Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

6

2b65f12fb6...18.apk

android-9-x86

8

PlayerUIApk.apk

android-9-x86

1

PlayerUIApk.apk

android-10-x64

1

PlayerUIApk.apk

android-11-x64

1

Analysis

  • max time kernel
    138s
  • max time network
    157s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    09/10/2024, 05:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2b65f12fb684b54738fdbb58d9cb47b9_JaffaCakes118.apk

  • Size

    9.7MB

  • MD5

    2b65f12fb684b54738fdbb58d9cb47b9

  • SHA1

    8e04054e31b1ee27934177b3f80a5a49eff9aae2

  • SHA256

    bc2c81e4b08c5d5b533ea95e937dddb761c2cafd548ce0c2a6a39d6048b63c07

  • SHA512

    568573e30d7e30902d328ebce59d0088587f5724eb1766f3ea67e4dcb0dad7ec471fd5b982fc790a5016d2f61ce3fcbb7180589c0e7056d05a4b302ca3e5adfc

  • SSDEEP

    196608:Bb5SOl7OjNA8UqR1rr7aDFJPSN8Q4lGrF1ToLC9eu5rJqCG0x2FCPL:2aOjNA8UqR1rr74y8Q4SFSCZjxRPL

Score
8/10
bankerdiscoveryevasionimpactpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 4 IoCs
    evasion
  • Loads dropped Dex/Jar 1 TTPs 4 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries information about running processes on the device 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about active data network 1 TTPs 3 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
    persistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact
  • Checks CPU information 2 TTPs 4 IoCs
  • Checks memory information 2 TTPs 2 IoCs

Processes

  • com.duoduo.child.story
    1⤵
    • Checks if the Android device is rooted.
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Queries information about the current nearby Wi-Fi networks
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4250
    • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
      2⤵
        PID:4527
      • /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
        2⤵
          PID:4589
      • com.duoduo.child.story:pushservice
        1⤵
        • Loads dropped Dex/Jar
        • Queries information about running processes on the device
        • Queries information about active data network
        • Queries information about the current Wi-Fi connection
        • Registers a broadcast receiver at runtime (usually for listening for system events)
        • Checks CPU information
        PID:4287
        • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.duoduo.child.story/app_plugin/PlayerUIApk.apk --output-vdex-fd=49 --oat-fd=50 --oat-location=/data/user/0/com.duoduo.child.story/app_plugin/oat/x86/PlayerUIApk.odex --compiler-filter=quicken --class-loader-context=&
          2⤵
          • Loads dropped Dex/Jar
          PID:4361
      • com.duoduo.child.story:push
        1⤵
        • Checks if the Android device is rooted.
        • Loads dropped Dex/Jar
        • Queries information about running processes on the device
        • Queries information about active data network
        • Queries information about the current Wi-Fi connection
        • Registers a broadcast receiver at runtime (usually for listening for system events)
        • Checks CPU information
        • Checks memory information
        PID:4546
        • ls -l /system/xbin/su
          2⤵
          • Checks if the Android device is rooted.
          PID:4682
        • cat /proc/cpuinfo | grep Serial
          2⤵
          • Checks CPU information
          PID:4707

      Network

      MITRE ATT&CK Mobile v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /data/data/com.duoduo.child.story/app_plugin/PlayerUIApk.apk
        Filesize

        137KB

        MD5

        3c98e401cf984ddb44c382199a71a51d

        SHA1

        988dca0fcd26b3441cf741500394a865c086effa

        SHA256

        b86e81b2504d175d78b9dee1dd50b44e53e06ce6216136b247010e8605cb2360

        SHA512

        f09102d6c5fd5268a2aee24183411b7f24ed6f7f66a07aa77020511269fe33b6973ce6ba8d060c92147ee75883706adccfa1fe7df063a974375bdf6e0634d0da

        Download Submit

      • /data/data/com.duoduo.child.story/app_plugin/oat/PlayerUIApk.apk.cur.prof
        Filesize

