Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    140s
  • max time network
    153s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    16/10/2024, 03:06

General

  • Target

    4b27e176442efa3700cf6a6d8e957264_JaffaCakes118.apk

  • Size

    7.7MB

  • MD5

    4b27e176442efa3700cf6a6d8e957264

  • SHA1

    8cb5227d1338f62e8cf849be2299d23e677306ab

  • SHA256

    4e5c78ca2ff01ccbe8eb04335a2fb9355efec277ef69d59c42c65119093d5f48

  • SHA512

    8b39abc02fb0e6b5738a6c7db901b5cc409cb4110185a27499826875120c53824a76a535de8ee0da92413f69452110dbcbd36f6e44294c2013e3f863e050c5d9

  • SSDEEP

    196608:fQcB2t6Q/mXhWQCyrCAy/8QV81CpFcEmqvPwjsezC/SsFU:fQDT/wmAw/8r1/K2SBFU

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 2 IoCs
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries information about running processes on the device 1 TTPs 3 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Reads the content of the call log. 1 TTPs 1 IoCs
  • Requests cell location 2 TTPs 1 IoCs

    Uses Android APIs to to get current cell location.

  • Queries information about active data network 1 TTPs 2 IoCs
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

  • Reads information about phone network operator. 1 TTPs
  • Changes the wallpaper (common with ransomware activity) 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.nd.android.pandahome2
    1⤵
    • Checks if the Android device is rooted.
    • Loads dropped Dex/Jar
    • Queries information about running processes on the device
    • Reads the content of the call log.
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Changes the wallpaper (common with ransomware activity)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks memory information
    PID:4261
  • com.nd.android.pandahome2:hilauncherex_start
    1⤵
    • Queries information about running processes on the device
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4311
  • com.nd.weather.widget.WidgetService
    1⤵
    • Queries information about running processes on the device
    • Requests cell location
    • Queries information about active data network
    PID:4433

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.nd.android.pandahome2/databases/91analytics_v2.db

    Filesize

    36KB

    MD5

    e64c00a97a024b691c0941adebb532c7

    SHA1

    1ca8b9b3537a8bfb0903bf72e9506dda71caff69

    SHA256

    f1c65a4fbafd0c141804b4494712d18aeb29d3f493ee6a0f88761c5e178b11e2

    SHA512

    132905d686e7acca2e51485afe5e6a156f47a8979dd4bc164b855e6b78a236e3e77fbe659967840d8436171bfc87c40838ad99eea3a40ddcc6e2e07046df8794

  • /data/data/com.nd.android.pandahome2/databases/91analytics_v2.db

    Filesize

    36KB

    MD5

    bce410149da7a4e438bf816bbabedfdf

    SHA1

    032fb12120682109ba9ede462f9340a8e051d88d

    SHA256

    39b578a56e97e18475691e0843c68e70db13bc488b4fa62443d2f59cc92fa0fa

    SHA512

    15f5d9c68939321bc5937d026b5679971306342b58750eb549ab2607232dd1eb2a7c0497fefb2160368d25fbfc27b660c36e0b75e95d856a416185c8611e62ff

  • /data/data/com.nd.android.pandahome2/databases/91analytics_v2.db-journal

    Filesize

    512B

    MD5

    c50ea11fcec34dab0f739e2e971f64eb

    SHA1

    6f3b62dee30a765d1dc2c2525dcfbcd5691100ff

    SHA256

    1333ffbc55ccd6589f5be7230b254aec804a2ba7fdb56f2fddbfd17613686dd3

    SHA512

    0145e01742921e2cf42a585274df52f721684ce403dfb262688a28d2c585cec736921bbe0b5f16e8a2da203fe0cd09c0c73c0f4e83bfc3b36bbe4f2489ee64ed

  • /data/data/com.nd.android.pandahome2/databases/91analytics_v2.db-wal

    Filesize

    8KB

    MD5

    d614ac206e4ead70783d77313c595e48

    SHA1

    2dc2dd393a4350addbf4fb6ddcbe9fb594ef2a2a

    SHA256

    cf82f89a27c5497edd46311b7f0161de930f4c8004ca27cb440c9784b275f150

    SHA512

    d798a25c6f33d528074e2591713ff4c421dc0a4715f8ffe5f2c5b6a74e287afb837f438b36243b4757d394bc8084b2396ae7fcccc3d37d3e15bcf5dfc843000a

