a0e9d1a4d3b5246955c053b743801b4e7f1d0b44aceaf2cc108b80c06b016399bb8b27b97e91e0eeca1ce95b56a609
-
Filesize
1.6MB
MD5736b282401615ae39eb0f278759258f7
SHA1730db06ab2a8409bb2ab2441848b7706bb120c47
SHA256c487e0133b3a7e5772d5147365e41d2648a635c2ca2e66047661fc5222bf2874
SHA51214ada472efbeaf0625e0a55f7e46b91aa2ce2a11cb86e235409f39532b2d68d904ddcc4d8c10b6e537d3e9ed9c3f43c981226f1aea752e7c5c5f34838533006f
-
Filesize
6.0MB
MD552ab649e07a8d83f261e23e0b23e039d
SHA1bcb32e4e1f53574da568a4852a5abc543f322055
SHA25693a963112e3b7e4410e6e506391d8c93b77199f0d02ffc5e4156eab63c328d03
SHA512143f155a7536a1bdbd892c0f8b5d4d5d13b78deeebc38884c2d9d0710504c5e7d3d33249cb1635d269501e30658656b5156af2391b7d186360d268ce9f1eb1d2
-
Filesize
45KB
MD55e4901689d55b5b39e3e5cbc37411024
SHA1e97dbd0011e12d7f487cdc3178322279deeb45cc
SHA256ef073ee7274f2fae923c9ff755833e13b98344c2b4348532af684e44f84e1207
SHA512701689d92b1c60c803f613e90f9441a5ec84b278240ac13ee47520246b6761124a00f581f2fcb1d0b43603cca65be6a873ab787ff168f8e1b7aecd827fd86271
-
Filesize
1KB
MD5e15a141f7ed1913efe690150031bda4e
SHA1b4497ba89698556dbaa8cdcbdd0b15076d6e61ba
SHA2568561cbb26aae0599110745310aeda2ac9bda69f02db88de11eeb72663a6e354d
SHA51224875a0b9d00a526f26f8a798b82a581949efdd63054679f1988512d996ebfece22bacecb47c9e1e62f2da54873ba57cf0b9c540c5b348e7ca98d1a5d9066800
-
Filesize
1KB
MD517ea962cb445bca92fdedc8350081d40
SHA10926a7fc2cd16ab70040bf65cb53b8f99c5dd286
SHA256b58f4034421bdfed542af4f65af9f92b6543ddce88f20618b5a22d76faaecc89
SHA5124562d5fe6e381fcfc40221a8b87d567a4eeae09a5beb621873abd8f033daba448d7c1713fa837d4cf1a9a874ccef025373036d805245d608f727c66cc6f037f5
-
Filesize
1KB
MD538bf8ea8c7a2d94c71191acb03366272
SHA115b3059ccc0d320c167915556c9f8714feb35ae4
SHA256b3b17bf59e649b00315bd2d6ce281baf9cc87f82db4a133315322b40f91c8821
SHA512f6bc0e566eae2f22a704559c3845051edb90a2491b514b7fc87574ce2135064c085d1917e9540911138216ea6a46475cd75efba9fc1ce54cbf4682da04186bca
-
Filesize
196B
MD5449baf7f3b3e72421064666cd8cb9a77
SHA1891293137da4cc69dfb15e4b28854a172260b259
SHA256904983899485ab78182127aab8262e761aa37809288850d452f003795cd06676
SHA512b54edbb6cde292308703eb60c28a257c82a767e5e9d96c2875f3c941fb8b564e2c8431c04c16322e796cbd4fd14233f7c9cffa36cfa06f20d710920637db0ebe
-
Filesize
28KB
MD58cd9395f321826ff46e1339d1533b0fa
SHA137c36c94a71e1edcd67fc0b2027d7e6776abcd3e
SHA256b23f12283fb39c60df44d1a512821772859af02e3a20fabf30aa82b13cf34d57
SHA51241398db3e0571a69f7c7e188db472919ed79361f25cccb917337b8d8c4971e16f07b195a72208389b7f4136ebca07982428f176b06d1bb6cbcdf54397b5ab7f7
