Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
157s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
14/10/2024, 20:09
Static task
static1
Behavioral task
behavioral1
Sample
43f8e613910e21ad26fad0150fca523f_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
43f8e613910e21ad26fad0150fca523f_JaffaCakes118.apk
Resource
android-x64-20240624-en
General
-
Target
43f8e613910e21ad26fad0150fca523f_JaffaCakes118.apk
-
Size
1.3MB
-
MD5
43f8e613910e21ad26fad0150fca523f
-
SHA1
7a17643a10e6dc0f4d3d58da8475d1fbee4eda3b
-
SHA256
01b1c40231c994f14457a65db196ffedbbd1312c8b685e5ac282f6bb6ba646ac
-
SHA512
8c1ddaece0eefdbb2cff5a89ffebb1d2fef50c02b7ba9f5993c550f683e1b328771b839c83d10145e86dbad95f034161bd30f2358c37ae3516065f32f948d9f7
-
SSDEEP
24576:moL0otaYtXMjG0dJZXs+bS8oaPnDAUCxFMyjTo+38jTmhq/13tdHbZKm51Ob83F:1Q7YtsdJZJboaPDAUcFRj/MjTmhq/1X5
Malware Config
Signatures
-
pid Process 4457 com.xsfg.nwfo.cszd -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.xsfg.nwfo.cszd/app_mjf/dz.jar 4457 com.xsfg.nwfo.cszd /data/user/0/com.xsfg.nwfo.cszd/app_mjf/dz.jar 4515 com.xsfg.nwfo.cszd:daemon -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
description ioc Process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.xsfg.nwfo.cszd -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.xsfg.nwfo.cszd -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 1 IoCs
flow ioc 41 alog.umeng.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.xsfg.nwfo.cszd -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.xsfg.nwfo.cszd -
Reads information about phone network operator. 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.xsfg.nwfo.cszd
Processes
-
com.xsfg.nwfo.cszd1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Checks CPU information
PID:4457
-
com.xsfg.nwfo.cszd:daemon1⤵
- Loads dropped Dex/Jar
PID:4515
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
105KB
MD523ba0b249042b7ba33e92c0199b0ea4a
SHA199b13ee9f7307316c2337953fceed87e9942b794
SHA2561ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2
SHA5120cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861
-
Filesize
248KB
MD5a54a18b58c6720991c021f433dfb2a46
SHA1d2ffa07919f92b6e04914e39843f08fdb2a75b68
SHA2563dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3
SHA512e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc
-
Filesize
105KB
MD5293ea5f01e27975bed5179ba79d80eac
SHA1c5b0806a537fd1cb753e11f1a9684933317716b8
SHA2568d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b
SHA512c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53
-
Filesize
28KB
MD5fdb8a92e5060ce104e8f0faca55a47ce
SHA1270d7ca30673e18cec1d2b9add71cba96dc426fe
SHA256194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a
SHA512ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122
-
Filesize
8KB
MD5bed18930491b04591b4a0b287f8c7fb2
SHA1bbdfc5d4a909dd0a61a71bcadb0c38f8d0a8a59e
SHA2569c3b95c30404c8c94d2e328d1809c909722e985777dccd1698b4ff4e7b198cc6
SHA512d955910b7c35933ea295e5b2c6d1542bf3f80305adef3e5e2bf7713dc3c494f2cb94236b739deab92521c36580779e7cb6ad5e10cdadca9ca6b75176b025a989
-
Filesize
512B
MD57b14a0bf610d94a97e9239b4f2b257bc
SHA18340c93ad3085fa7280a227770eb610b5ef103a1
SHA25670fc593a5561914c440c9a938ed2962e5e302c2a6be34952ec5a0c0118caac04
SHA5127f55888b818301f67e7686fb419072e538f9a706310758af8ccd8d23a31be374e8f199f8b5cc14110d830d718a719eb3ddd6fb7f351c9d189c7874bd47e7344d
-
Filesize
8KB
MD502d732118606448b597fdc41ce659ebb
SHA15ef0311be1929e2e6dba85ce3a7b771d768df9f2
SHA25648e611a3551f9acaf577bd7d273d95250be6b72dd09484142d1131790c4769de
SHA512d9e16c3bd559cc43bffaad4d9a9c079445ca05ad8ece77e92d284be6a23f35ddda6cc0e6223eaadf95dbcdd591b1b9839a452929da78e042e495e7ddc6d14508
-
Filesize
4KB
MD5746821826eaf331d7c8440cd8f8aab60
SHA12a0f5e4f735077ddbd3419fe8252e71c6e55158e
SHA256d3e0175633ec1d9fd7ddfe29631740ad0559e77db03160256db8e0e69881aeed
SHA5125cb2c0be1137f9e31b41147cd76f7e8eb76b577f677fb07550b244d97ffc0b76c3085c0567bd9c68decea09e3e271973a059941340e2ee1adc87cfcfbf323d31
-
Filesize
8KB
MD5abcae9c6c5dcc28cdb6139dc317d88cb
SHA1c1768a9844bd0d4be7af3d5a8e4bf2add679a1ca
SHA2561945ab0eaedc28200fcc33ee8a1dbc6ddae981e70f3aa4a150dc7821201ab3dd
SHA512466182f79528dcd647df9491b5eecec27322e3cc609719d66ef3cdb68acb5f5cdf656b0811125ded778521307581b56424279de2fd8eabf0981376d8a13b6fd4
-
Filesize
8KB
MD58e094ed8887f1ad91a0e5fc0bfb07fe4
SHA1a25bedd0458f7c59a0f70d22f962974be573c7e4
SHA256364517c2cb469d9dc976455c80ff3d27c7361abfca58a75824dfdd01234ca387
SHA512500ae03e915d49110dc4eb8d1adb3cf98c408cc632934af488010cb1d388edcc4d1414d59aed55551a6616b7dfb2076228afec526f27df5eabbf6d3575464838
-
Filesize
650B
MD506170079b0807b2c70b1d3f5bfb65508
SHA1327626dcf799001c012e9375f4a3e12cf89012b6
SHA25670a6dc6e554f867510d7634c2fd0891b6fde21be0b04f79c0a66e4392836d040
SHA5124ccdedb9ce09f5202e1285d9c8adb67922d08b60446d39d1c61e0dc69ff32cad885c0269add150db4aefec06ea19ac4c970c5cb12785fd63e15bd5344134913a
-
Filesize
162B
MD55dfe662d14b8bcaecf8a1382ca810fd1
SHA109234658090a5bc9cd5b0e5f9ca9d3d1b8cbd59c
SHA25697c079118f41da37fa962f154390c62169f0fed47eee79cf5336e0b267c82fa6
SHA5123d6bd7cc1eeb77f2f552fb26ba2432f9b4f4e5a3fe170040c217cea930c30e02fcf018ee45dfab6d2f9bba13236ab3dd085162210cd80d326f37078651ea64b6
-
Filesize
352B
MD5b50c7a5979124c43dfd61be3c1889bc1
SHA1b80862c49b278519cef84e0d678867fbd3731d7e
SHA256273497eb23aca5a21fd350e8113004b2b7eb4f58a2413acc7e4d5a9aa16bb514
SHA512c1e72b2d6a5eb46948bd8a3c2aeb28cf38bf9ce724afdb46c26931804c029fdf2eb619fc8ba9015c34b8e30892a7d2ae70d2e69ab3cd5a8040d00cf69dbe919c