  • /data/data/com.nd.android.pandahome2/databases/91analytics_v2.db-wal

    Filesize

    48KB

    MD5

    cbfd83bc2fa82c839b029aab0855b531

    SHA1

    a911289c75c497b47653981d8c94ec611f6702d7

    SHA256

    26d4032501cf9bdd985c5397ad63a83b736275283720a1d64231519f5376ab9c

    SHA512

    c800c81483598ea07c24338f8186da7c8bcb74039b1e9589729fd8907077a57a14c33af3f9a835b89a3e3b131f19ba5a0e2eb79d249fd89a2615d8da54323a4b

  • /data/data/com.nd.android.pandahome2/databases/User.db-journal

    Filesize

    512B

    MD5

    3bd696c321796a47c66e5e2db269ea87

    SHA1

    b044d67e60a819013e84e6ad9b46d0f22080cc45

    SHA256

    4d70d32b95afff51025b0e7273289ecf603bc12617be52a1f90485f7bd5a75ae

    SHA512

    a2795a87fef6ecbf1ca024e2b4cd066a5bc40b21acb278f5dab0171de9cdfdab60cf78c84ae07cdaaabad8fb421a0120fe10600c85a2aa4093936ac2f053484b

  • /data/data/com.nd.android.pandahome2/databases/User.db-wal

    Filesize

    36KB

    MD5

    92580f450b22c9d7b29cdfb7842e9327

    SHA1

    0d8bd7941cdaddee1c40514e7fb7862d9f469cb3

    SHA256

    4970b4f19850cc3da14f8f07395155bb0f2833118cedcf2558314712b9f6c296

    SHA512

    e3873f5155875ab101e5b00ce6237a5fc9934ac3ec4f47e6a36f5c28511e2fd03fbb82a4fbe1f3d9eeffeeb53301b3364e78a114d6e1ad407b27fdcd0f3f2419

  • /data/data/com.nd.android.pandahome2/databases/app.db

    Filesize

    72KB

    MD5

    9584ebc23ee6cd5d04d4127f7499c75f

    SHA1

    7150cce3ae9947b0df48badce7ebd06ff1e430a0

    SHA256

    67693ddd403e31787cb5efa26d1d49023fcb36078b5f07308ea5cd49911baa85

    SHA512

    d501d083ff60726476592785055cf9f8df8cbfeda2a719acc634a71416d69090a76a08dd3d74d6b6774a27c712523b878496faf72fd2dccd60427e9901979136

  • /data/data/com.nd.android.pandahome2/databases/app.db-journal

    Filesize

    512B

    MD5

    7bd38487a75d79c3801f2c1abe777e25

    SHA1

    9d0759a735525f520ba321d8535d83f11009c651

    SHA256

    29574ba67c858a3f58f4c3890fa7f3ce872fa42d3f8a323cc75cc9109c1ca51e

    SHA512

    a9b84a9bf3f91727f37a22f8295a22c0d83cc8d6966a53f9571859e9024534b21e8abe1d685be05320e176d3ceba3550abb5e524c55922c214ec8a4974f7e6c8

  • /data/data/com.nd.android.pandahome2/databases/app.db-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.nd.android.pandahome2/databases/app.db-wal

    Filesize

    96KB

    MD5

    cd9b54c38c402d55c164ae899d37c635

    SHA1

    35e21f54d1a6eb2d18e102f8bac47e473cf56ba0

    SHA256

    5fffe55a33a65fc20cf96654a14e68686d1a7ad36e466c2ee7b75763fa7bdd4a

    SHA512

    68f4d8fb114675e260136694989854831adbc73357c34abb1bb36da480614b30d034d65fc34a292602dfaadd1a777d7905e2af6d4f512e1b72979e83a2a0e4ad