        155B

        MD5

        71e581537e5b9dfa47dc9900843790ac

        SHA1

        a781270772d4a72797f68b19a2d13dc1854bff19

        SHA256

        0af756ffe42bb17b93472a1a5656ce194908018c97c4bbd4a0f058c5a5039a95

        SHA512

        36cbfcb32cc9dc310f1ec2aa3adc31762f05bae758dd21cc05f68ca2797b2475367f0fd4f4e807636f0fe6a747144b2a8ecbac0ad3501069edff57e5a0c1cb9b

        Download Submit

      • /data/data/com.duoduo.child.story/databases/UmengLocalNotificationStore.db
        Filesize

        4KB

        MD5

        f2b4b0190b9f384ca885f0c8c9b14700

        SHA1

        934ff2646757b5b6e7f20f6a0aa76c7f995d9361

        SHA256

        0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

        SHA512

        ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

        Download Submit

      • /data/data/com.duoduo.child.story/databases/UmengLocalNotificationStore.db-journal
        Filesize

        512B

        MD5

        ae5b863675ee9bd912eb051b888a230b

        SHA1

        0664755630e0251e0b69c0cca0518ed6359c1a71

        SHA256

        a2b41008261fe757894e586768379cdd7f13f18fc5955133eeed10405d204a46

        SHA512

        a909eac7a50478ecda6a43295812e60323c168ac522d9021c768bda14d1650a3bf2c841b586b7ede45568a6e3020a811add67662ca178ae0f281236b6f0e0713

        Download Submit

      • /data/data/com.duoduo.child.story/databases/UmengLocalNotificationStore.db-shm
        Filesize

        32KB

        MD5

        bb7df04e1b0a2570657527a7e108ae23

        SHA1

        5188431849b4613152fd7bdba6a3ff0a4fd6424b

        SHA256

        c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

        SHA512

        768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

        Download Submit

      • /data/data/com.duoduo.child.story/databases/UmengLocalNotificationStore.db-wal
        Filesize

        40KB

        MD5

        05675a00a2f0681e7c6b1ee6e02db93f

        SHA1

        1d312255b333b6936809d16f53e36557dec25b87

        SHA256

        6c7adf94edcc49bfec6876d918e534c2739bd667a3e8742a52382fe66f422361

        SHA512

        87949fe097c4666f3ab779fb5a96a58d771b1602cb063cc6c45c90bbfd941a9690118c41dbf22870bfcefe03463c20caf265fa6f659d0dc97d80dcdfef395ab1

        Download Submit

      • /data/data/com.duoduo.child.story/databases/duoduo_story_house.db-journal
        Filesize

        512B

        MD5

        9433f41bf584ea05ffebe2196ccb5206

        SHA1

        fbe652b27d446ac862c0f2dcd76124d85c86abda

        SHA256

        649cac1e4bd86ecb807a96ee1ea1a6b339198c7ead8687c8f872b439938e8c2a

        SHA512

        4d0c0516d989f5756c8ad25cd2b3330142363ba14a4c624be96e1d982526f67f51895d5199856c7f4263d1edcbd215a2d6df6be4b812ba91467908fb77b2b154

        Download Submit

      • /data/data/com.duoduo.child.story/databases/duoduo_story_house.db-wal
        Filesize

        44KB

        MD5

        991d809b365908da5af517b1ad1264f2

        SHA1

        bd8d4c03eaac2927bdaa75254d393324f2cc7914

        SHA256

        f4cfcb4e697bb044ac0ddbdefae5d31e4fe20597f7d0f87a5c947f78f750f525

        SHA512

        f218a37158cd04dc6e09a0efff8aadfc36af53ebeed1ff416013e82486b98dda06fc865dd9cc761e2f26d6955bef12cacb53a9760b88fc4f2568961b428d7965

        Download Submit

      • /data/data/com.duoduo.child.story/databases/pri_wxop_tencent_analysis.db-journal
        Filesize

        512B

        MD5

        a40df7783f575d347928acbbb9de43e7

        SHA1

        484876bb8f0b4c1442239baa7b6654afde7bdfab

        SHA256

        7ab3cc50877fe2cd0b12c573d3d0b4306326e9cb250c4586f76df3c1c853b1ff

        SHA512

        a6efea13063479912f122a004e11d12ff16b7872f5d79ed8194b25fe217f715383119dca94e2cbcee9e073e25762c4729904a2ae877de46dcec59f29ee8996b9

        Download Submit

      • /data/data/com.duoduo.child.story/databases/pri_wxop_tencent_analysis.db-wal
        Filesize

        56KB

        MD5

        a137528fbbb1db98c8c948f622f01c01

        SHA1

        46dfe81af67937cf75f35cb51659dccd44c6656a

        SHA256

        bc1ef6811b27824a2b834c1e8ef1eb11059c2d664ef70fd1013cd9791c5793fc

        SHA512

        7fc3572f8dd1bf1615dececaba1b7dfe7a0e37ee35671ba2f761a092b9a9bdf0ad9a7fccfc60733c85f2d8c1670b4ba524019947e033d8d8f2b06c2eb1765c30

        Download Submit

      • /data/data/com.duoduo.child.story/databases/umeng_community.db-journal
        Filesize

        512B

        MD5

        d4a7c6a03309ec05ce483bd2624d5885

        SHA1

        3262fb79db5455097ce7db305e8cf685bf1a175c

        SHA256

        d93348feabcd165a7b51a25c0b59958ad91225b8027a73a882b580218f1e4ba0

        SHA512

        b46f95c841e99bd01b9ae4e7d50b01c627b0d7b9ce4d29d498f2f5da99caa6a680b05f680596bc2fe3deb30caeab96c8a9bcd91ed5f4fbfda7b97b784a42643a

        Download Submit

      • /data/data/com.duoduo.child.story/databases/umeng_community.db-wal
        Filesize

        181KB

        MD5

        fd13a457457a1d847134c2566cc6be95

        SHA1

        3ed594862ec4e7a8405544a03f006961ae261423

        SHA256

        4ea8a24a116a5e761db22c2d095cf3a5a643e85a3a2320335158e4d8a7e2c8c9

        SHA512

        57330ae04eea582c59e24dbedbc164fd8c92e9ef00cf3f01cde195f7857b44232875fc8f4de906ae597a7ab695a2c22a4ea7cabd9a9b10a7893c648ecbcd724a

        Download Submit

      • /data/data/com.duoduo.child.story/databases/wxop_tencent_analysis.db-journal
        Filesize

        512B

        MD5

        46fe69aae093813c6f99e488375419f2

        SHA1

        76c501bda4acb0a71c8470c3000fda8b8ae6ef24

        SHA256

        e119d09e8dd72e1ad2a33962423e710cf0ee9137e89b7fbe0e3312282a8cf4b8

        SHA512

        4c6d23a776e52f1ee2d99200ec9b9eefaee6188369d2a9951424e3821bfd33763757c81aa3393982d137e043e93f736b8a1e6e7dcdb271315987b5324a6d49d6

        Download Submit

      • /data/data/com.duoduo.child.story/databases/wxop_tencent_analysis.db-wal
        Filesize

        104KB

        MD5

        d4d1b117126b23a2a7296c362de63ea2

        SHA1

        6e8cdf731b910ea77dbeb8b2ada411d9bb80d818

        SHA256

        4d7a9ff0895feca31f21b268caf80369552103feed4430c82775df468fe31756

        SHA512

        08fd7cbc86c04d0cf883906c237d580dd0c5d6175cb68eab40da21d5cdbd060ecc4b6a409d3cb77e9038b8426bb5b4dd61ecfb8faa8d548b8b3f061232befdd1

        Download Submit

      • /data/data/com.duoduo.child.story/files/.um/um_cache_1728450568816.env
        Filesize

        706B

        MD5

        9aa6cd04d82f7abca6a87e79cd7c98b5

        SHA1

        12e2b35760c871225cf25a9a510bb6dee25adb9e

        SHA256

        ac5f1495cfb0f2f54915875cbc0372a4f0011c83a054b15be40c23a11c1dcab3

        SHA512

        0e99485dd6117212eadca7abb1b32712eb3040dc5a69fb71b5e82dcdf8badfb26eee96bf336c2a9ec1d5bfeabcf556aa921f45f7100b15bdd8e9be8515a8f8aa

        Download Submit

      • /data/data/com.duoduo.child.story/files/com.duoduo.child.story:pushservice
        Filesize

        2B

        MD5

        d751713988987e9331980363e24189ce

        SHA1

        97d170e1550eee4afc0af065b78cda302a97674c

        SHA256

        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

        SHA512

        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

        Download Submit

      • /data/data/com.duoduo.child.story/files/libsecuritysdkx-3.0.39.so.tmp
        Filesize

        327KB

        MD5

        3f3560b8cb3957ac2066c2ae587b6afe

        SHA1

        44ec56efbd17f922d211c4827cd3edc7b8fe9369

        SHA256

        cd4e1d5be6e1222b8fabd3d94fc2493c5dc47bc395fa2dea7f82f52a17ad3ee8

        SHA512

        a0a0080c1d0d98f0dfeb41dad67a813446704c5f682388b4cc8370a119ab8b9d059ab65242ffe6adc085a300e1758ad1f2d61fea319f8db1ad70409d9cb93cc1

        Download Submit

      • /data/data/com.duoduo.child.story/files/umeng_it.cache
        Filesize

        393B

        MD5

        c2e4a358c9ef83766811608bb1f1360b

        SHA1

        0ab59b148695ce3ab44f91a531208831f4a6bbe0

        SHA256

        72427b7ab9a922da377f8d03120dfa8855d2a89e49f3e5924b8f9a79223b7514

        SHA512

        961104f3cdffcedf298102eab7ae7ab714eeb1bb9bcc15704bc4100bdeb7df43d325a9e40b548af9b5ac86e5180237cb09f38de47e36a749a150b687e36a30bd

        Download Submit

      • /data/user/0/com.duoduo.child.story/app_plugin/PlayerUIApk.apk
        Filesize

        281KB

        MD5

        e351083e290976e5ca3191f0f6e1ad9a

        SHA1

        40c1d8e7a1f5d41911aeb5309b093fcb29f9c0db

        SHA256

        12b12319ad199a5cba2cf8f72344cab3cd898ed7a0f284041b94926520f0467f

        SHA512

        9b67c2db950d3a85849b69769b8ef1bc8de2d9ef2b80db9aee9a6fe038dd7d89b353ce2161af218cccad77cc5856b94bf6aa3ec0043d741cffa1104224864e35

        Download Submit

      • /data/user/0/com.duoduo.child.story/app_plugin/PlayerUIApk.apk
        Filesize

        281KB

        MD5

        752ea05f70a3122f73433fa190646478

        SHA1

        9da7b35c2b5f9fdeff2ddcdb4abfec755f3a6ead

        SHA256

        d44d9207bd5acc7e6458155c6e913e6061cb27caf34d1aa8bdc63280b0887f4e

        SHA512

        abcb0b4c9e561ba95a6e8394fd638fbfe781ac3d7025a6f5b5b1cd3c7c1bba3379bb11d434de2965548696e0dcee7aadb240717e128aa3b76af7303ccc6e97df

        Download Submit

      • /storage/emulated/0/.DataStorage/ContextData.xml
        Filesize

        111B

        MD5

        d85b4d617df9b6bc8a6007d689f7cccf

        SHA1

        6c69f7016e312dbbbf9d4c92d398afc4ec036991

        SHA256

        6a7ec572867cb5543be106ea60ac3b8daaac0938096ff97e16e65b909e3cecaf

        SHA512

        6db7735feee14b930eead4e8e42d96f9c68588112b4de02b8b36577e6e333fd3bd268844eef636e17e081c580c399e2114782237389a23adab4b9bfe346cb2c6

        Download Submit

      • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
        Filesize

        65B

        MD5

        9781ca003f10f8d0c9c1945b63fdca7f

        SHA1

        4156cf5dc8d71dbab734d25e5e1598b37a5456f4

        SHA256

        3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

        SHA512

        25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

        Download Submit

      • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
        Filesize

        111B

        MD5

        a939684150e131eff6cea500cd604b69

        SHA1

        a3442b443387a026fcd4847a5ecc93f1a5c8f0a8

        SHA256

        7e9c1170bb40363d8a589ea5e5cab2f7134dd48cae04738798a0a6a3de486767

        SHA512

        116e30ebf918d9061afcd51ece7c13c9b8bf6da59ae2f6289f23f1357d638e852f59b19198add6f8ec3d3ab1d396d9bb82999fad1e0e46e41c0332d791e87849

