Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

6

148b18725c...18.apk

android-9-x86

8

148b18725c...18.apk

android-10-x64

8

148b18725c...18.apk

android-11-x64

8

Analysis

  • max time kernel
    148s
  • max time network
    154s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    04/10/2024, 18:51 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    148b18725c4847f02f7acbfd3638032e_JaffaCakes118.apk

  • Size

    1.3MB

  • MD5

    148b18725c4847f02f7acbfd3638032e

  • SHA1

    b3a474b01ae3bd2fb3aaa95ea7224cd77e20bab9

  • SHA256

    775603c8dce73634d44a4e4acc4c4d713e70e8243c72eb184cf016fa0b5880b3

  • SHA512

    bf2659edd7f05d2f80f3ed67e52afdc2b3d6b328fbb534737b80368cd8403c4856fe6d3241ef28d761605045c20e56891714693db006ce89b7d805a81206b5d4

  • SSDEEP

    24576:DfoL0otaYtXMPQFx71O4NcGZcv2Kn+WUjTo+4Qj8XUq/13tdHbZKm51Ob83V:sQ7YtDWccGun0j/9j8XUq/1XHNKmjbF

Score
8/10
bankercollectiondiscoveryevasionstealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Checks CPU information 2 TTPs 1 IoCs

Processes

  • com.wuhu.ffon.dafg
    1⤵
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Queries account information for other applications stored on the device
    • Queries information about running processes on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Checks CPU information
    PID:4489
  • com.wuhu.ffon.dafg:daemon
    1⤵
    • Loads dropped Dex/Jar
    PID:4553