-
Filesize
17KB
MD5f3946397c539a355d75abd300b673603
SHA10c2c422a25d2dcbeed9a437ce67823511b553292
SHA25699681bf0450af8676ac4e1d1dc4468210c829e23c333c78753590eecbc5bf5d1
SHA512fc51ca7399df5c9694d5e61a007f2131885c3330757935f593cb8ca4b058bcb461538336a0bb9fb22c4987932c838287bd4fb93e7d5390115f5aa2e37124f10c
-
Filesize
936KB
MD579f9a4aa53d2023cef804cfbdfdfd334
SHA1cf50f973e92222cbbc1e1aedc6f0d1500414bcbb
SHA2564ab5caede65f426ae7688b54665efc348d98ed1acc6efdc051d98425a7666fe3
SHA512facf020f6b1216a313d5043181e12ae1e67b218345b7717c7fc22cb71aebfd30faaab72e271e29bba0f6d6e56213c572dad1fb3967c48dcd03d6b518838a21e2
-
Filesize
25KB
MD5a260582605ab924b3e6c08c6d409a433
SHA12e2e952d3e7b0a1c2e7c1a2b67a28243d839567a
SHA256ead7e8d8cc0cb99e78b5be726c1b2db21c8e8f060cf03cd6b0aecfff3dce12d4
SHA512a66cbd58c6f368ec0494491f23b9233160f66ad2975df1c5fdafd6e55e69175a8d3b6166cda70ded598a11e1867deca63e7b38d3f8a925d3f0ea3327c368d2b4
-
Filesize
162KB
MD56403029b0bb7003506585504d886c5ae
SHA122086ecb6ddc16bb06946d23f44afd980adfb791
SHA256d702353f6786b9be88ebce83ff9783a4111d6074ad2dbca4cf60a0184fbba4c7
SHA512a88ecfc31934a0c3648ecd1fc23800c2476ab8f4f761d4e308aa504547d0bd4088b7a676519d002b4f43e0aadc23bb1be76ea60ffa9940f8c9e99ef68c770cd3
-
Filesize
477KB
MD5d911618037b5fd823f9c359247251454
SHA1173c30b54b1b7db9e7a1c38eafad002609229404
SHA256918318521db291d4afaf1c673415e3c6e0898f7be204cbaa58a0af2c652a7be4
SHA5127a5d49d4ed1bd40abefc4459b7ea01d38d35b63e5af704961a628a76fd1beb8e73b3fa77405ab199e6a28d3d65fcdd494da28fd3bebef2ff623bc48b6bb9dcef
-
Filesize
274KB
MD5a664e8c9be9755031506fae123b653b4
SHA1b3e7404d1a15c77eaffb41baaaf69f1f498daccd
SHA25654bd95134ef0366bdd37132bff2d312754e8ecdcd1a46d6cef69c96067f12ede
SHA512e3588b75866a6abbc2c7cfa9085837fe107341d2b34632751ad449b36c1b134cd6585aa0e4d6a25799629c8df930aa163b5db16fc24cb8722accc283465fa4aa
-
Filesize
20KB
MD592c352dfd3931c61a5f6e61b2a1f5a8b
SHA1136318cdd474637af88b7b9ce1cf400b6e902a13
SHA256e3e94b7c3941188bf45008098bd10c342a4a3eb7417ad2f414634ea7a2b258bc
SHA512c36b7476dbedaa99ba16d17ee93b36251f0f50cfd68a460213f28daaf87e5cdbfa7b055cb4bb684a45e5625a33ce54b8e24bd91bf36c3166b503968952774185
-
Filesize
512B
MD5c3be120875a5f70470add086faa019a4
SHA1cf37c6d8d72d128e6a20b1d6d5d1e889ffee4355
SHA256806cd91ee58e06e79fbe677fcb164114e360d77376a8902075ea3b9a2d56f47d
SHA512d0d73a609f14bfbcadfb89f72b1e728c596cd16c35dbeb9f609fa478904bf4fd99f2b8c6ae7533f39a1d0d54bf5e219413cdf3ffac5c4877094b0bf96faa24d0
