Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
138s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
-
submitted
30/09/2024, 09:18
General
-
Target
0091f328f9f53232050d7d0ef9b8cb95_JaffaCakes118.apk
-
Size
6.0MB
-
MD5
0091f328f9f53232050d7d0ef9b8cb95
-
SHA1
a66040f1c88dbfb331c03b3d3e2ff96a9afce37e
-
SHA256
02b0526d87c925cfaa01f86f5553a8c4060f3c4a9e580e98cc350eeb140dcf19
-
SHA512
6d0124d537f412555b6a131ab44b02c7784df5f55707323c7fa65d54e06cd3a0807b29ffcc6a9c05027cf7befb0a65155c6f5a69a936a2ccbb18306de527f470
-
SSDEEP
98304:Elv1V94Ku0cLAasDBxdPdWcASzR83R2aN0ow9X7omO4qigIU:yv1VfcLAaoBxdPcVSzRsR2aNv+LomMPT
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
-
Loads dropped Dex/Jar 1 TTPs 5 IoCs
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Reads the content of SMS inbox messages. 1 TTPs 1 IoCs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Queries information about active data network 1 TTPs 1 IoCs
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.pokercity.singleby2.zimon1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Reads the content of SMS inbox messages.
- Requests cell location
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.pokercity.singleby2.zimon/app_workbench53312/apk.zip --output-vdex-fd=48 --oat-fd=49 --oat-location=/data/user/0/com.pokercity.singleby2.zimon/app_workbench53312/oat/x86/apk.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
-
chmod 666 /storage/emulated/0/Android/data/com.skymobi.pay.newsdk/plugins/com.skymobi.pay.plugin.smspay.apk2⤵
-
-
chmod 666 /storage/emulated/0/Android/data/com.skymobi.pay.newsdk/plugins/com.skymobi.pay.plugin.recordupload.apk2⤵
-
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.pokercity.singleby2.zimon/app_workbench36734/apk.zip --output-vdex-fd=61 --oat-fd=63 --oat-location=/data/user/0/com.pokercity.singleby2.zimon/app_workbench36734/oat/x86/apk.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
35KB
MD56f9f26b653cac96044a97c34758d283c
SHA14a34bc1894716653e027295692099bb5ed843779
SHA256864a0530a597446d50ac377882e1066c73371abaea1faaeffbcd94f27293f533
SHA51229c038165be5e778d6f992d45cb89413d58babe8d5ea5cdba1d53906148d761459c3d5f3a05b95f8c8745e191ec339d957c04b677f0f88bb7b6a7850b52864bd
-
Filesize
271B
MD52f65c3295476f95c9a746b8884a99040
SHA1b29dcc84bbbbbb89c9b44927ac2e8f0d9c46a14d
SHA256448c3192f776b2a8fb0aea62c218eb06cde68bd78c46b064d15d2ed1a75778c6
SHA51293b3f6aeadb4a87524394f73d2fa2a3a4c78fb3ed342d30a47a4018f8c474c311c6567e6a8c1088af72254432f6b96b71f85ba266572cf6cdbf8bbc0b5251af5
-
Filesize
299B
MD5f42373af93c77f1707a4a372197844ac
