Analysis
-
max time kernel
151s -
max time network
165s -
platform
android_x64 -
resource
android-x64-20240221-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system -
submitted
08/04/2024, 19:00
Static task
static1
Behavioral task
behavioral1
Sample
e82e33751fdb09ecee512b721d24d97f_JaffaCakes118.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
e82e33751fdb09ecee512b721d24d97f_JaffaCakes118.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral3
Sample
gdtadv2.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral4
Sample
gdtadv2.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral5
Sample
gdtadv2.apk
Resource
android-x64-arm64-20240221-en
General
-
Target
e82e33751fdb09ecee512b721d24d97f_JaffaCakes118.apk
-
Size
5.6MB
-
MD5
e82e33751fdb09ecee512b721d24d97f
-
SHA1
8ffcc16d5684b8a439f3a1b8fdfcdf3d82dee7f7
-
SHA256
14edd2dc62f2297e929131231b02535c0e23c18150477a4e81e3a201ee66fde6
-
SHA512
5055e8e4c899494c9dda659e2597f72b90a3db5756d498df576dcb12219991f7e91926dd241fdb523a00de75d7d391cb77a3507521aa9065a1ee693050154f5e
-
SSDEEP
98304:hvAKN4bK9G5Buix2sTgcwEYWsO606mnU1kOVmCc4gnXUY+L2YKaccL0wmh4:ytg/02gBwEYWRT6mn4v+4cUY3Zan0wmy
Malware Config
Signatures
-
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.erciyuan.clock -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.erciyuan.clock -
Checks memory information 2 TTPs 4 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo com.erciyuan.clock File opened for read /proc/meminfo com.erciyuan.clock:pushservice File opened for read /proc/meminfo com.erciyuan.clock:ghosty File opened for read /proc/meminfo com.erciyuan.clock:pushservice -
Queries information about running processes on the device. 1 TTPs 4 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.erciyuan.clock:pushservice Framework service call android.app.IActivityManager.getRunningAppProcesses com.erciyuan.clock:ghosty Framework service call android.app.IActivityManager.getRunningAppProcesses com.erciyuan.clock:pushservice Framework service call android.app.IActivityManager.getRunningAppProcesses com.erciyuan.clock -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.erciyuan.clock -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.erciyuan.clock -
Uses Crypto APIs (Might try to encrypt user data) 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.erciyuan.clock:pushservice Framework API call javax.crypto.Cipher.doFinal com.erciyuan.clock:pushservice
Processes
-
com.erciyuan.clock1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device.
- Acquires the wake lock
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:5048
-
com.erciyuan.clock:pushservice1⤵
- Checks memory information
- Queries information about running processes on the device.
- Uses Crypto APIs (Might try to encrypt user data)
PID:5115
-
com.erciyuan.clock:ghosty1⤵
- Checks memory information
- Queries information about running processes on the device.
PID:5326
-
com.erciyuan.clock:pushservice1⤵
- Checks memory information
- Queries information about running processes on the device.
- Uses Crypto APIs (Might try to encrypt user data)
PID:5548
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
MD5244d77cf610be789d6b8dd061421dc11
SHA10e3592a9c96bca687288bbae2ebca9c4150adb28
SHA256eaf8f9eb373361787914907fecc1cbcb16591a3f960abc464631c0aa999b2877
