Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
153s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
04/10/2024, 03:04
Static task
static1
Behavioral task
behavioral1
Sample
119300684b3f52766ba3ad2def413866_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
119300684b3f52766ba3ad2def413866_JaffaCakes118.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral3
Sample
global.apk
Resource
android-x86-arm-20240624-en
General
-
Target
119300684b3f52766ba3ad2def413866_JaffaCakes118.apk
-
Size
5.3MB
-
MD5
119300684b3f52766ba3ad2def413866
-
SHA1
15da22bcc9459907374acb9d57de4058ef7fd4db
-
SHA256
3bf3399a685e0aec6ce84e5a6c09fb6b686bb48cd01abe77c5daf15bddac3775
-
SHA512
14eae855064f0d25dc4b18fe618d7a41951061d63116cf9ccb01a2a0526d71ddeffc773619a066bf02ce650f94988bce08effe6c8b1ef748daf235481c3e9304
-
SSDEEP
98304:wV8V8hYtfVcVcF1m2MqJ2tQMSEBhWIa/cJBJ0XdbLRSbj40j7iscraCpR:wWnxm2MpVdBha/cJBWBLBQ7iscGo
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.qihoo.gameunion/files/patchs/global.jar 4642 com.qihoo.gameunion -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.qihoo.gameunion:remote -
Queries information about active data network 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.qihoo.gameunion Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.qihoo.gameunion:remote -
Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.qihoo360.accounts Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.qihoo.gameunion:remote Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.qihoo.gameunion -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.qihoo360.accounts Framework API call javax.crypto.Cipher.doFinal com.qihoo.gameunion:remote Framework API call javax.crypto.Cipher.doFinal com.qihoo.gameunion
Processes
-
com.qihoo.gameunion1⤵
- Loads dropped Dex/Jar
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
PID:4642
-
com.qihoo360.accounts1⤵
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
PID:4713
-
com.qihoo.gameunion:remote1⤵
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Uses Crypto APIs (Might try to encrypt user data)
PID:4741
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
MD5190e5f6897950a1a971ba68309b35e8f
SHA159dd43a57a930708415c8c5835d114fdda3c3742
SHA2562bf8824022ec196f99e310fc89812d1891335e91b904fab27f3391b1a327389b
SHA512568dc4e68cca26163738019be07d6eb608d6369ba3f546c2a3dc2607826a0de77be4336afc93bf9dcb0c9af0d1d452c7f575979a39a08fee449c9a058c546759
-
Filesize
76KB
MD5264ab98f1d8d085850040a3f4c03b2b1
SHA15b6de47426ed08ca6122fcbb8522ffdbac244a27
SHA2564c564a7d37f5866f7d2d00a695e767aa82772166525f219c0b1390e8b5c9d1cd
SHA51204b60f9d8e91eadeaffec7827f6178b58193899b068530584e3cbbc6722e24872408aaf0ff55155720054d32a7d4751b15150dea17274dd2989ba787fd78a620
-
Filesize
60KB
MD5f4d98c5ff4c350476cfaedfbab5afa52
SHA1b7d1399c480a08bcc87bd0062f2def3ba047dd6b
SHA25621d6d71b6c64dcacd0474383bea4e08a3979d876adcf0505ba23668aceaedb57
SHA512a2a5d70adc78d80fe294e35c3597edc77ca057095a6b34b7eae6cfbe2fc25a093d46cd9874d2e43a44c7826b256fa2194aef3046242c4abbae34aa7cf26957e0
-
Filesize
44KB
MD5fe557d5254a63040b847683c4da99118
SHA13520e44f9cec09eaa91379c3123f474d31578404
SHA256973d42c20353b0404729d31521331f0615a6abe0caa1b043f5669ee919bbb737