SHA1de15d347c1eae2dd9dee00d94ae3adf9a8d0d1f3
SHA25650130a645cc624202d376ace07addf56923fea4a81d691fb65e37c84831fa046
SHA512a4ffe047da8ee0ebf03f62b6fcd7aca84c9bbd7ca607452716561ba96cfa60867949470b6ad3295da8e64324c2c8d44dc01c67e323010115c2af259b10d85899
-
Filesize
160KB
MD5d3a4c60f9ca41f4c128a91c282f7b59c
SHA17dc03e84c96e09ec0fd42bcff994618a5cf1e8d9
SHA25644a7c99023dca24c994cbf2990dc6f09022e6ed788d32f791594fd10e4634b5f
SHA512a706a2ebd77195c3185f5d93272fc7996c28081829ae29bda700ac2935fc618f3afc8973a6c87fd80c7295635306087473d29075deaf7a53fcbf41f745a250fb
-
Filesize
312B
MD5af0beb34b486e73b4651141ca3fa2b06
SHA1421e7860cf538b62e99cb181b164951d8120719b
SHA256f04f842bd07afa54f9a67382bb5968c92d453cd974e481be1c4c7ba134ee2af4
SHA5125235627dd02974c335b7e1f56080b2d3ad69b4c0860c8a86eab52b7a7e93e0c360d09b66d75cf26a63abb6c18bff0930abdd3fdcb69284964ac5c41a6aa8a9fb
-
Filesize
46KB
MD5184992aa9ddfb974e9c3a46c6ce60a52
SHA1e8a4e64896797095c58ccc7c659e32e7b89c66a2
SHA25687799e9c24c33bce966f3ae6ccff50f05e7c730dac8248e97e5d28bc30f7bc30
SHA512f19373cb1c07fa40875cc2b8b54a1a7cac046df4b8c0b15fa7a546193cd8590a40bdc4b1f94091aeab0585c95869bf17bf095e02937e859eaaa72c1296aa4365
-
Filesize
364B
MD5fe6487b045765fd71ae998a1518cf213
SHA16dd35bf371fa3fcf40a26e345db6d42fda573fe1
SHA256d92353ea1b0a017f94cbf5f80fcc0cfe4d8e00b8513601d3bb963f2effc4c3c5
SHA51266a203a8c1709d34db66d977c6e5c62bd9847301472432d157ea4ce94e8c2fe08d93b658ed420e8f9307afaac4cca1d528d44a67cbc7f48b45ef0fdb59899744
-
Filesize
40KB
MD5305a42ee11d5824d23fbeb2f1c29188f
SHA1d8a5ec3fe715fa55a1b92ffdb79cd842eab28ef4
SHA256d079c43d69f5e159dd652fe75340e99bf87500cc5c64fc9afd999e2d0b28ca46
SHA5129fd3e398d3a416bc74720f961f756d506560f93aebe590a9c21302ab8cba6f5a9e813d13dde88a63d6a36fc3cb3759377d7c8767b2b25987b0bc4c6512ccc874
-
Filesize
512B
MD5dd6ee6793a4d69f6df2a45780f3c9570
SHA156c6502a362e5b3ad92cde88609d3f4935fa4116
SHA2565fc3d6f428dbca62d77f8f0f0ed5bcd8521515fdff7ce9098fb9d6de6456ecd7
SHA5128bba9e80c326731f5935d19efcb7ab05cff2bf021923df7a4731a43a8f6f4bc7e972f8947468c58a3a4227f44f847acbd19157d7c0d7c0bc7623848a46d7edca
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
406KB
MD57fa1f42afb22330af785710d3ce4e5e9
SHA1bcb493093d7bf1e2199b410271962f746afc8896
SHA25645c87bbbc911896cdb7e7e05704a441648ed07a92e06a648af4b7be1943b16b8
SHA512cb00f183d0fe7c63f42c13a8711155b97f748449fbc11e7602d5ce75de69c612f01a9e52d1b2a3813fbfd55726609f16973cbec5c3fd6f5445afce0d7b24b0c4
-
Filesize
722KB
MD5e23d059ba17ddf99a60f908849cf2aa2
SHA116c523d366934a42255a2e5e6535af07258e5373
SHA256918306de13e184fe17a4824fc066763863e5c350d53c5ca3b4ce0faea939ca6e