SHA512827e2554b7c13ef994c3dd9e3ff240aa5dbb24c802e920019efb9518da371fd1ff64b9081edf8536012a3930a1dfd6f5fb9f2100aa5d6d0c194267099062febe
-
Filesize
4KB
MD5c58940cfcd05f0fc0f8e0742e20f19cd
SHA1961695735b8ab8c03eab26940d6472f2a2311607
SHA2567bd56987afebaea20883d62d5dce166048d1e250ec2af212624d6f388549c12c
SHA512777667f0390b76b53bba2ea2f0ef0682dd1a52753777743d076f369f92ffa749f1728ac44a18ccb56ccd453e2f893cf1ecc0c5ea3a1d73b8e57198e5c5f0afee
-
Filesize
8KB
MD5af7cd05fe7a8c47e3e70c656e4152241
SHA1aea9e16675b046297722db1c5d68c58d5de5f25e
SHA256a77f2f341a1868fff21b68f631c5203ae551678fd9ab8d7590ce8fed362f9c75
SHA51226d3684e81f04acd1e6cab1d399833f8a607c728b73972defee48a815b0f2e2aa67e25e44087528281b591f159b7602c8650331c83231708b7e9feaef342ca73
-
Filesize
12KB
MD591d44dc38c5473ef4cd07c547b840e2e
SHA10c69b580804297a5fb3ffd9833a2bc6b6f6147b0
SHA256b23db735f266ca8cb76b064ead0cb7442cd0318c189026ccc135307be6cf5180
SHA512f92936cd9911c0def0243cf23dc119669c5e604f641548a36f516b423de83ec7e30e4b935bd4e0e913ba3ea8a8a9aa3d19643817808f5edaa9c03b591cc37bd2
-
Filesize
8KB
MD5500c5ed3b9d1fa13225ad15a0ce6d7a2
SHA1d1b86fdbb8e1c8cbfa1bc5472975b2cc6632a230
SHA256e9a58a641a781bb86d7a3600a7aa4aa9ed3f28f6c77ee5b3f3a5fa0b96bb14d4
SHA512ba498d4775dda1b974dcacc7920d13b3a9e23a6bb989561ee4d9d1ce823fa2afd54a96f560ee7024ebc1e9be216e3e31009ff84bba0732d98c303dcb8aadb30a
-
Filesize
14B
MD539adb753735a050601143c83ff36e9bb
SHA10b1551720061f5b70f3aae6745e450f0196d6afb
SHA2566720e4a9a326b48f5fc7daa2bc2c6b147e2e22a0091c7efc1aae25e864ce8c23
SHA51205de4149e3d03c9c7293a9c760c838eb49ec1b7f24df67fa4f437d3c6fd7575dcd1c1bea570e1cfbe3985c7c826d62915062a1f650ef44f9251902fbba1f6988
-
Filesize
512B
MD5dfad96c610cdfacbcbd28b4d23f29f81
SHA1808862009bf9e7d4b017179c9e09288e94ffa66a
SHA256b314d89dde79ac5f2f8a173f9acddace711fec7dc9129bfafe898d37682e827a
SHA5124bc681a28122fb9f85042c7825218d88d262c7aad24562d81ca6f1afe9070dac4cbd9097b1f4e829a4aa778710db6740050c4cf077e040c84de8c7cd7faf14ea
-
/data/data/com.erciyuan.clock/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzEyNjAyODY1Mzgx
Filesize48KB
MD50cadf159ee11ae64737605a3509f5a5f
SHA19e7ad6c91583facbeae25e2fa7f60071d686c71b
SHA2563d8dc185813e6cbfc875d366df29f99d3bc03cc6e0fa9a0f3c70ad642c182e0c
SHA51264dbcd6c22b5e89f8cb5cada23406f2f281d37d0290a3e0d25ab1c619ef2313ea1176d42fc82f67b7c423a1a9629c07f1121b37c62b76b0912648bcbed15311f
-
Filesize
350B
MD57d593c4a07fbb720ed0a5c9d066a4d40
SHA1129e3a5107dd9439221ed1d2ce27de98ebca2386
SHA256d78baa895dbeb5fb3956e61d093ec819b611da02d5295e47460f7b994e94a609
SHA512672d9441a9f8ae352c3343f315f0eb2cfc6fe8636f9a776857c4072b4f43ea14beeedec3529aea31b3ce8ce4aea32eb24e7176435bb929b981d5741c7f19d50b
-
Filesize
68B
MD59311d8aca1161c8d1e019465838d78d1
SHA107a15b6a593857c0b17aff672e4feead6b6e6c38
SHA256f4af7a8789d7a9339ae7c27107a5ed2f2a7a141e70a0b2642e78bbbe04e6a064
SHA512bf6f815bf6e3666869efaffce9387cad12df3774fa49ec87a1abee558e14efb78e4c1f5817b4758d6c5bc7c6a2a98d4c102ca5389e45a56256876075439682d3
-
Filesize
68B
MD51570a0dd6fa8365c623480ab7bf6ddc5
SHA175754a3fee72f19e8df517232339c8035e21cf33
SHA256888547c8bc4772e261da078963deabb63dc4f7c65ba8a4a891acf62e709fab78
SHA5122924f163417a210116b0dfc6aca14de76a88296686a58b60e3beb4dfbdb82bb216d19f5fe8e758abddcc76803201d9810445f7e0fa4c0beb8a62c8a30f055ba6