Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

6

055b0eb9d0...18.apk

android-9-x86

7

055b0eb9d0...18.apk

android-13-x64

Analysis

  • max time kernel
    121s
  • max time network
    151s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    01/10/2024, 09:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    055b0eb9d03985ffcacee25e9e5c222a_JaffaCakes118.apk

  • Size

    5.9MB

  • MD5

    055b0eb9d03985ffcacee25e9e5c222a

  • SHA1

    f1fcc13baf252798712897879ffa97bd871c5270

  • SHA256

    efa30468c14f7c1b29f99169fe59e1db4a17cf1491d5ed8905a3c6bf98c2339d

  • SHA512

    fe90e2f90e5be1260fabfb3784b70922cb89d218498b95305ba9220ce44da0d0268b0f769de5e69b4e23cd49d14f4544dcd2b6529586106f820ed63b0d484f87

  • SSDEEP

    98304:UFIwLRriuuU651UVH5rL8ylCYCQDA9xwWiH00Nvm9SP1xgeWeYJ+Crlcxrpvg:eIuRriC65Ct5rLPxCQDnP4StSeWZruxy

Score
7/10
bankercollectiondiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

    collectiondiscoveryevasion
  • Acquires the wake lock 1 IoCs
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Queries information about active data network 1 TTPs 2 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.laoxinwen.app
    1⤵
    • Queries information about running processes on the device
    • Requests cell location
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    PID:4357
  • com.laoxinwen.app:pushservice
    1⤵
    • Acquires the wake lock
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4427

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.laoxinwen.app/databases/pushsdk.db-shm
    Filesize

    32KB

    MD5

    3be3fa867cc57e4fa2f521e6870db989

    SHA1

    5aefedea563ead726486a5335dc7e81d1da59311

    SHA256

    7587dec3362dd9ff4d3eddc8f74f5ff349c0432afdc0437d86cd73d5c755c693

    SHA512

    b663759f4596fc09325734080febd27965f44161d2dd62d27e925270f61c40487b5035fe76d156a26413115c1d9fb0690735de17a11470a3a37d4974afbd11b9

    Download Submit

  • /data/data/com.laoxinwen.app/databases/pushsdk.db-wal
    Filesize

    88KB

    MD5

    3a372e96d0a8982f162b2c8a364415df

    SHA1

    d043a4880afc1e7ff4dae662f37e179cb1d55469

    SHA256

    6e60c7d1089cae47a95c8f3b8316a39b12d98f4a9c71d7623c0964af581195da

    SHA512

    73ff1b68eb9b635d8776d8c26294de904c018137928381a7b491005c2deab0c977ca49e6f78d518d8fc44b68f1ee30647931df5d5252683874e166fd57bcc2cb

    Download Submit

  • /data/data/com.laoxinwen.app/files/mobclick_agent_sealed_com.laoxinwen.app
    Filesize

    563B

    MD5

    85061676c7a653f33908f9b5d31f4cd6

    SHA1

    93f01ef1fe95d6341bc136c8dec857d357fe7b26

    SHA256

    186ff617c7c55410cc314e837ff90da8a3fe3eaba2a8029110ec5c06c180dde0

    SHA512

    c308530f12eb8334513dce93a7f23f9310bbb94f45537d7e79d4e564193711385c5faa3106cf5f12d36952ed5eaae900563c081fe1a7758e5021c1f99b35d01b

    Download Submit

  • /data/data/com.laoxinwen.app/files/umeng_it.cache
    Filesize

    512B

    MD5

    3f5231ae5cc8d544aeddec9acc56572a

    SHA1

    47356028543a9d7c3f3bca12641fc9463a1ff1e2

    SHA256

    de7fd568941234f32941177098294814dbb56b9e77c2ae19cfda5e21dbe16d85

    SHA512

    a3e1eeee59699274d2971d4235416ffa5a902978b8ccd864b5686c645d9ac978a16ff44b66d2b94346cbc4d8ee567c9a98785c68831461eb7b78b1198082304a

    Download Submit

  • /storage/emulated/0/backups/.SystemConfig/.cuid
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit