Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
136s -
max time network
133s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
-
submitted
09/10/2024, 08:22
General
-
Target
2dd5c1c7bcce6fa7a99ec1d7eaa9c408_JaffaCakes118.apk
-
Size
18.0MB
-
MD5
2dd5c1c7bcce6fa7a99ec1d7eaa9c408
-
SHA1
3a114948749b2bc2cd0695d2b3c9e203022c4214
-
SHA256
69670810206e5f88856ae31a43abffe7643e74eeb1142724017f54f9d5a78c32
-
SHA512
63f38ccc06210f04b3374a28d5a7f8a643bdb8542d37075e27ff8df2fd0310afad06807b6aec2f50d9c1415ec69cfbc60b20e3e0ecc878215293d88fab67688e
-
SSDEEP
393216:pX4xaIIgWkoVc20q680bqvA3PK7f1V/h+B0OjdbnQG6Nq1pl4JtKyaY9Dh/:KLVJoVc20q680bD/YfXZ+BVdbnQ9ol4H
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
-
Checks known Qemu files. 1 TTPs 3 IoCs
Checks for known Qemu files that exist on Android virtual device images.
-
Checks known Qemu pipes. 1 TTPs 3 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
-
Loads dropped Dex/Jar 1 TTPs 4 IoCs
Runs executable file dropped to the device during analysis.
-
Queries information about running processes on the device 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 3 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.UCMobile1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
-
logcat -d -b events -b main -v threadtime -t 5002⤵
-
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.UCMobile/app_SGLib/libsgmain_1465989620000.zip --output-vdex-fd=63 --oat-fd=64 --oat-location=/data/user/0/com.UCMobile/app_SGLib/oat/x86/libsgmain_1465989620000.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
-
com.UCMobile:push1⤵
- Checks known Qemu files.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Checks CPU information
-
logcat -d -b events -b main -v threadtime -t 5002⤵
-
-
logcat -d -b events -b main -v threadtime -t 5002⤵
-
-
com.UCMobile:push1⤵
- Checks if the Android device is rooted.
- Checks known Qemu files.
- Checks known Qemu pipes.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks CPU information
- Checks memory information
-
logcat -d -b events -b main -v threadtime -t 5002⤵
-
-
ls -l /system/xbin/su2⤵
- Checks if the Android device is rooted.
-
-
logcat -d -b events -b main -v threadtime -t 5002⤵
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
20B
MD5c2ac426042938fcc869597bb8d01a9a1
SHA1266cab78bd3be4c593ef09546a4b42682ff34a05
SHA256a264be38b3050016344a5b065b08fab32ba4bae2785193f7ea507e11e1d24173
SHA512de1ff2e0b1acaf2073d923972c0b28712968ac10ae8d545e94cb6a591b5de9b6a7712fe751876d2cda41ef53bcdfa90d0e708bc1a2a123d5ab7deeacc24d13b9
-
Filesize
68KB
MD5bf5fab25cc1276405b6ec1ff7dd44210
SHA14a288ec17c30fd2179dc44f7fb17a8a678ab8212
SHA2566f3ec464fc74d51b8bdc4fe0865bc42821041c9561c31056daa7e3c7653c629c
SHA512905218ba7147c998d2b42423b3a3ad7ea879537f0e91f8436c8b605f558ca3c09033a8f69c352f7fda53c28ae1e76ea5d8e2f9f8f885d5c28ce41652cd07af46
-
Filesize
20B
MD56af2481155f516dabfc9ad40718e8581
SHA172ff772ee00d14524d749d45a0751297d3332620
SHA256e857a55e7f24c8c22a04ae8f945650a8f955638dfa23639692a19f68f07bcac2
SHA512a3ef3b8a3850a2bb5343f75e3982aeac1eda483d4985d8f47f837dcaa83a1b7fbeed769163bd9f92056d086412d792f2d0ad877cd370c5b4e8ca114439efcefe
-
Filesize
36B
MD5abba44e5544dbfb00f0099625731ca54
SHA1773cb6d1523b0ebfcc15cb52b526ede457398455
SHA256bddc101b9d574278168e623032a1a855f8681a5be830661e4082b994d24d3d6e
SHA5124298b434d9e9ba70ce8da5dc68591bd26c873aad5af4868cde84c8d39345d963bdaa34608f440b60753b7d05e40af3a12589571aed60f038ed55c29253850791
-
Filesize
455KB
MD57435d516a4244ee1f14a09e348d20fed
SHA19d1503af9cba7a48398e713bf177ddfa06fd0520
SHA256043e74c88f8b97bf01cbfd793e5b82aaf0b8bade2ba7cf710650f05c73abb7ed
SHA512a66bb1e0e26a8ff21c4aa1ac257d71592ae2f66b58b31a4fd4654b168a577c110659b4c1ab0b43bef1dbdfc5a09bba142f3cc56fb35446cc08dc1c747140c985
-
Filesize
69KB
MD506a6e1f06ca1b22c95de3097ca99353a
SHA1e94fb8ae3bc8c1f781e88bc8f3e45190e16a1011
SHA256258b97fe53cd78832328bf9b8033a8809408a5b2c306fbcca558b72c5d29b354
SHA512ae398980793abfd745506e19ecfca01c8294a9ea836f1b81968958af06939a5169c9506c033bf3d6d6da991d2ea323f3ef727080eabb7b0b100c5756c21992eb
-
Filesize
12KB
MD5bd33b554a4a5e3aa9ff91b71ae5448ef
SHA1a17792d37e5936606f88de667217663152bc7031
SHA25650eddea7cee67f95b96988c40e59280abddc84ed0f30fb12fa0b7f446b56ed9d
SHA51224cfc36fc66a392f4acfc9e8a9914ea685e51369dea95cb78b588e148256a1b8094e5b65a3f4cf63bcb09a04c0606fb139bbbcdb2806cd220a8d102012662d18
-
Filesize
12KB
MD5e34a2481689bff0742582421c7ae2b90
SHA16710662850331d2b65ae6e9bcb5cbee5fc8a1e1f
SHA25654e67623ce8d9dbfd89bd75c096329ae26c30ce0c7ee2c838f05d276cda87623
SHA512fe7275f6ef147e0d22fd005d48d50b3fd1644847c45a3d61fd0bdfb659f69ac2edb22cca4c83ef5fb31d29407bdc0f516856ef90bd717bd01e23f5b67bb6318b
-
Filesize
8KB
MD54ae9941eda8bbc2c8952dfdd9fac67e2
SHA1fb3a717829e7eee95c2d52512d0c17bb37d45f22
SHA2569e15f3a5b69e2d796c3eb2c8ce1f84241f556044de8070340be4c533c5d37c26
SHA512b2ff2e9c4263e04953e3b4f89509f4ab44a74fe014ded513e4bcc32537f19026476002f4d02786f86c1748210d2db95e0535843fd0331eafdfec41b267573e1c
-
Filesize
11KB
MD51b0f89c6996549b93b071d6e541b5cda
SHA1594e2ff043c6cb454cf93692dd63e98cb3fddcc6
SHA2564ecd2f21dcc0660430f424c69f5d57d6e7f0656fd367dbc55b51e46579640130
SHA512a96295768798dc10adb81bed0b6d59f16f1f69b93b84fc87710f9fba2438d92816133c5905995698226edab92775414b4976f51ba365d4173c22de1fac4f5cba
-
Filesize
67KB
MD558397b087e1a690d998e274e04672e2f
SHA1a61fa4bfa36d9e62633197a1ef5d441a2e9b22a3
SHA2566a304c773761f35ebd12ed1c3134c56ed6a20a5d410daf20a9d830ff96abb7db
SHA512e31b42118c42e7310609ce68f2088c29160a9bf09c5356ac665a1fecd52b094c260225ff11f4fa8dc32887e6c65833a596078e9549b93500b7f08d3ec8eb05ab
-
Filesize
12KB
MD5d89d6500cc319265f2288f2fb1d72d5d
SHA10c46c39033fd3fe098530afbfa07f741822eb28a
SHA2560fd0e34aae95ebf3a454ce7acf68baea6f4dd9e5f0c37187c6112eb8659cdcb1
