Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

6

119300684b...18.apk

android-9-x86

7

119300684b...18.apk

android-11-x64

7

global.apk

android-9-x86

1

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    04/10/2024, 03:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    119300684b3f52766ba3ad2def413866_JaffaCakes118.apk

  • Size

    5.3MB

  • MD5

    119300684b3f52766ba3ad2def413866

  • SHA1

    15da22bcc9459907374acb9d57de4058ef7fd4db

  • SHA256

    3bf3399a685e0aec6ce84e5a6c09fb6b686bb48cd01abe77c5daf15bddac3775

  • SHA512

    14eae855064f0d25dc4b18fe618d7a41951061d63116cf9ccb01a2a0526d71ddeffc773619a066bf02ce650f94988bce08effe6c8b1ef748daf235481c3e9304

  • SSDEEP

    98304:wV8V8hYtfVcVcF1m2MqJ2tQMSEBhWIa/cJBJ0XdbLRSbj40j7iscraCpR:wWnxm2MpVdBha/cJBWBLBQ7iscGo

Score
7/10
bankerdiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about active data network 1 TTPs 2 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
    persistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs
    impact

Processes

  • com.qihoo.gameunion
    1⤵
    • Loads dropped Dex/Jar
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4313
    • chmod 777 /storage/emulated/0/gameunion/.cache/icon
      2⤵
        PID:4345
      • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.qihoo.gameunion/files/patchs/global.jar --output-vdex-fd=76 --oat-fd=77 --oat-location=/data/user/0/com.qihoo.gameunion/files/patchs/oat/x86/global.odex --compiler-filter=quicken --class-loader-context=&
        2⤵
        • Loads dropped Dex/Jar
        PID:4496
    • com.qihoo.gameunion:remote
      1⤵
      • Queries information about running processes on the device
      • Queries information about active data network
      • Registers a broadcast receiver at runtime (usually for listening for system events)
      • Uses Crypto APIs (Might try to encrypt user data)
      PID:4370
    • com.qihoo360.accounts
      1⤵
      • Registers a broadcast receiver at runtime (usually for listening for system events)
      • Uses Crypto APIs (Might try to encrypt user data)
      PID:4393

    Network

    MITRE ATT&CK Mobile v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/com.qihoo.gameunion/databases/gameunion.db
      Filesize

      4KB

      MD5

      f2b4b0190b9f384ca885f0c8c9b14700

      SHA1

      934ff2646757b5b6e7f20f6a0aa76c7f995d9361

      SHA256

      0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

      SHA512

      ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

      Download Submit

    • /data/data/com.qihoo.gameunion/databases/gameunion.db-journal
      Filesize

      512B

      MD5

      8b0681736cc17feca88f89aed5d0411f

      SHA1

      b7728664c07500bdac12343b377b26725796d397

      SHA256

      185f628a6ba3cf837f92e32593f11d9e9bad0029fa3a7c2c351f4f253668414a

      SHA512

      1b839b4737c583ddf330b6374712f8dc9f568ccd10ca4929a74e66baabdcf5d37b7d7b4a320d04940cd88c71a65c51e68e0e7de86566f926702cd26daa105684

      Download Submit

    • /data/data/com.qihoo.gameunion/databases/gameunion.db-shm
      Filesize

      32KB

      MD5

      bb7df04e1b0a2570657527a7e108ae23

      SHA1

      5188431849b4613152fd7bdba6a3ff0a4fd6424b

      SHA256

      c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

      SHA512

      768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

      Download Submit

    • /data/data/com.qihoo.gameunion/databases/gameunion.db-wal
      Filesize

      120KB

      MD5

      88288d6b7ce684e0d69527f70b6dc958

      SHA1

      6051df4c9900098967679a608d767d97028b11fb

      SHA256

      75d255d23c76ee9524ba8b61478594a0c991104761fd543d25a376709c684104

      SHA512

      1d2d136885b9d9d63be9db47d23a3dce66a9082966ca587f556b92a67d4216abb2d60efdbf8145da39a397023051a224f076b7793520bf35ffa6ac834ac374f1

      Download Submit

    • /data/data/com.qihoo.gameunion/files/frameso
      Filesize

      9KB

      MD5

      2eb45cfa3c2eb6ecf9ea023e3b1c4678

      SHA1

      ce73167da8d255f2218afa20901c4987afccbe35

      SHA256

      2f6b07007b61e8005da234de1fd315a09a4df29eb8a0df8c8e766e9f2dc21ec9

      SHA512

      d85e76dadeef13368b24d20a3fd7d131d2a7a670510feaa89c47e297cc0c03b572b8d84e645832e1ea64e81773ac7752d8145862f3f1b64a683e67b55f75585a