  • /data/data/com.nd.android.pandahome2/databases/config.db

    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

  • /data/data/com.nd.android.pandahome2/databases/config.db-journal

    Filesize

    512B

    MD5

    bc644b1e083b38e8ed848fa9cfd266b7

    SHA1

    27eddadfa02ee174be66cbd15a7ff92e9f183751

    SHA256

    914c783626c10883688c42fcf8609e5681b827c194274c64390b331440f4d995

    SHA512

    82a6d07d5e91a449b1bc67498f20191ce0606867584ec692496e01f86c72c71253bb19fd059beee9b900715347890b93dd3828eb457345a45dfe287fb65a2c6a

  • /data/data/com.nd.android.pandahome2/databases/config.db-wal

    Filesize

    96KB

    MD5

    7619b760331b53e3aa2c2c7b6a2569ee

    SHA1

    8f05081f15a5150cfbc9037a09e06d7bb47da98c

    SHA256

    3ced6da9056c1019ba11c64292e64c537cee3770f284a51b6d64d2ee650bb5b3

    SHA512

    60d62fd24cc54d27c7b7e9f35f3e4a333491fe15baa6c1a1d8a76fb067a7d42fe11c9c6752a2a59e4ee883bfdbf201a48c5c38b1f48df76a4ddefc5b05e060ff

  • /data/data/com.nd.android.pandahome2/databases/data_center.db

    Filesize

    12KB

    MD5

    3fe30614d7e0d11db870b4624f6c50e0

    SHA1

    053ff0fc621ab40f2afeddb3e7b4a73ee41ec533

    SHA256

    67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d

    SHA512

    c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

  • /data/data/com.nd.android.pandahome2/databases/data_center.db-journal

    Filesize

    512B

    MD5

    96104e519be88b487824f3dcf2e03b94

    SHA1

    e6234c277c72a1082db3e06e489f4b9200a1bb4f

    SHA256

    645a34243afe4b51b47d27d573e5ffe84c029cf430111bc4e606ecb2a95380ba

    SHA512

    ad59e9a498249688e7bf6b0a709011c796f0e1bc8ecb853de17c20601fa831ba2e11b32fb6a3286f3243b503fc28b76b3dede9f6eeffb7ce949dc2d7e1c180e3

  • /data/data/com.nd.android.pandahome2/databases/data_center.db-wal

    Filesize

    16KB

    MD5

    0cb4ad70a09177744989a5e8a069a8a4

    SHA1

    3ebb58a90ff3151ed546558e1bafd8a7146dba15

    SHA256

    d76419d032c015c49df336a25a510b03e01d8d8efd08423e7ac0f6d0db9cfd92

    SHA512

    69cfceceead26fae786321e02ca5302d57a8e63e42ab33c1e02a8dcb0e729d1efcf9b5b2867390f297505355001147b466284507c8e95a469188e6d5da98950b

  • /data/data/com.nd.android.pandahome2/databases/launcher.db-journal

    Filesize

    512B

    MD5

    f909d1f695198745491e3d663f59e8ff

    SHA1

    3a38fbd49edba1c494b192cec61072f3ea8bb055

    SHA256

    158fb08a78448310fe604dd9af29cc89aa920073de3e78488e6d5bd989f6c54d

    SHA512

    eafac5b96eca21d755b1985dbc8b3a0cfb7b111461edbdbad3c7f58119a3763e7a8a0da4cc225a34ad391b42a3ab5d9420a09593579c3b9eac9c522e6bd8861d

  • /data/data/com.nd.android.pandahome2/databases/launcher.db-wal

    Filesize

    64KB

    MD5

    835e199a9755a386c36b3b8909658548

    SHA1

    5cc63ad43eeba06ce98f661c8e12fce5b4781648

    SHA256

    d5200187dfe9aff4b0e930924ecd5236522d2461acd8528da3dc95a4e68526ec

    SHA512

    d9a80c1a109e017ca3ac065769a93431e3dbc90deacdf703c92d613ae22b5b5b033fe6f8609966ab592f51ae544b35d28836eab2c1c41a67e8a01ee492d78c1a

