Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
155s -
platform
android-9_x86 -
resource
android-x86-arm-20240910-en -
resource tags
arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system -
submitted
06/01/2025, 22:02
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_3cff863140899a34e805a0b77636e66f.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
JaffaCakes118_3cff863140899a34e805a0b77636e66f.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
JaffaCakes118_3cff863140899a34e805a0b77636e66f.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
JaffaCakes118_3cff863140899a34e805a0b77636e66f.apk
-
Size
3.3MB
-
MD5
3cff863140899a34e805a0b77636e66f
-
SHA1
ffde6e6db81a2d0af4a10a2d5d7adaaa067b2f0b
-
SHA256
2d0b157e27359bc36c31e3c3ef891964bc98b2cb66c4f95c2ffc4af7d3477e30
-
SHA512
a2e624c1f4f8f3b02be21afc008788c8c8eaa7356d510c1087921a3e239ddc42ad74dd2e9a1e6e472ef940d9d0c246d3e918a1256801be537d75599bff301e30
-
SSDEEP
98304:fmMgNNnRoZUqIUwy/FpF/R8I8evrXvUvkjmrsb3W3x:fmMgN5Ro+qIny/j8IrirW3K
Malware Config
Signatures
-
Hydra
Android banker and info stealer.
-
Hydra family
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.zgadzxkc.xluvpje/nefdajhywg/8kygofrpfhsrgfp/base.apk.xogrhjf1.rgk 4342 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.zgadzxkc.xluvpje/nefdajhywg/8kygofrpfhsrgfp/base.apk.xogrhjf1.rgk --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.zgadzxkc.xluvpje/nefdajhywg/8kygofrpfhsrgfp/oat/x86/base.apk.xogrhjf1.odex --compiler-filter=quicken --class-loader-context=& /data/user/0/com.zgadzxkc.xluvpje/nefdajhywg/8kygofrpfhsrgfp/base.apk.xogrhjf1.rgk 4314 com.zgadzxkc.xluvpje -
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.zgadzxkc.xluvpje Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.zgadzxkc.xluvpje -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 4 ip-api.com -
Queries information about active data network 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.zgadzxkc.xluvpje -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.zgadzxkc.xluvpje -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.zgadzxkc.xluvpje
Processes
-
com.zgadzxkc.xluvpje1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4314 -
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.zgadzxkc.xluvpje/nefdajhywg/8kygofrpfhsrgfp/base.apk.xogrhjf1.rgk --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.zgadzxkc.xluvpje/nefdajhywg/8kygofrpfhsrgfp/oat/x86/base.apk.xogrhjf1.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4342
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.zgadzxkc.xluvpje/nefdajhywg/8kygofrpfhsrgfp/tmp-base.apk.xogrhjf8704070440372728011.rgk
Filesize370KB
MD5080c2b2bddb63c728449e73cda53b148
SHA1e26542320fac1b33cf415e9fab228be0141f71d4
SHA25613529f8d3cafbd7cbdeadc4b985612981a768a28d7ec7626f29c597a50c697b6
SHA512bb21272ee02bae287471c482d034eedfc526d438e9ca381397029ffbd3e064bb5d35a998387ab1527ddc1b940a2636f51b1c77b48d93b329580aae26948533ce
-
Filesize
885KB
MD57e19cb20e90ba03f62a5be14851dc778
SHA1243c3700bb02b9a60ea6003c89c75482e89b706c
SHA256a2e87285b0ae7ff9b31ea3ef40b3b3c3e3b1f73e88bc1b84c968af2f8ab57bab
SHA51224fb9214beedfe996865299bf16c64872244bb70b60a72cb63b30af3a4ca8e859bac4d75c23eefe10fa64137f6c77cc07821ce2c99e2272c1613037040ca40bb
-
Filesize
885KB
MD5eb05482adde57bc554dc8b70bd4684e2
SHA1a84ec548277ba09413718d7219ebaa73deb67898
SHA2560b29d372ef138fe91a93f67b79de4e544100d6c3e97b990a32adaa9a41d3c96a
SHA512087f14a0c98b46b05d593ea23baa0f0469174c0f8a643dcfeafd8c6011b7830f76c0cd3d5dbcb7b290f0b879dd2bcd5982faaf79f6bf42de9915a049923ef3e2