        Download Submit

      • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
        Filesize

        381B

        MD5

        0593d77460756044211db9e8d6d1ebd7

        SHA1

        376793d42d8bcfa63e26da5c76e69f56ae74d50c

        SHA256

        331b0de39331f3eac2bbffcca33d0f156cecfd16351055a85f702015c58cfc88

        SHA512

        6a0640d477cb47b4788f38694a632ab72ef422b32e792dce954fee94aad6bcb5a5e4cc09159cbe566f8360564b8c66285f4f86cf6c450cb375b3ccbd44ed8b37

        Download Submit

      • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
        Filesize

        381B

        MD5

        be5760d3763e7136c71a527103b0cff3

        SHA1

        f3089331dc6961be0ba92db245e090eab86f2ebc

        SHA256

        3e22799f430d404c45e6004891cea72ee08cdf5ab4679527d20f433b43d9e5d4

        SHA512

        ecbe3ee0a9f0ba5930e753418ad0e00645a9df9d71224087be5657d219a02f337e8a59cdf3a64b02a504ca94eba4bdb7e6b17c1e03976fb64aed10247935af26

        Download Submit

      • /storage/emulated/0/.UTSystemConfig/Global/Alvin2.xml
        Filesize

        381B

        MD5

        8dee20142382a52e38344ed68a8a2f2b

        SHA1

        375bba2c7e566fd609336a056a538f93ddd7bc96

        SHA256

        92ef30ba5334c633075260412dc85332cd6287788b849b6698961d035243446a

        SHA512

        ee8cf11dec5448799c6028b173dda437ffecfa0aa0b91990bea05aefcb57174fb26ad3a6cc1e8f97feccf19cba8c96801ca72c8f89ab107bf5bc6e16298aef80

        Download Submit

      • /storage/emulated/0/Android/data/com.duoduo.child.story/cache/bitmap/journal.tmp
        Filesize

        34B

        MD5

        652748fdcddea981a82f47a6847f487c

        SHA1

        172acd33e56f2dc372a0d23035a136db30315255

        SHA256

        5f530df08f4f7e36f20dfad79e6e8eac3bfb4dd5da1992dcadd8c646dd5ee765

        SHA512

        e0f0e923c992338b426eb9ac229712eda349e35e9a850423a2cde43fb2045430fc26c4d122edc563936248b41a7b38fc63e361fa7c38c481b009b8f5a66f771b

        Download Submit

      • /storage/emulated/0/DuoDuoHouse/cache/test.aac
        Filesize

        14KB

        MD5

        5bc9d569cb424f60ca236e2238f8dc16

        SHA1

        98ee40a9f4c5fabe8afee6a9c0025e81050de615

        SHA256

        a2b09fe3ea5ccc8f7d4c9a564395718cb1e0e9b993997a7d9a58f861acbe6347

        SHA512

        960ed83e7ddd4c9fb595600c8565a4dc8439874efde26465a4ffe81e6e0168e2db90f490b31930d5945acff29e9e5044c830537d67bd6241d6d0d3822258e9ba

        Download Submit

      • /storage/emulated/0/com.duoduo.child.story/asdklog_s
        Filesize

        135B

        MD5

        8efecb7aac1a48e2bb9ec4cfe6862e9b

        SHA1

        0cd1b76b8fff52511f055937b96026e8c6289c52

        SHA256

        e332e5ba72706875e429d4671fbb84ed393ac847b8dcc45e219ef6bc56ef2e42

        SHA512

        6cbe9733cbdf6ac5791fcb54895b7391fc6e5786f2269498e579bdbd58b6ff5789d353373cd7857779a19406a4b7c5f44f674c3774cd480ff2ca429b0377b006

        Download Submit