  • /data/data/com.nd.android.pandahome2/databases/themes.db-journal

    Filesize

    512B

    MD5

    bc1110f48c51c205a6ca14616af8c9f5

    SHA1

    4a20f123b67c7b13334c95daafa4fbab65eb406a

    SHA256

    48aaa8e31ac0fe7531bbb7c9d5a543297e0dda9f40eff83f5685ca574d31914a

    SHA512

    f1a2458db2f7ffc48250f7ff639536d21ff18a1d188f08b3b4593aea49a27857d3ef827f64997fa9ebf36f40625fff46d66d398bf420c8cf2951230114951d6f

  • /data/data/com.nd.android.pandahome2/databases/themes.db-wal

    Filesize

    52KB

    MD5

    8c1f79ab7e76d55b9d2f9c4c13470d61

    SHA1

    1235a165187f9812e3410242d01e92dd60bd08da

    SHA256

    efd369423c63e531c908998693c0915ea6a25fc0b1c2f1542e38dff74158e26d

    SHA512

    71e3adf378ff65cecdec639c9c4dd02e84f881fd74fb76e208f0165ac6ec5e6a9990ca25e71c0cc4364b6fc8f7f8b6a1f4769b96772e713286e2bde0ccb6bf20

  • /data/data/com.nd.android.pandahome2/files/channel.ini

    Filesize

    8B

    MD5

    890bf11cbb1c951863165804c85b1934

    SHA1

    8b19717d286a0e73eda16b71a9d782a6072e8f2a

    SHA256

    312320631b49c37b499398a8409e361cd03af54cc59d4bf3129bfc6aa5ed14bc

    SHA512

    d2c2882a0e77b70b76e4221f63a024c0edc421e4f0fa5311a68c14619e4cf57e1ecd366aa3fae16ea1b8ca399de118a6d45418ae264b76c49992c44df0ce11af

  • /data/system/users/0/wallpaper_orig

    Filesize

    30KB

    MD5

    e4cfe1c067de70ab221cfcb793f39fa6

    SHA1

    4b5dbea3cbf0d0fe6e475d1806fe918ce9a42646

    SHA256

    8c0d9254067906cfd57ad2b47757e9a5149a9d0990f172226a91f74be6253ab3

    SHA512

    50401c4c111501635583e0c3d2c1e55f5b871b0143c2f705bf7c0891f443abcc904ae1a6070f571018a2599797f343394c8e96e4b01a23dd7d42f95f3d575188

  • /storage/emulated/0/PandaHome2/caches/navigation/navi_card_site.txt

    Filesize

    3KB

    MD5

    14adace71e0e91482a993c6bf1698756

    SHA1

    614e2892a8a77076e935d1813c4b8c9ccf16289e

    SHA256

    eeec618629b5ea5e946c7b61bd6ce7b9dbaddb92a193376355ccf64663a9aaaf

    SHA512

    b0d0d65dbded382229556f2de57805e930e6ea2aba7ff374456506c099beab9660b9d5ddd010396789ff49b975d382c0c79c7c511141b9caf6e9964f59d0c7c1

  • /storage/emulated/0/PandaHome2/caches/navigation/navi_jrtt.txt

    Filesize

    2KB

    MD5

    75762b1d4cf1f49bd6b036b4a4d3d6ed

    SHA1

    65ebf30194b63374e40d81b40839bc694a6c8a91

    SHA256

    046739d4f217e457aa30598dde39fadf14ccb6e71cc1e8bca6c821682933da43

    SHA512

    b7fa68b5308e71c3c56f9fe7e6a21e3623aab91827cdbc2453e68e38e93870c0e5416f8365643d7093086d2c742f79f211054632f0bcc77861b47f9a94caeb4b

  • /storage/emulated/0/PandaHome2/crash/crash-2024-10-16-03-06-56-1729048016653.log

    Filesize

    1KB

    MD5

    1c95a3e0b1fe56fca8b291770f326d08

    SHA1

    333fa836cd9586ba97e8efd66c28f5fcf366c949

    SHA256

    d9d1643bd23f453a795e63a660c970d478356433e2c4489fe97a4efdaf3ef606

    SHA512

    0e5e3e2fb1d7ff486f977dd8c9902afefbeaabde432c7493f14c5e98b1d1a70bd32fa30a3b2b0b18144148cb367830394ff8b0e02ab5e78ec09789219a346292

