Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
8Static
static
64b27e17644...18.apk
android-9-x86
84b27e17644...18.apk
android-10-x64
8com.nd.and...me.apk
android-9-x86
1com.nd.and...me.apk
android-10-x64
1com.nd.and...me.apk
android-11-x64
1com.nd.hil...db.apk
android-9-x86
6com.nd.hil...db.apk
android-10-x64
6com.nd.hil...db.apk
android-11-x64
6Analysis
-
max time kernel
140s -
max time network
153s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
16/10/2024, 03:06
Static task
static1
Behavioral task
behavioral1
Sample
4b27e176442efa3700cf6a6d8e957264_JaffaCakes118.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
4b27e176442efa3700cf6a6d8e957264_JaffaCakes118.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
com.nd.android.widget.pandahome.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral4
Sample
com.nd.android.widget.pandahome.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral5
Sample
com.nd.android.widget.pandahome.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral6
Sample
com.nd.hilauncherdev.plugin.navigation_V_6_M_2bef0a82c4e6ca555aa36933bdb2dfdb.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral7
Sample
com.nd.hilauncherdev.plugin.navigation_V_6_M_2bef0a82c4e6ca555aa36933bdb2dfdb.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral8
Sample
com.nd.hilauncherdev.plugin.navigation_V_6_M_2bef0a82c4e6ca555aa36933bdb2dfdb.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
4b27e176442efa3700cf6a6d8e957264_JaffaCakes118.apk
-
Size
7.7MB
-
MD5
4b27e176442efa3700cf6a6d8e957264
-
SHA1
8cb5227d1338f62e8cf849be2299d23e677306ab
-
SHA256
4e5c78ca2ff01ccbe8eb04335a2fb9355efec277ef69d59c42c65119093d5f48
-
SHA512
8b39abc02fb0e6b5738a6c7db901b5cc409cb4110185a27499826875120c53824a76a535de8ee0da92413f69452110dbcbd36f6e44294c2013e3f863e050c5d9
-
SSDEEP
196608:fQcB2t6Q/mXhWQCyrCAy/8QV81CpFcEmqvPwjsezC/SsFU:fQDT/wmAw/8r1/K2SBFU
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/bin/su com.nd.android.pandahome2 /system/xbin/su com.nd.android.pandahome2 -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /storage/emulated/0/PandaHome2/myphone/plugin/com.nd.hilauncherdev.plugin.navigation.jar 4261 com.nd.android.pandahome2 -
Queries information about running processes on the device 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.nd.android.pandahome2 Framework service call android.app.IActivityManager.getRunningAppProcesses com.nd.android.pandahome2:hilauncherex_start Framework service call android.app.IActivityManager.getRunningAppProcesses com.nd.weather.widget.WidgetService -
Reads the content of the call log. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://call_log/calls com.nd.android.pandahome2 -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.nd.weather.widget.WidgetService -
Queries information about active data network 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.nd.android.pandahome2 Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.nd.weather.widget.WidgetService -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.nd.android.pandahome2 -
Reads information about phone network operator. 1 TTPs
-
Changes the wallpaper (common with ransomware activity) 1 IoCs
description ioc Process Framework service call android.app.IWallpaperManager.setWallpaper com.nd.android.pandahome2 -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.nd.android.pandahome2 Framework service call android.app.IActivityManager.registerReceiver com.nd.android.pandahome2:hilauncherex_start -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.nd.android.pandahome2 -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.nd.android.pandahome2
Processes
-
com.nd.android.pandahome21⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Reads the content of the call log.