Network

  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    172.217.169.14
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.187.206
  • flag-us
    DNS
    ip.taobao.com
    Remote address:
    1.1.1.1:53
    Request
    ip.taobao.com
    IN A
    Response
    ip.taobao.com
    IN CNAME
    na61-na62.wagbridge.alibaba.taobao.com
    na61-na62.wagbridge.alibaba.taobao.com
    IN CNAME
    na61-na62.wagbridge.alibaba.taobao.com.gds.alibabadns.com
    na61-na62.wagbridge.alibaba.taobao.com.gds.alibabadns.com
    IN A
    59.82.122.130
  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
    Response
    ssl.google-analytics.com
    IN A
    142.250.187.200
  • flag-us
    DNS
    c.ioate.com
    Remote address:
    1.1.1.1:53
    Request
    c.ioate.com
    IN A
    Response
  • flag-us
    DNS
    o.pmuro.com
    Remote address:
    1.1.1.1:53
    Request
    o.pmuro.com
    IN A
    Response
    o.pmuro.com
    IN A
    18.208.156.248
  • flag-us
    POST
    http://o.pmuro.com/api-unlock/kitup
    Remote address:
    18.208.156.248:80
    Request
    POST /api-unlock/kitup HTTP/1.1
    User-Agent: com.wuhu.ffon.dafg/1
    Accept-Encoding: gzip
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    Host: o.pmuro.com
    Connection: Keep-Alive
    Content-Length: 343
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Fri, 04 Oct 2024 18:52:04 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: close
    Set-Cookie: btst=; path=/; domain=.o.pmuro.com; Max-Age=1; Expires=Thu, 01 Jan 1970 00:00:01 GMT; HttpOnly; SameSite=Lax;
    Set-Cookie: btst=; path=/; domain=o.pmuro.com; Max-Age=1; Expires=Thu, 01 Jan 1970 00:00:01 GMT; HttpOnly; SameSite=Lax;
    Set-Cookie: btst=bce5990b974ce75f5345fbe092865fb5|138.199.29.44|1728067924|1728067924|0|1|0; path=/; domain=.pmuro.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
    Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
    Content-Encoding: gzip
  • flag-us
    POST
    http://o.pmuro.com/api-unlock/getlockappconfig
    Remote address:
    18.208.156.248:80
    Request
    POST /api-unlock/getlockappconfig HTTP/1.1
    User-Agent: com.wuhu.ffon.dafg/1
    Accept-Encoding: gzip
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    Host: o.pmuro.com
    Connection: Keep-Alive
    Content-Length: 343
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Fri, 04 Oct 2024 18:52:04 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: close
    Set-Cookie: btst=; path=/; domain=.o.pmuro.com; Max-Age=1; Expires=Thu, 01 Jan 1970 00:00:01 GMT; HttpOnly; SameSite=Lax;
    Set-Cookie: btst=; path=/; domain=o.pmuro.com; Max-Age=1; Expires=Thu, 01 Jan 1970 00:00:01 GMT; HttpOnly; SameSite=Lax;
    Set-Cookie: btst=38263cb7234b302386c58f3ccd1e9eaf|138.199.29.44|1728067924|1728067924|0|1|0; path=/; domain=.pmuro.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
    Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
    Content-Encoding: gzip
  • flag-us
    POST
    http://o.pmuro.com/api-unlock/getadlist
    Remote address:
    18.208.156.248:80
    Request
    POST /api-unlock/getadlist HTTP/1.1
    User-Agent: com.wuhu.ffon.dafg/1
    Accept-Encoding: gzip
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    Host: o.pmuro.com
    Connection: Keep-Alive
    Content-Length: 352
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Fri, 04 Oct 2024 18:52:04 GMT
    Content-Type: text/html
    Transfer-Encoding: chunked
    Connection: close
    Set-Cookie: btst=; path=/; domain=.o.pmuro.com; Max-Age=1; Expires=Thu, 01 Jan 1970 00:00:01 GMT; HttpOnly; SameSite=Lax;
    Set-Cookie: btst=; path=/; domain=o.pmuro.com; Max-Age=1; Expires=Thu, 01 Jan 1970 00:00:01 GMT; HttpOnly; SameSite=Lax;
    Set-Cookie: btst=4a699762e888c9b6db52e0ceef8a6af5|138.199.29.44|1728067924|1728067924|0|1|0; path=/; domain=.pmuro.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
    Set-Cookie: snkz=138.199.29.44; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
    Content-Encoding: gzip
  • flag-us
    DNS
    alog.umeng.com
    Remote address:
    1.1.1.1:53
    Request
    alog.umeng.com
    IN A
    Response
    alog.umeng.com
    IN CNAME
    alog.umeng.com.gds.alibabadns.com
    alog.umeng.com.gds.alibabadns.com
    IN CNAME
    alog-default.umeng.com
    alog-default.umeng.com
    IN A
    223.109.148.177
    alog-default.umeng.com
    IN A
    223.109.148.130
    alog-default.umeng.com
    IN A
    223.109.148.141
    alog-default.umeng.com
    IN A
    223.109.148.179
    alog-default.umeng.com
    IN A
    223.109.148.176
    alog-default.umeng.com
    IN A
    223.109.148.178
  • flag-us
    DNS
    alog.umeng.co
    Remote address:
    1.1.1.1:53
    Request
    alog.umeng.co
    IN A
    Response
  • flag-us
    DNS
    alog.umeng.com
    Remote address:
    1.1.1.1:53
    Request
    alog.umeng.com
    IN A
    Response
    alog.umeng.com
    IN CNAME
    alog.umeng.com.gds.alibabadns.com
    alog.umeng.com.gds.alibabadns.com
    IN CNAME
    alog-default.umeng.com
    alog-default.umeng.com
    IN A
    223.109.148.177
    alog-default.umeng.com
    IN A
    223.109.148.176
    alog-default.umeng.com
    IN A
    223.109.148.178
    alog-default.umeng.com
    IN A
    223.109.148.130
    alog-default.umeng.com
    IN A
    223.109.148.179
    alog-default.umeng.com
    IN A
    223.109.148.141
  • 216.58.212.238:443
    tls, https
    695 B
     40 B
     1
    1
  • 216.58.212.238:443
    tls, https
    695 B
     40 B
     1
    1
  • 172.217.169.14:443
    android.apis.google.com
    tls
    1.1kB
     4.4kB
     9
    6
  • 142.250.187.206:443
    android.apis.google.com
    tls
    5.5kB
     8.7kB
     22
    22
  • 59.82.122.130:80
    ip.taobao.com
    420 B
     7
  • 59.82.122.130:80
    ip.taobao.com
    240 B
     4
  • 59.82.122.130:80
    ip.taobao.com
    240 B
     4
  • 59.82.122.130:80
    ip.taobao.com
    240 B
     4
  • 142.250.187.228:443
    tls, https
    842 B
     40 B
     2
    1
  • 142.250.187.228:443
    www.google.com
    tls
    11.0kB
     9.6kB
     28
    34
  • 18.208.156.248:80
    http://o.pmuro.com/api-unlock/kitup
    http
    831 B
     974 B
     5
    5

    HTTP Request

    POST http://o.pmuro.com/api-unlock/kitup

    HTTP Response

    200
  • 18.208.156.248:80
    http://o.pmuro.com/api-unlock/getlockappconfig
    http
    842 B
     974 B
     5
    5

    HTTP Request

    POST http://o.pmuro.com/api-unlock/getlockappconfig

    HTTP Response

    200
  • 18.208.156.248:80
    http://o.pmuro.com/api-unlock/getadlist
    http
    844 B
     974 B
     5
    5