      Download Submit

    • /data/data/com.qihoo.gameunion/files/guardian
      Filesize

      44KB

      MD5

      a7a3c05cc9854cfd64676eaf351a7a42

      SHA1

      f1d386404d891717e7a15a2601372232a1af2d07

      SHA256

      9b6db485797c0c69d2ef38eb21279748697f1c1adb89debd549173a068562dc7

      SHA512

      20d67966ad32be7cb67b69db4ea377b9eae6992f18ba2a9e60e9cd38581ec4488328a3c1bdb506744d6e0454e24762f54e661676f259fd0f97876a419897976d

      Download Submit

    • /data/data/com.qihoo.gameunion/files/libec.so
      Filesize

      17KB

      MD5

      306485692e13e1c38f9728090eecc8ca

      SHA1

      d15194d7954f649245435ec52147b4714f96a9ed

      SHA256

      54f6d16158607e4d71e1bea14b27c21aa709a2d0ac45193fc81646971bd071dc

      SHA512

      f21f6af5e825a02809fdd08c8b59eee6ee8618c6fdaca8c2c0f16986d20ec223796e6db42a928f6b5f69ed596f8c60ab00070ef7dd2b2b96cf7ad324202ca7fa

      Download Submit

    • /data/data/com.qihoo.gameunion/files/libvxproto2.so
      Filesize

      77KB

      MD5

      daa677f0ffd56023dc203265c6528fb6

      SHA1

      3cbad81fcf7af88db02bc53638594ab6b427f9c8

      SHA256

      867af5ea4baf4da0a5a0d9864d590b1e627c0ba0ff5d0321740b83d86aed015d

      SHA512

      863dc075295936fdc2183b84df1814055d2a56680b2b8f8c5854d2e9a8d7cfa9d92f3af5f1c3ac43341a798c28d89ae9174948cd4951dc1a27cf577861982019

      Download Submit

    • /data/data/com.qihoo.gameunion/files/patchs/global.jar
      Filesize

      243KB

      MD5

      c7436acadb9035cc3d628cd0f38a3f15

      SHA1

      8bc75f4401bcba16f27fda7884969822c4566ae2

      SHA256

      459c559bd00ae4b6cb880adac7f50cad36c81b3fcf647a3112d126d1684682cc

      SHA512

      568f238f722c5321501b2f078a758f54830d5cd70781cb6267a03bfff3bc55dd6a243ecd74570eb223f7af702fa455edc97ebf7877ce4258f5ea61072ebf7f50

      Download Submit

    • /data/data/com.qihoo.gameunion/files/qihoo360_accounts_cs_auth.dat
      Filesize

      2B

      MD5

      d751713988987e9331980363e24189ce

      SHA1

      97d170e1550eee4afc0af065b78cda302a97674c

      SHA256

      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

      SHA512

      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

      Download Submit

    • /data/user/0/com.qihoo.gameunion/files/patchs/global.jar
      Filesize

      50KB

      MD5

      24e6f2f7a75a43ad92654dd2f53b5e4a

      SHA1

      a6e1b959e19825cfb32713bac1c9581add411f1e

      SHA256

      e64a5be1ba4a21240a3c24d20fabc5e7b0919077515f4302cb529236dbadf451

      SHA512

      85f44c3f9881fde0045cf266ef0579c7ba9e26afdcf631c964621e79eb857a6b6445a45c5b1ea68a3dbe125c9573cafb2906db07ff13350b585b8b7853307f54

      Download Submit

    • /data/user/0/com.qihoo.gameunion/files/patchs/global.jar
      Filesize

      50KB

      MD5

      0b4d446313f703c70713d98fd24abdc4

      SHA1

      9110f98771d3dba1603f10fe43ea4eb63cb1765d

      SHA256

      7b2a11f55d0a5670e25b5790dfaca257aa8b323baba6d18a5b168b939702462e

      SHA512

      22394d66dfb6171f1e7d2f3484913be3c116b43369b1eee23fa7a6cb1bf82c3bfc3a62ce00268b76199c48b9111fd7b3348cac1f82e501544d320df46a2fb9fe

      Download Submit

    • /storage/emulated/0/Android/data/com.qihoo.gameunion/cache/uil-images/journal.tmp
      Filesize

      109KB

      MD5

      6693b24b299768fbc2147270b8a2764f

      SHA1

      760c1053e80571cad8041ad1a4e3fc1fa73560db

      SHA256

      b0261adeeec7284ff5b006786c6f0c446f9d4a3d085b394e1ab09142db4e532c

      SHA512

      f0efc53ecb3753d65c19d9beafcb9955b0214d4086476b9044b3bcfad060738d447091006d72b27037ccde88583283d8bfc50df6fdb90b3b1b60890118738977

      Download Submit