SHA5124d43f19e03f44d4e34c26bccb99f98a070c9b3b7de8206dc141e114586ba8cd091480e21bb0750ff5bf48be54dea1c386961e3c566318c0214dd4f4aa6f2ae3f
-
Filesize
12KB
MD5fd2f50ac995322df22e4752d0fc44e23
SHA19bced0cb66b5671ea6f3084bed8ada7f73db10a2
SHA25642beac91eb5cb395efbc1373a1a2a83bf4598fde05b75517793437e57f6b996e
SHA5122c89f67ea99a0b2d65ac172fb13324cab65e56218120c4ad99d60fa6d8fbbbf33c9af16f3954dbf7b0393d2b0cf1dc7ca2b9948614002f32e92d6a802c8157b9
-
Filesize
11KB
MD53943f792da2af1154e2939226b5e1e9d
SHA1edf4ca25476b5831754ac562ed97338ea85666a4
SHA256e19acc5542b69ca6ff3ffb2932ba0a9bf4fa04ff8d6246cb6ecc9b75ebff2bca
SHA512ad725918e0336820ca520b9d79c785a21fec93bd1f62e5a202482ee5280e4bd25e1641749fa6e72bd4d253b12462980581add63f82e5e4b955cd4ce7d1241a16
-
Filesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
Filesize
11KB
MD5852c2e6c7862cd4ae08e67f473efe402
SHA111b28053a202027406052d2daf86ca5dbba0ada6
SHA256dc3ca234f08acf35222df319e452ec0d9d7f11ad189c3a1791b0b2d414f3c6f2
SHA512d54f881a67cc7f0b74cf5baae7d21899e0c15444fc82eca529a3d321ef72f4cfd420d31831337eefd893685d916e4d711b1d0330fa85ca603e583fe43b564f46
-
Filesize
276B
MD5f862971700cb1194c5feb8a9a0e62b56
SHA1756478b92a7ba154510f668b906d71c709127a32
SHA256f1407b788d6e949d7e9c82ffefded7fc4e10951281f64242a681e4814b899e6a
SHA512d2e80540a319664c9be8e1796e60936851cfe02f479c0500f4d2f8a5b7aca74db177462941f348a6bac9828d2bb2a0341f8fd8683616b3f7a4f423a09f05e7e0
-
Filesize
345B
MD5b659d58202038d317ab13fe19edada4c
SHA1e7090301ea5887fb586b194e714ea3883d7cc925
SHA2560144cb54a1632ed55f7d901aa17526f1cc47b50eb0cdad55a3af70990ad5b0f9
SHA51233b66e696548bd2ec292f373c71b63dc5e0cdf6a59641f95b8e631ebae95048f458665e3fd1b4c161512d06cd762966e86da4e78647480f7c18c65609e5e72d4
-
Filesize
111B
MD5b2cffe2b69dfa2c70e99f3b17139cf3a
SHA1b7899175d4c359c1c79ca5ef2e2b4c96208e8648
SHA256ff311cd6e4b5e562ae8f0005eb576688ba0acaeb060146fbbf4c36cc8389408e
SHA51253bcaee15a685998abf8374d0c85af47caafb34dd72471a6fa3f16b47c3aa4bd251b04be1def3111173f9cbc0cda09d5bd0be12df2ff0e7bcac5f15241c8561f
-
Filesize
111B
MD50836d2ba95a3bb3e773e45ab30ecae0d
SHA1cad83c08875a93b61d818e8a6d15a9451a509ed2
SHA25668fa95653ea28c4e8b51faed4b824c844205c5d72a039a83f867fa3f67d624bc
SHA5121d778065c15a8ffc3879633026120a980f2af5ba131acc436fda9fb673ff90a7666a15d6e0fddfecce6cc3705277a91253b6ff20d64dd873fc702f305bc8eca8
-
Filesize
92KB
MD5b19d471f030a601f843d56f53580c3b7
SHA1e5c43f6450dfdbcd9eca051fe416d170e016d531
SHA256ca5aab6cc868bf22624c66912bd1d0f2bd8641c0b2bffa07cb9ae51d5fe8b310
SHA512f09fd13353ed296a0f6c421b944125638c25482b45e8e494ccdf4e52007d387d816f2bb236efdbfd650bd40063317f55b39a07b3764592d1b09cf0e093ee9918
-
Filesize
92KB
MD5b825afe79e10213903407c3732a3a73f
SHA1acd850afe2629166ac999513e6acae9e11074bb5
SHA2567ca6ea3f7fa5f6c41c5f9a75f4450b437ac3ef74390774df3b1cd625bd74b099
SHA51294159d781013a4d671686a999a714374daef64c697b8f38d7ebca6e54ee66cf607eac298c1a69745678443fe2c882806bb396c947b752d61988419800f14cbbd