    HTTP Request

    POST http://o.pmuro.com/api-unlock/getadlist

    HTTP Response

    200
  • 223.109.148.177:80
    alog.umeng.com
    240 B
     4
  • 223.109.148.130:80
    alog.umeng.com
    240 B
     4
  • 59.82.122.130:80
    ip.taobao.com
    240 B
     4
  • 223.109.148.141:80
    alog.umeng.com
    240 B
     4
  • 59.82.122.130:80
    ip.taobao.com
    240 B
     4
  • 223.109.148.179:80
    alog.umeng.com
    240 B
     4
  • 223.109.148.176:80
    alog.umeng.com
    240 B
     4
  • 59.82.122.130:80
    ip.taobao.com
    240 B
     4
  • 223.109.148.178:80
    alog.umeng.com
    240 B
     4
  • 223.109.148.177:80
    alog.umeng.com
    240 B
     4
  • 223.109.148.176:80
    alog.umeng.com
    240 B
     4
  • 223.109.148.178:80
    alog.umeng.com
    240 B
     4
  • 223.109.148.130:80
    alog.umeng.com
    180 B
     3
  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    172.217.169.14

  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.187.206

  • 1.1.1.1:53
    ip.taobao.com
    dns
    59 B
     185 B
     1
    1

    DNS Request

    ip.taobao.com

    DNS Response

    59.82.122.130

  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    70 B
     86 B
     1
    1

    DNS Request

    ssl.google-analytics.com

    DNS Response

    142.250.187.200

  • 1.1.1.1:53
    c.ioate.com
    dns
    57 B
     133 B
     1
    1

    DNS Request

    c.ioate.com

  • 1.1.1.1:53
    o.pmuro.com
    dns
    57 B
     73 B
     1
    1

    DNS Request

    o.pmuro.com

    DNS Response

    18.208.156.248

  • 1.1.1.1:53
    alog.umeng.com
    dns
    60 B
     227 B
     1
    1

    DNS Request

    alog.umeng.com

    DNS Response

    223.109.148.177
    223.109.148.130
    223.109.148.141
    223.109.148.179
    223.109.148.176
    223.109.148.178

  • 1.1.1.1:53
    alog.umeng.co
    dns
    59 B
     132 B
     1
    1

    DNS Request

    alog.umeng.co

  • 1.1.1.1:53
    alog.umeng.com
    dns
    60 B
     227 B
     1
    1

    DNS Request

    alog.umeng.com

    DNS Response

    223.109.148.177
    223.109.148.176
    223.109.148.178
    223.109.148.130
    223.109.148.179
    223.109.148.141

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.wuhu.ffon.dafg/app_mjf/ddz.jar
    Filesize

    105KB

    MD5

    23ba0b249042b7ba33e92c0199b0ea4a

    SHA1

    99b13ee9f7307316c2337953fceed87e9942b794

    SHA256

    1ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2

    SHA512

    0cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861

    Download Submit

  • /data/user/0/com.wuhu.ffon.dafg/app_mjf/dz.jar
    Filesize

    248KB

    MD5

    a54a18b58c6720991c021f433dfb2a46

    SHA1

    d2ffa07919f92b6e04914e39843f08fdb2a75b68

    SHA256

    3dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3

    SHA512

    e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc

    Download Submit

  • /data/user/0/com.wuhu.ffon.dafg/app_mjf/tdz.jar
    Filesize

    105KB

    MD5

    293ea5f01e27975bed5179ba79d80eac

    SHA1

    c5b0806a537fd1cb753e11f1a9684933317716b8

    SHA256

    8d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b

    SHA512

    c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53

    Download Submit

  • /data/user/0/com.wuhu.ffon.dafg/databases/lezzd
    Filesize

    28KB

    MD5

    fdb8a92e5060ce104e8f0faca55a47ce

    SHA1

    270d7ca30673e18cec1d2b9add71cba96dc426fe

    SHA256

    194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a

    SHA512

    ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122

    Download Submit

  • /data/user/0/com.wuhu.ffon.dafg/databases/lezzd-journal
    Filesize

    8KB

    MD5

    04955daf9f9eb9a508ee1d37381668b7

    SHA1

    67b2cb619d406a372a83265dcfce3d8b73dd4d5d

    SHA256

    3c3669f5530072df0f15f29057d2b0bc204409521aac71d364e9d136974cfae0

    SHA512

    713e1f8d9bccbd33a0af6f1cdf73d19b453d6a7b7c7f78dfbf4b4df9b9c8f95579914e4438ab643569ff0befea2ad9ed93edfbdfe02ea311ac255e82f54a5f3e

    Download Submit

  • /data/user/0/com.wuhu.ffon.dafg/databases/lezzd-journal
    Filesize

    512B

    MD5

    1b1973c310c384d09e8fc4241c07c088

    SHA1

    292096b98308af2a8d54c60884eee94e79ae8fac

    SHA256

    8fedc6015f78cdcba587fbf66134818d9f4a399b0deb88fc076c6f25814fc4f4

    SHA512

    2a20a12febee50168b69884aef95a2f740dd237f32d673d7f8eff6d84c510d0d1ab910e5c631df84d6a266d3b0fc6dac255dc76e2caf4a919d7c9962eb09bad0