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Changes the wallpaper (common with ransomware activity)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4261
-
com.nd.android.pandahome2:hilauncherex_start1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4311
-
com.nd.weather.widget.WidgetService1⤵
- Queries information about running processes on the device
- Requests cell location
- Queries information about active data network
PID:4433
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB
MD5e64c00a97a024b691c0941adebb532c7
SHA11ca8b9b3537a8bfb0903bf72e9506dda71caff69
SHA256f1c65a4fbafd0c141804b4494712d18aeb29d3f493ee6a0f88761c5e178b11e2
SHA512132905d686e7acca2e51485afe5e6a156f47a8979dd4bc164b855e6b78a236e3e77fbe659967840d8436171bfc87c40838ad99eea3a40ddcc6e2e07046df8794
-
Filesize
36KB
MD5bce410149da7a4e438bf816bbabedfdf
SHA1032fb12120682109ba9ede462f9340a8e051d88d
SHA25639b578a56e97e18475691e0843c68e70db13bc488b4fa62443d2f59cc92fa0fa
SHA51215f5d9c68939321bc5937d026b5679971306342b58750eb549ab2607232dd1eb2a7c0497fefb2160368d25fbfc27b660c36e0b75e95d856a416185c8611e62ff
-
Filesize
512B
MD5c50ea11fcec34dab0f739e2e971f64eb
SHA16f3b62dee30a765d1dc2c2525dcfbcd5691100ff
SHA2561333ffbc55ccd6589f5be7230b254aec804a2ba7fdb56f2fddbfd17613686dd3
SHA5120145e01742921e2cf42a585274df52f721684ce403dfb262688a28d2c585cec736921bbe0b5f16e8a2da203fe0cd09c0c73c0f4e83bfc3b36bbe4f2489ee64ed
-
Filesize
8KB
MD5d614ac206e4ead70783d77313c595e48
SHA12dc2dd393a4350addbf4fb6ddcbe9fb594ef2a2a
SHA256cf82f89a27c5497edd46311b7f0161de930f4c8004ca27cb440c9784b275f150
SHA512d798a25c6f33d528074e2591713ff4c421dc0a4715f8ffe5f2c5b6a74e287afb837f438b36243b4757d394bc8084b2396ae7fcccc3d37d3e15bcf5dfc843000a
-
Filesize
48KB
MD5cbfd83bc2fa82c839b029aab0855b531
SHA1a911289c75c497b47653981d8c94ec611f6702d7
SHA25626d4032501cf9bdd985c5397ad63a83b736275283720a1d64231519f5376ab9c
SHA512c800c81483598ea07c24338f8186da7c8bcb74039b1e9589729fd8907077a57a14c33af3f9a835b89a3e3b131f19ba5a0e2eb79d249fd89a2615d8da54323a4b
-
Filesize
512B
MD53bd696c321796a47c66e5e2db269ea87
SHA1b044d67e60a819013e84e6ad9b46d0f22080cc45
SHA2564d70d32b95afff51025b0e7273289ecf603bc12617be52a1f90485f7bd5a75ae
SHA512a2795a87fef6ecbf1ca024e2b4cd066a5bc40b21acb278f5dab0171de9cdfdab60cf78c84ae07cdaaabad8fb421a0120fe10600c85a2aa4093936ac2f053484b
-
Filesize
36KB
MD592580f450b22c9d7b29cdfb7842e9327
SHA10d8bd7941cdaddee1c40514e7fb7862d9f469cb3
SHA2564970b4f19850cc3da14f8f07395155bb0f2833118cedcf2558314712b9f6c296
SHA512e3873f5155875ab101e5b00ce6237a5fc9934ac3ec4f47e6a36f5c28511e2fd03fbb82a4fbe1f3d9eeffeeb53301b3364e78a114d6e1ad407b27fdcd0f3f2419
-
Filesize
72KB
MD59584ebc23ee6cd5d04d4127f7499c75f
SHA17150cce3ae9947b0df48badce7ebd06ff1e430a0
SHA25667693ddd403e31787cb5efa26d1d49023fcb36078b5f07308ea5cd49911baa85
SHA512d501d083ff60726476592785055cf9f8df8cbfeda2a719acc634a71416d69090a76a08dd3d74d6b6774a27c712523b878496faf72fd2dccd60427e9901979136
-
Filesize
512B
MD57bd38487a75d79c3801f2c1abe777e25
SHA19d0759a735525f520ba321d8535d83f11009c651
SHA25629574ba67c858a3f58f4c3890fa7f3ce872fa42d3f8a323cc75cc9109c1ca51e
SHA512a9b84a9bf3f91727f37a22f8295a22c0d83cc8d6966a53f9571859e9024534b21e8abe1d685be05320e176d3ceba3550abb5e524c55922c214ec8a4974f7e6c8
