Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

f297915767...18.apk

android-9-x86

10

f297915767...18.apk

android-10-x64

10

f297915767...18.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    133s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    15/12/2024, 05:53 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f2979157677fc7d394eebf9274546651_JaffaCakes118.apk

  • Size

    3.1MB

  • MD5

    f2979157677fc7d394eebf9274546651

  • SHA1

    d8bab05fb8bb87a72a6fd699b1283d4939242ee8

  • SHA256

    a8c9c4f38f72cf8cd3cd819936f1c1ea9670541ded180327f7b096a3370f2186

  • SHA512

    4527f0905e04780ac8b1a5feb34c2e76010f89566f5507a4bbf7cf45e0f6c735caddbd8ce4d66573c2e06162c4adf42123c009bbc52fe1693983e0dca3946623

  • SSDEEP

    98304:vGYQyg+2RD7fCqx+wDbgHpADqYfanqgDlZIK:vGYTgRK4gJKqYSnvhOK

Score
10/10
hydrabankercollectioncredential_accessdiscoveryevasioninfostealertrojan

Malware Config

Signatures

Processes

  • com.orkpykqr.voqdvnd
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    PID:4449

Network

  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    172.217.169.46
  • flag-us
    DNS
    gist.githubusercontent.com
    Remote address:
    1.1.1.1:53
    Request
    gist.githubusercontent.com
    IN A
    Response
    gist.githubusercontent.com
    IN A
    185.199.108.133
    gist.githubusercontent.com
    IN A
    185.199.111.133
    gist.githubusercontent.com
    IN A
    185.199.109.133
    gist.githubusercontent.com
    IN A
    185.199.110.133
  • flag-us
    GET
    https://gist.githubusercontent.com/raheemsterling444/ab254eca6a406ca073747b7b40e0c5fd/raw/helloworld.json
    Remote address:
    185.199.108.133:443
    Request
    GET /raheemsterling444/ab254eca6a406ca073747b7b40e0c5fd/raw/helloworld.json HTTP/1.1
    Authorization: 26a1b1020753576f
    Content-Type: application/json
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
    Host: gist.githubusercontent.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 404 Not Found
    Connection: keep-alive
    Content-Length: 14
    Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
    Strict-Transport-Security: max-age=31536000
    X-Content-Type-Options: nosniff
    X-Frame-Options: deny
    X-XSS-Protection: 1; mode=block
    Content-Type: text/plain; charset=utf-8
    X-GitHub-Request-Id: 0EA7:1A5337:20E7A:2D700:675E6F04
    Accept-Ranges: bytes
    Date: Sun, 15 Dec 2024 05:54:13 GMT
    Via: 1.1 varnish
    X-Served-By: cache-lon4274-LON
    X-Cache: MISS
    X-Cache-Hits: 0
    X-Timer: S1734242053.066980,VS0,VE103
    Vary: Authorization,Accept-Encoding,Origin
    Access-Control-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    X-Fastly-Request-ID: dcf809d5c3af80956bec8a7a037df779aabff690
    Expires: Sun, 15 Dec 2024 05:59:13 GMT
    Source-Age: 0
  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
    Response
    ssl.google-analytics.com
    IN A
    142.250.200.40
  • flag-us
    DNS
    ip-api.com
    Remote address:
    1.1.1.1:53
    Request
    ip-api.com
    IN A
    Response
    ip-api.com
    IN A
    208.95.112.1
  • flag-us
    GET
    http://ip-api.com/json
    Remote address:
    208.95.112.1:80
    Request
    GET /json HTTP/1.1
    Authorization: 26a1b1020753576f
    Content-Type: application/json
    User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
    Host: ip-api.com
    Connection: Keep-Alive
    Accept-Encoding: gzip
    Response
    HTTP/1.1 200 OK
    Date: Sun, 15 Dec 2024 05:54:23 GMT
    Content-Type: application/json; charset=utf-8
    Content-Length: 291
    Access-Control-Allow-Origin: *
    X-Ttl: 60
    X-Rl: 44
  • 172.217.16.238:443
    tls, https
    1.5kB
     40 B
     1
    1
  • 172.217.169.46:443
    android.apis.google.com
    tls
    5.6kB
     8.6kB
     23
    23
  • 172.217.169.46:443
    android.apis.google.com
    tls
    1.8kB
     6.0kB
     11
    11
  • 185.199.108.133:443
    https://gist.githubusercontent.com/raheemsterling444/ab254eca6a406ca073747b7b40e0c5fd/raw/helloworld.json
    tls, http
    1.5kB
     5.9kB
     12
    13

    HTTP Request

    GET https://gist.githubusercontent.com/raheemsterling444/ab254eca6a406ca073747b7b40e0c5fd/raw/helloworld.json

    HTTP Response

    404
  • 142.250.200.40:443
    ssl.google-analytics.com
    tls
    1.3kB
     6.3kB
     9
    9
  • 208.95.112.1:80
    http://ip-api.com/json
    http
    452 B
     640 B
     5
    4

    HTTP Request

    GET http://ip-api.com/json

    HTTP Response

    200
  • 142.250.187.196:443
    tls, https
    847 B
     40 B
     2
    1
  • 142.250.187.196:443
    www.google.com
    tls
    11.3kB
     12.5kB
     33
    39
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    172.217.169.46

  • 1.1.1.1:53
    gist.githubusercontent.com
    dns
    72 B
     136 B
     1
    1

    DNS Request

    gist.githubusercontent.com

    DNS Response

    185.199.108.133
    185.199.111.133
    185.199.109.133
    185.199.110.133

  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    70 B
     86 B
     1
    1

    DNS Request

    ssl.google-analytics.com

    DNS Response

    142.250.200.40

  • 1.1.1.1:53
    ip-api.com
    dns
    56 B
     72 B
     1
    1

    DNS Request

    ip-api.com

    DNS Response

    208.95.112.1

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.orkpykqr.voqdvnd/code_cache/secondary-dexes/base.apk.classes1.zip
    Filesize

    902KB

    MD5

    c8828addadb43ee1b07e4a83a414eeb9

    SHA1

    cdc3541d41fb5ec96e2a40d4c59d5b8bc8d8f3fa

    SHA256

    3d03749fe7386b7a668f17b0997caba8637e780fa1b1eeefc6f9faf9592545bc

    SHA512

    a30f057d86ed3893336c5aae922fcd50789619c52052d49b046c6e3b81158e3205daf79238f743c31a0adc242a02b9a5965bf5a95e4e932c0e61d2f94ef9a7bd

    Download Submit

  • /data/user/0/com.orkpykqr.voqdvnd/code_cache/secondary-dexes/tmp-base.apk.classes80229385026354496.zip
    Filesize

    378KB

    MD5

    5c93601a15b02a435d3f7f7deaf846a8

    SHA1

    ef48c690448a842a0d85245359366233173b96f6

    SHA256

    7acf0e6b67851e50ceb9e3211ed336cf3bcd6dd70655f82aa4b0dc9181c00de6

    SHA512

    7e8887ac9db1801b636a2a81a72e55b45e5d4e4e21b77b393027961060ebe413e28e62d0aafcdfd714da690a28503538ddf1383dff0ce327d9f3043d423ef0cb

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.