Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2b65f12fb684b54738fdbb58d9cb47b9_JaffaCakes118

  • Size

    9.7MB

  • Sample

    241009-fsjjka1dlr

  • MD5

    2b65f12fb684b54738fdbb58d9cb47b9

  • SHA1

    8e04054e31b1ee27934177b3f80a5a49eff9aae2

  • SHA256

    bc2c81e4b08c5d5b533ea95e937dddb761c2cafd548ce0c2a6a39d6048b63c07

  • SHA512

    568573e30d7e30902d328ebce59d0088587f5724eb1766f3ea67e4dcb0dad7ec471fd5b982fc790a5016d2f61ce3fcbb7180589c0e7056d05a4b302ca3e5adfc

  • SSDEEP

    196608:Bb5SOl7OjNA8UqR1rr7aDFJPSN8Q4lGrF1ToLC9eu5rJqCG0x2FCPL:2aOjNA8UqR1rr74y8Q4SFSCZjxRPL

Malware Config

Targets

    • Target

      2b65f12fb684b54738fdbb58d9cb47b9_JaffaCakes118

    • Size

      9.7MB

    • MD5

      2b65f12fb684b54738fdbb58d9cb47b9

    • SHA1

      8e04054e31b1ee27934177b3f80a5a49eff9aae2

    • SHA256

      bc2c81e4b08c5d5b533ea95e937dddb761c2cafd548ce0c2a6a39d6048b63c07

    • SHA512

      568573e30d7e30902d328ebce59d0088587f5724eb1766f3ea67e4dcb0dad7ec471fd5b982fc790a5016d2f61ce3fcbb7180589c0e7056d05a4b302ca3e5adfc

    • SSDEEP

      196608:Bb5SOl7OjNA8UqR1rr7aDFJPSN8Q4lGrF1ToLC9eu5rJqCG0x2FCPL:2aOjNA8UqR1rr74y8Q4SFSCZjxRPL

    • Checks if the Android device is rooted.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

    • Queries information about the current nearby Wi-Fi networks

      Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    • Queries the phone number (MSISDN for GSM devices)

    • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Queries information about active data network

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

    • Target

      PlayerUIApk.apk

    • Size

      137KB

    • MD5

      3f66897579c9e5730de68c839139e4ce

    • SHA1

      e9a738250bcf44a5960de6d9221ef37ab9d3ce2b

    • SHA256

      fafcd67ff9e771a1ba662aaa02c89edd7b2ff5716e7c81614b406fc954f00e9a

    • SHA512

      196c1104c8ff4bf15cf5355386a1bf390ac65c94e82802309a206981c2dd45dc832d140c04cb1e04e8bb158b503f5f6b34940761baedc2334e507e7293ada275

    • SSDEEP

      3072:O8a53lg1mvFoI4FV+UOb8v5dp32QbTpfyeAN9GKIvuV87S36:XAKWiv+UFvVlTJyeCBIM8Q6

    Score
    1/10

MITRE ATT&CK Mobile v15

Tasks