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
32KB
MD5ac9907940a6cabc49e01696ad0164441
SHA185ec024ac26bff1c4d6bdb6be051a00d198b306b
SHA256bfb183eadc4218ee0c713d528c3897179ac3ee9a578a044de6c5472f9cf2af0f
SHA51294d11768f77b52421b67ae86b2781f6c5b11b79627c0b44be19ac722a0846b4850c564cb76ebe2e3776624972ab522e7af1119a1c4a30fcab5827f530c310001
-
Filesize
404KB
MD5f7c44ec32625d1204746e3612f0d3702
SHA113606266d9f0ae5115236385f2e86e2a50b1cb8b
SHA256fb6438b67509566540c5832c5539ae01f7a367d062444128c7a0152054657b6a
SHA512df44273e406e402c02e081aa6fd24c39fb05e481ea245d42d5c87061f638bf451c641c480b17984b29ba887579afee59baa2e04dc903403ea17e162488df3a72
-
Filesize
404KB
MD5b7bfc670c137714a3f04fbea577b8eee
SHA1f3912f52466581cf2bebed1c4e0c4215a6003eba
SHA256b63e979a941c0d294ccce3ffc6a580600ca4c914ff437db1ede3352f118b721c
SHA5123d9fb6f0926b9c18a548c13f6d1a2289e6fe27571740d62b12f620b02285dc85d0102c8448550f4872d07a538ba9a83119849857541fe39e1a934486b391ca18
-
Filesize
624B
MD5d0fd0c5031cf7d9af8a1c20c411baaca
SHA1740969d01de48038f7c3814d975c6b344b2856ad
SHA256704e709a86cc006d03670221bc1513ed651ae3a388f99e105cdb263f5ab57ddf
SHA512b7c353a407db17aaea4d1326f0f6851c0fef42c2d7b37705154b27051b563e330b07bc9ccb292e9ec92ed2986057a64e5527fd7efdf1066c3e76b12d930ec1a4
-
Filesize
310B
MD59bad4410ee7fef386015cbbe164de6ce
SHA120245a436006c7f35c995e68c999e1445948ef82
SHA256611d2dd6722b4ae6b1ae9a863673e33243b3893f9376b99ba7e569569955f139
SHA512d1240af226c99e6380ad1a3e65f9726fe03703f165939e3e8d06bcef747b822cede31816efdb04e7aa74a71f8ae79d42a3f06909f319c1c838a6f07344c371dc
-
Filesize
4.6MB
MD55e0bab6c6084b9fcf611d5af9e220b88
SHA1aa48910909da649220a8850c92859eae6a10de5e
SHA25662ef0339e1f72c9f3a8e4840a1a178bb39cc7906a8c5fbf5a281da5dcc284ca7
SHA5128f867d338e15ad6c0617c5494ccba82c701198cbc6f4399e0c2feaf20768778a0c636026607da528c4478a26dc4e46120edf98d0ff17797afadddda954055e05
-
Filesize
4.6MB
MD52911f9e237ad12426e1742688d4c53eb
SHA1506ff1d1c20ba91f34e2c36eb9157da9d9257c62
SHA25662f817d1e58a1b8f2de2ae11538e07dc3847651dc9828b07dcae3bcc4ffd88de
SHA51275c452681f96f38a895389c3ee576c774bbc25e07209df448e1ee602d399a46ffdb6c428efa1af998ffdd3166930ea76ba97feb84bae6e999b65f018f6baceb2
-
Filesize
121KB
MD5e6b4820a2b415aadf6e69b472fbca82f
SHA1278cc010a9c80a9f463f98f9a8d47f83973d7594
SHA256d68b30f97baa225259f8ba7184dac12347379993ed44275d8385a49cf1e78e90
SHA512d25f94902d9f54bf66813b9f7057ee4229600e1640b30f54464dfcfbdc423daf65ac7908e53fb4370988bb4a114d12076a9f746c40816a8757c0a364bece2970