  • /storage/emulated/0/PandaHome2/crash/crash-2024-10-16-03-07-00-1729048020184.log

    Filesize

    2KB

    MD5

    c1b9e7ce706cec9a6658dc5ff2612de0

    SHA1

    fe3bf923a6088bc133c097bfc41fa21db27bd55e

    SHA256

    80d6ddcb636f1c7b2c8d55442b8a4ea9c0706eea6f4cd75e71e3e107bc4767a0

    SHA512

    3751720be2afba1840267949c889f8fbf49ae5dade65790d20a64995bd2da2f3db7fc8e4ffde7da21a69cdb25724fe51a63a4cbf490036d470d53888937f2c6a

  • /storage/emulated/0/PandaHome2/crash/crash-2024-10-16-03-07-03-1729048023867.log

    Filesize

    2KB

    MD5

    943e6da5525843a73a2d2a4d30478b4a

    SHA1

    4c0b0bb45fe4b1808419d8919a66b83ff954f6fa

    SHA256

    973eb6c10d6ad648b57375dc493ec5a70ba5d4e3062ce7750c924887b45907ef

    SHA512

    b7051cfb28cf61554d59aad926b724c6db1dac18d53d356e692bc2889d06f7c26a958d83f8e9456761509d573565037c7abfdd916d7c2945f8b3f7805f3f82ca

  • /storage/emulated/0/PandaHome2/crash/crash-2024-10-16-03-07-05-1729048025370.log

    Filesize

    1KB

    MD5

    36926fd8620b3aaaba587764aab516fd

    SHA1

    bc529608138041fa597096a945f82eff14956058

    SHA256

    14a5358f5423815aa20a7277e3478f45833c7bb6e8e80485b22bb851d9148d5b

    SHA512

    f7689aa9e21f3ee795da2bcdda16830e06e5a048871d5d67f6008cc508b5254a21a36c46c990930034f9c168a453798c39980a301a7661bf481146c12a53acc3

  • /storage/emulated/0/PandaHome2/myphone/plugin/com.nd.hilauncherdev.plugin.navigation.jar

    Filesize

    681KB

    MD5

    07a164a37b7e286ca1226e8d3ee58cbf

    SHA1

    9cde6867d9e53767add2c53a03cfc0421010c4bd

    SHA256

    e36ee2cdc4045f32f24657051f5ef89fd3152703c5a3f7b096566a1531c6db2f

    SHA512

    8cff0fbc2cfb3ec03969f21df22ce6409450436f1c2bd61cda29d630f6fe32c63a51453a28801d27e7c1660f99fa224eae6fc7ab68a4e8fe0617149cd9509ab9

  • /storage/emulated/0/PandaHome2/myphone/plugin/com.nd.hilauncherdev.plugin.navigation.jar

    Filesize

    1.3MB

    MD5

    ea0f3a9d6c543dc2264aa030885cfba1

    SHA1

    af88830f82600cba5af2de65e4b6c83ba7f4b8cc

    SHA256

    6da1ccc90c91c890652a20dbb91d03597357514562546d528717acb005bd6046

    SHA512

    48e4a1fc8716597fa8f43e65871189023558692a965e9cc3c5ab8e87de21a141279cb34e68e3c329895b2c8308fb98da1bf9aeb8599fcae0d876d286ea3faa56

  • /storage/emulated/0/baidu/.cuid

    Filesize

    89B

    MD5

    1adda89fde45c9f8727f35463b7abba2

    SHA1

    745f259f1aa520e9bc8385ab7ee3dd42acbd4959

    SHA256

    5a672296f2a34546f120e31a0cbfb483f31496c5647cb087727c63be53784544

    SHA512

    892b7b6ad5806ce3c4c27b4f3efde68eb4469ec6910b465739e293d4f6730c0e19772ffd62ec3be77076fda8c66329afd9bdf49aca7c647f557a76d1fc8f8bc6