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
96KB
MD5cd9b54c38c402d55c164ae899d37c635
SHA135e21f54d1a6eb2d18e102f8bac47e473cf56ba0
SHA2565fffe55a33a65fc20cf96654a14e68686d1a7ad36e466c2ee7b75763fa7bdd4a
SHA51268f4d8fb114675e260136694989854831adbc73357c34abb1bb36da480614b30d034d65fc34a292602dfaadd1a777d7905e2af6d4f512e1b72979e83a2a0e4ad
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5bc644b1e083b38e8ed848fa9cfd266b7
SHA127eddadfa02ee174be66cbd15a7ff92e9f183751
SHA256914c783626c10883688c42fcf8609e5681b827c194274c64390b331440f4d995
SHA51282a6d07d5e91a449b1bc67498f20191ce0606867584ec692496e01f86c72c71253bb19fd059beee9b900715347890b93dd3828eb457345a45dfe287fb65a2c6a
-
Filesize
96KB
MD57619b760331b53e3aa2c2c7b6a2569ee
SHA18f05081f15a5150cfbc9037a09e06d7bb47da98c
SHA2563ced6da9056c1019ba11c64292e64c537cee3770f284a51b6d64d2ee650bb5b3
SHA51260d62fd24cc54d27c7b7e9f35f3e4a333491fe15baa6c1a1d8a76fb067a7d42fe11c9c6752a2a59e4ee883bfdbf201a48c5c38b1f48df76a4ddefc5b05e060ff
-
Filesize
12KB
MD53fe30614d7e0d11db870b4624f6c50e0
SHA1053ff0fc621ab40f2afeddb3e7b4a73ee41ec533
SHA25667c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d
SHA512c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae
-
Filesize
512B
MD596104e519be88b487824f3dcf2e03b94
SHA1e6234c277c72a1082db3e06e489f4b9200a1bb4f
SHA256645a34243afe4b51b47d27d573e5ffe84c029cf430111bc4e606ecb2a95380ba
SHA512ad59e9a498249688e7bf6b0a709011c796f0e1bc8ecb853de17c20601fa831ba2e11b32fb6a3286f3243b503fc28b76b3dede9f6eeffb7ce949dc2d7e1c180e3
-
Filesize
16KB
MD50cb4ad70a09177744989a5e8a069a8a4
SHA13ebb58a90ff3151ed546558e1bafd8a7146dba15
SHA256d76419d032c015c49df336a25a510b03e01d8d8efd08423e7ac0f6d0db9cfd92
SHA51269cfceceead26fae786321e02ca5302d57a8e63e42ab33c1e02a8dcb0e729d1efcf9b5b2867390f297505355001147b466284507c8e95a469188e6d5da98950b
-
Filesize
512B
MD5f909d1f695198745491e3d663f59e8ff
SHA13a38fbd49edba1c494b192cec61072f3ea8bb055
SHA256158fb08a78448310fe604dd9af29cc89aa920073de3e78488e6d5bd989f6c54d
SHA512eafac5b96eca21d755b1985dbc8b3a0cfb7b111461edbdbad3c7f58119a3763e7a8a0da4cc225a34ad391b42a3ab5d9420a09593579c3b9eac9c522e6bd8861d
-
Filesize
64KB
MD5835e199a9755a386c36b3b8909658548
SHA15cc63ad43eeba06ce98f661c8e12fce5b4781648
SHA256d5200187dfe9aff4b0e930924ecd5236522d2461acd8528da3dc95a4e68526ec
SHA512d9a80c1a109e017ca3ac065769a93431e3dbc90deacdf703c92d613ae22b5b5b033fe6f8609966ab592f51ae544b35d28836eab2c1c41a67e8a01ee492d78c1a
-
Filesize
512B
MD5bc1110f48c51c205a6ca14616af8c9f5
SHA14a20f123b67c7b13334c95daafa4fbab65eb406a
SHA25648aaa8e31ac0fe7531bbb7c9d5a543297e0dda9f40eff83f5685ca574d31914a
SHA512f1a2458db2f7ffc48250f7ff639536d21ff18a1d188f08b3b4593aea49a27857d3ef827f64997fa9ebf36f40625fff46d66d398bf420c8cf2951230114951d6f
-
Filesize
52KB
MD58c1f79ab7e76d55b9d2f9c4c13470d61
SHA11235a165187f9812e3410242d01e92dd60bd08da
SHA256efd369423c63e531c908998693c0915ea6a25fc0b1c2f1542e38dff74158e26d
SHA51271e3adf378ff65cecdec639c9c4dd02e84f881fd74fb76e208f0165ac6ec5e6a9990ca25e71c0cc4364b6fc8f7f8b6a1f4769b96772e713286e2bde0ccb6bf20
-
Filesize
8B
MD5890bf11cbb1c951863165804c85b1934
SHA18b19717d286a0e73eda16b71a9d782a6072e8f2a
SHA256312320631b49c37b499398a8409e361cd03af54cc59d4bf3129bfc6aa5ed14bc
SHA512d2c2882a0e77b70b76e4221f63a024c0edc421e4f0fa5311a68c14619e4cf57e1ecd366aa3fae16ea1b8ca399de118a6d45418ae264b76c49992c44df0ce11af
-
Filesize
30KB
MD5e4cfe1c067de70ab221cfcb793f39fa6
SHA14b5dbea3cbf0d0fe6e475d1806fe918ce9a42646
SHA2568c0d9254067906cfd57ad2b47757e9a5149a9d0990f172226a91f74be6253ab3
SHA51250401c4c111501635583e0c3d2c1e55f5b871b0143c2f705bf7c0891f443abcc904ae1a6070f571018a2599797f343394c8e96e4b01a23dd7d42f95f3d575188
-
Filesize
3KB
MD514adace71e0e91482a993c6bf1698756
SHA1614e2892a8a77076e935d1813c4b8c9ccf16289e
SHA256eeec618629b5ea5e946c7b61bd6ce7b9dbaddb92a193376355ccf64663a9aaaf
SHA512b0d0d65dbded382229556f2de57805e930e6ea2aba7ff374456506c099beab9660b9d5ddd010396789ff49b975d382c0c79c7c511141b9caf6e9964f59d0c7c1
-
Filesize
2KB
MD575762b1d4cf1f49bd6b036b4a4d3d6ed
SHA165ebf30194b63374e40d81b40839bc694a6c8a91
SHA256046739d4f217e457aa30598dde39fadf14ccb6e71cc1e8bca6c821682933da43
SHA512b7fa68b5308e71c3c56f9fe7e6a21e3623aab91827cdbc2453e68e38e93870c0e5416f8365643d7093086d2c742f79f211054632f0bcc77861b47f9a94caeb4b
-
Filesize
1KB
MD51c95a3e0b1fe56fca8b291770f326d08
SHA1333fa836cd9586ba97e8efd66c28f5fcf366c949
SHA256d9d1643bd23f453a795e63a660c970d478356433e2c4489fe97a4efdaf3ef606
SHA5120e5e3e2fb1d7ff486f977dd8c9902afefbeaabde432c7493f14c5e98b1d1a70bd32fa30a3b2b0b18144148cb367830394ff8b0e02ab5e78ec09789219a346292
-
Filesize
2KB
MD5c1b9e7ce706cec9a6658dc5ff2612de0
SHA1fe3bf923a6088bc133c097bfc41fa21db27bd55e
SHA25680d6ddcb636f1c7b2c8d55442b8a4ea9c0706eea6f4cd75e71e3e107bc4767a0
SHA5123751720be2afba1840267949c889f8fbf49ae5dade65790d20a64995bd2da2f3db7fc8e4ffde7da21a69cdb25724fe51a63a4cbf490036d470d53888937f2c6a
-
Filesize
2KB
MD5943e6da5525843a73a2d2a4d30478b4a
SHA14c0b0bb45fe4b1808419d8919a66b83ff954f6fa
SHA256973eb6c10d6ad648b57375dc493ec5a70ba5d4e3062ce7750c924887b45907ef
SHA512b7051cfb28cf61554d59aad926b724c6db1dac18d53d356e692bc2889d06f7c26a958d83f8e9456761509d573565037c7abfdd916d7c2945f8b3f7805f3f82ca
-
Filesize
1KB
MD536926fd8620b3aaaba587764aab516fd
SHA1bc529608138041fa597096a945f82eff14956058
SHA25614a5358f5423815aa20a7277e3478f45833c7bb6e8e80485b22bb851d9148d5b
SHA512f7689aa9e21f3ee795da2bcdda16830e06e5a048871d5d67f6008cc508b5254a21a36c46c990930034f9c168a453798c39980a301a7661bf481146c12a53acc3
-
Filesize
681KB
MD507a164a37b7e286ca1226e8d3ee58cbf
SHA19cde6867d9e53767add2c53a03cfc0421010c4bd
SHA256e36ee2cdc4045f32f24657051f5ef89fd3152703c5a3f7b096566a1531c6db2f
SHA5128cff0fbc2cfb3ec03969f21df22ce6409450436f1c2bd61cda29d630f6fe32c63a51453a28801d27e7c1660f99fa224eae6fc7ab68a4e8fe0617149cd9509ab9
-
Filesize
1.3MB
MD5ea0f3a9d6c543dc2264aa030885cfba1
SHA1af88830f82600cba5af2de65e4b6c83ba7f4b8cc
SHA2566da1ccc90c91c890652a20dbb91d03597357514562546d528717acb005bd6046
SHA51248e4a1fc8716597fa8f43e65871189023558692a965e9cc3c5ab8e87de21a141279cb34e68e3c329895b2c8308fb98da1bf9aeb8599fcae0d876d286ea3faa56
-
Filesize
89B
MD51adda89fde45c9f8727f35463b7abba2
SHA1745f259f1aa520e9bc8385ab7ee3dd42acbd4959
SHA2565a672296f2a34546f120e31a0cbfb483f31496c5647cb087727c63be53784544
SHA512892b7b6ad5806ce3c4c27b4f3efde68eb4469ec6910b465739e293d4f6730c0e19772ffd62ec3be77076fda8c66329afd9bdf49aca7c647f557a76d1fc8f8bc6