SHA512cddecb26397d2db104842de3ee2f41a885bf19f0d6ba07d87fb1b3a2a3fcf87c3c74fb4f0bd0ee96aef588fcc9f3a545e550691f8aa5d087e2dc463b57c58625
-
Filesize
8KB
MD597f5361daf9eb868fc787cf746a50aa8
SHA1d5f08749f148d5eb8932f2f500b81fb8280e1efa
SHA25602195224c6ca891b3c031637f8e1b27745cd8709f41924187313e1c5975e1763
SHA5124b6133131f7ac3c868d4de9b7f324f24bcbd44c2f9e6a4106d1359b981cc4f4a3c41316cca1570331a80dc0f8710cc91359441a56c24c92dfd494317ce1a92ac
-
Filesize
8KB
MD5dbb8452d75ebc180c3c25da27caee7e8
SHA11d1c0c01a48239c29a0f399b0c9d1dcd5e74995c
SHA25666564e009bf4ca3ce81c97fb534b1e66169e3b391c720711a60659eb9246822b
SHA512cda68a40922e6b6b83d884ead24fb97f0ee23178a63773114901a7415c9b3a27adac433f4580a425472099724aeceacf3846ef6f3a6658b437911187a26ae2dc
-
Filesize
109KB
MD5dd9a1d4b314f3b06a529b341e9d7a690
SHA1dc4ccece640cd446ca82d44fd42a015209c8bccf
SHA25694053344f103f19e2124ee046ce44906ba15c3afe319ba68b735d274bbd7f77d
SHA512b4cc5baa12e4966229f62c0dbed2820e7b244d2f31db84c06c99dbf226ec63cd3e35ec13f689daec541024bffe1030a984a6e3763805950e1efdde218a8c4681
-
Filesize
8KB
MD5d04aaaa7c6d853797af2243a9f886da5
SHA1f284fad8001fac35e64860549aaa6d20d639d4f2
SHA256487ead57c1b04d4624d9e4605c77308d19203077641039f6a1d276d461008619
SHA512fcd92ea1e82c9b3ad4763bfecb08f2dd6201093f0698d6cb0cc12a32c2f393fddae93343e7c466d587c6eb2ac1e4c5d8d802efdb11574ebeec5158bcf4f846d4
-
Filesize
8KB
MD5094b2afb995585a783af7eb462738ed3
SHA1425eda2552341f69fbdbdbe9ee87b7caad8527f4
SHA256aa4bbebea0301f9efc3d78a0e7be074f966ecd45f6107d3f861630e2f2a61b86
SHA51297bae387e6520dbeb6e3b769a8f6b86624527723bb9e16c58e3505e3cf4769121b1470a30e669f8c6913cd68e1ec96d7b44935e2e0992b1a0298a05addd7b36b
-
Filesize
9KB
MD573d1ca7ab34f79dfa09a28c79da8825f
SHA1edae6729168678cb083682b73ce3a104fbc87a86
SHA2560ada7290dadf19645e37bbf80e224e1ac8cf27dce6a6e593db20af49b16c7789
SHA51278a05faa19b2417097ccd7d39f8d0362592a02cc551742b5c6b09815c47a6706a167ccd3e28f4395fe73c311be512288bcafcd56f006c0503e06e58ce13262fa
-
Filesize
17KB
MD5306485692e13e1c38f9728090eecc8ca
SHA1d15194d7954f649245435ec52147b4714f96a9ed
SHA25654f6d16158607e4d71e1bea14b27c21aa709a2d0ac45193fc81646971bd071dc
SHA512f21f6af5e825a02809fdd08c8b59eee6ee8618c6fdaca8c2c0f16986d20ec223796e6db42a928f6b5f69ed596f8c60ab00070ef7dd2b2b96cf7ad324202ca7fa
-
Filesize
77KB
MD5daa677f0ffd56023dc203265c6528fb6
SHA13cbad81fcf7af88db02bc53638594ab6b427f9c8
SHA256867af5ea4baf4da0a5a0d9864d590b1e627c0ba0ff5d0321740b83d86aed015d
SHA512863dc075295936fdc2183b84df1814055d2a56680b2b8f8c5854d2e9a8d7cfa9d92f3af5f1c3ac43341a798c28d89ae9174948cd4951dc1a27cf577861982019
-
Filesize
243KB
MD59a1e24553fee1c8095b7033b200bc079
SHA1cba5991e34dd3d4861284f4d3131079d4f2e742a
SHA256b5fbbd029052215d60211187322d4af7e6d306c9474f885a50c04d82c7a98545
SHA51278f0d3acc9fe90ba422481fb8772ce2907c9800fac9db6a0ca23d65f2f20f99a76f881865dbfb2475751898379c47e5a902915d3dca4b9522ddcc67c268f60c9
-
Filesize
50KB
MD50b4d446313f703c70713d98fd24abdc4
SHA19110f98771d3dba1603f10fe43ea4eb63cb1765d
SHA2567b2a11f55d0a5670e25b5790dfaca257aa8b323baba6d18a5b168b939702462e
SHA51222394d66dfb6171f1e7d2f3484913be3c116b43369b1eee23fa7a6cb1bf82c3bfc3a62ce00268b76199c48b9111fd7b3348cac1f82e501544d320df46a2fb9fe