    Download Submit

  • /data/user/0/com.wuhu.ffon.dafg/databases/lezzd-journal
    Filesize

    8KB

    MD5

    9ad3cbad1a0be38f3259ff5d5f7c250e

    SHA1

    e4bbed1580548f11122a326c2838477af7c2e186

    SHA256

    0a8f82faef8160f32b1ea26218d8b2634dcf5876ff99638dfdad0da932f59eaa

    SHA512

    26b9ac99d32bd058538100d770fd0a35960e9b04c6c92cde0b07a037909e912b9063b1d5aca64e201bede7db86aca606d98b097d4e51a34c3f65d64407a38077

    Download Submit

  • /data/user/0/com.wuhu.ffon.dafg/databases/lezzd-journal
    Filesize

    4KB

    MD5

    3f8ba5fe80c901db44442eff4d13f809

    SHA1

    a9ca563edbedeb6e2b3e64c15a6beb480a324a09

    SHA256

    a32f547b20d76e165963656dd1e99663f78f6efa22067d7da118abe51c4b9b07

    SHA512

    224e288656417c821e2915ceac076252b8cbbcb254bdee9dc2d8bd9e760c87151ed481ef5c34b77eb8bf15a7ecb6097f04c18d1141f5a676966e0a10b7a3b08b

    Download Submit

  • /data/user/0/com.wuhu.ffon.dafg/databases/lezzd-journal
    Filesize

    8KB

    MD5

    f4bbb2273c9a452d1cc056b8a239c42f

    SHA1

    4813f8cd1b2cd112c51fd15626cfd711437f3731

    SHA256

    7b7b8f00817dc357c2d84b898d0cfd3eba75895b4f96ea468b2225c18bf3708e

    SHA512

    4624523bd2d82d85e91bc11d23959065daef365ad5c74be00cd5fc57cdbb30b38efc0ce1c993750694d980ce7017dcb11a012c2ad6884720477854d0864978a7

    Download Submit

  • /data/user/0/com.wuhu.ffon.dafg/databases/lezzd-journal
    Filesize

    8KB

    MD5

    536ffebec862a29f1b83603a71ddebce

    SHA1

    70f9fe1a662fa7c2ea949404ec70df86bc5517a5

    SHA256

    879f8b944725430227beb880a2cc8960ef9e0e13051995754c8138347e98c71f

    SHA512

    3744eb64f255c7d9411ad84308ef69e4ab01b633090c4a05d2861ccb86a73ac63adb6458626c39c6d2976889381cded6f71d760e414d57248acacc8e6fcd131d

    Download Submit

  • /data/user/0/com.wuhu.ffon.dafg/files/.um/um_cache_1728067982467.env
    Filesize

    646B

    MD5

    97da7efb28b7a5b9bb80053a62aa1cb9

    SHA1

    144a58bdb14d44898c87244113577a4acf04e955

    SHA256

    acb900eac9398e84ea7f181c88806050151840f8fd1e051e05c3ae53b348961a

    SHA512

    499d98b04733f698f8db9df181f6430f87820edbb4cdfd3fd2e7063364810606b575b93ae7d20f70fb1415b9e03608eb103d66a1631467db7086bd501e057b7c

    Download Submit

  • /data/user/0/com.wuhu.ffon.dafg/files/.umeng/exchangeIdentity.json
    Filesize

    162B

    MD5

    c6d8a59961b19ee46601769157cef848

    SHA1

    7495e2440c8f549096bf9cd303f6a70a958eccf4

    SHA256

    b065f41dee43a54acc248e856798bd84bb21ac32ef392b0878576f711d1ca79e

    SHA512

    2990b69fcf4e1b8556184d6512992fd442a8f7ecacc1468eb1cfe7c0e81c4939f43deaa46a5aa10a9d8f67bbd4845ac6b292c292aec02e98abaf8dda36a25c4b

    Download Submit

  • /data/user/0/com.wuhu.ffon.dafg/files/umeng_it.cache
    Filesize

    348B

    MD5

    f71bda0b9c2bcd30e08856e8ca7c790d

    SHA1

    0d42e0cb407554b3cf44802951550b0ee4818700

    SHA256

    37c69dc910ffd4d40f3b624ae883de8a76cf52e6f6cf4ce2a78b387d07825591

    SHA512

    cc2818ccc49e1282926dbfe9d1ffc65a544ad6fce183b85d41c2fe882e230e001a47431f29925b042b8ec6fbe3a3bda4d92a6b2cff8243780268334f74e95d68

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.