SHA5128ea207cdc91c79e325576b83147dc4bd7962f7cc5d6a68cdac721ba8d44faf5cee09e28766c15951b6a756c2a0273c2cf8649d86d27b7ea2eeda8327dfbc441e
-
Filesize
83KB
MD50bce4bbe2842a4b9095c578830236d18
SHA1106a69709af3e8326f7d6ab1d679b61699d394a3
SHA2568e17edec35636923952e5f94020ab14ca2c9cd834378d411ec3194577c361a1f
SHA5121fdb53e1cdc7a3f3d5c65e072975ee51cb3555666bfe731ee5d06285d974b4f9e1048e0635f4093e1c1aee54b3ca78e5d4ac27af948ccbcb13493a0913759c02
-
Filesize
83KB
MD5bd25f3e4796360948d5092ab1570da44
SHA10c68ae7cbffd436f877947be8546fa05a804f768
SHA2564bb367551f523f8eec53724cd3bbc91815ad088b0ba90c6e14d28c9fa8811f65
SHA512d26edda8c434be4b308519ea2eee415c254bb0f5316a256b0a0f208a81c2a5d831127aeb763820a3cf6a63d933e98e142fe8e5e15d4ffbdf8e1fb1f974148ce3
-
Filesize
417KB
MD5206527e4e5afe9cd89351af4951071e4
SHA124d8000c3b49bb67d9fb567546f24af523812bf0
SHA2563bd9cba18a21d5fde97c4bb405c113c0130d56c05c8ed37ed4a1900f13697c69
SHA5127ead7c90ba931c87fe6589922e42f5610da4f58daaea319cbf4cf4602043a9b7bd997e89aaf120cf5573711f6f75a353a4d3267b2fa510969ccc1e8fbe0a8eaa
-
Filesize
107KB
MD57efd25df5a97667f4f660f1149e28921
SHA182bbca2c48678793c2f3a47b8b40823c32ba8f56
SHA2562a269099a63ed89f33d3af3609b07162007cd5c8369917cd6f9bb2fccd1c7a76
SHA512956ffa046872b6d145a7c3388e736809be95e2b276f071dea8c1e22803527b98d152ae3f73f8979821a709b867189ee3ebd90c7c240c5dc8346bf2f449830459
-
Filesize
107KB
MD521254ecfa758cf1fc8b8d37c53861dab
SHA1d7493586cbb7ba0dc3f984b35e1d0dfe3378649c
SHA256e549f60a8b5485fab4fc8ec905d306b49dffbce521267da8bfeaabf581176ef3
SHA51221db8434bd684e703eedefdf67676a6c2aecf49e096a19ff96ca2b209ce4640c8f28e686fcf390c0654328024abdef549e3546e3716501ca37ae3cb329f27a76
-
Filesize
50KB
MD56a2f8961c75ff474d6e62f87d2ae700e
SHA16322a924e3e533a5fd556cec52c2e4f4c0580464
SHA25683d06c3c2c9e52b7703409b33900e86f6954e4946dc475ce7538a86b76f94c9f
SHA5126aa3badee9e9d2637eed62c4c582c630cd0bb5b9b622f025b10f7435fd10d7934857f2470e70de80e3c20e1d04681d48d82041ce324febe1ba258677b2b195c1
-
Filesize
40KB
MD52149a6f83bd5ada02f9c4e66e1f16378
SHA17ed873b29c8088a704ec57c59a5e5847051e9a9b
SHA2565b861e755afb702beaf86d00148acd272bef338e5f6bfd23d4e95ace55f6f6b5
SHA51218782ffbfe29159d509258db437029381cf2a483bd677ac7a71c1d27462a76f9aa754f45606e292fdd48d401c18954a3532066c4e0c8600e03bf538b5987d920
-
Filesize
184KB
MD51a4244d8d15916c458745b86d5d93aa6
SHA183bdfea695fecbe66b4936f0a28173810bf7a584
SHA25618960f77dac0fb8902306863b55bf8e7f98842217b7b70e1bb7a93a644551149
SHA5122a6b579bc74d3d7767f934664a6622d7d54cdd0b00a701ddfa055b3c87216998c6c321860d3b01501b272ae736b550e10c665dbab052aa7ca2c1a1726930b00e