Analysis
-
max time kernel
151s -
max time network
157s -
platform
android_x64 -
resource
android-x64-20240221-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system -
submitted
19-04-2024 00:40
Static task
static1
Behavioral task
behavioral1
Sample
f91e82665d80cec11d15f4431bc8d8f2_JaffaCakes118.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
f91e82665d80cec11d15f4431bc8d8f2_JaffaCakes118.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral3
Sample
f91e82665d80cec11d15f4431bc8d8f2_JaffaCakes118.apk
Resource
android-x64-arm64-20240221-en
Behavioral task
behavioral4
Sample
pushplugin.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral5
Sample
pushplugin.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral6
Sample
pushplugin.apk
Resource
android-x64-arm64-20240221-en
General
-
Target
f91e82665d80cec11d15f4431bc8d8f2_JaffaCakes118.apk
-
Size
2.0MB
-
MD5
f91e82665d80cec11d15f4431bc8d8f2
-
SHA1
783ed7e86bbef6f2ebd0596615b5bc6d8780dc52
-
SHA256
cfcb1a5a40e6a0b5f85d34e48c223a608124b478c117681dc47b3df2c244264d
-
SHA512
0557324ff4d9be6fcfca70ddf996278a2d531877181dbbc6a59389784075c6e84124b376c44ba55e9fc970852b31ab478052b758e52d88e2483c6dd789a88c3f
-
SSDEEP
49152:e/6X+yQ1536YUWR3OknEAUhxdZXRQ1dugkg:Ui61531m9zSz
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.fiash.videoioc pid process /data/user/0/com.fiash.video/files/tim/VTcJhWmfUI6zvrYHQ0kO63_GpIHWtI2t/abeeVY-sxrT_5Jvt/DzB8FiBAQAFbVkMI.zip 5037 com.fiash.video /data/user/0/com.fiash.video/filespushplugin.apk 5037 com.fiash.video /data/user/0/com.fiash.video/files/bx-sdk-libs/201/62.apk 5037 com.fiash.video -
Queries information about running processes on the device. 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.fiash.video:mpc_v1com.fiash.videodescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.fiash.video:mpc_v1 Framework service call android.app.IActivityManager.getRunningAppProcesses com.fiash.video -
Queries information about the current Wi-Fi connection. 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.fiash.videodescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.fiash.video -
Queries information about the current nearby Wi-Fi networks. 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.fiash.videodescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.fiash.video -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Reads the content of SMS inbox messages. 1 TTPs 1 IoCs
Processes:
com.fiash.videodescription ioc process URI accessed for read content://sms/inbox com.fiash.video -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Requests dangerous framework permissions 13 IoCs
Processes:
description ioc Allows an application to receive SMS messages. android.permission.RECEIVE_SMS Allows an application to send SMS messages. android.permission.SEND_SMS Allows an application to read SMS messages. android.permission.READ_SMS Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE -
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs
Processes:
com.fiash.videodescription ioc process Framework API call javax.crypto.Cipher.doFinal com.fiash.video
Processes
-
com.fiash.video1⤵
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device.
- Queries information about the current Wi-Fi connection.
- Queries information about the current nearby Wi-Fi networks.
- Reads the content of SMS inbox messages.
- Uses Crypto APIs (Might try to encrypt user data)
-
com.fiash.video:mpc_v11⤵
- Queries information about running processes on the device.
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.fiash.video/files/.imprintFilesize
853B
MD54d3f862e47892923f2eededa73f7c6ee
SHA19c3adb93d2d2b0a3cd3a556c2382788145bd8908
SHA25667e6226f45760de985aba3570194edc159a22ac250fc8f19b156a6c0842bb3b5
SHA51222be812258342a118ebeab7d30068bf44607f5c615847a43b8da1d5c24872a9607a6fde559312d17ecc2cbdcd09c8d219979202d0ab5dbde0e38c5f6826979e1
-
/data/data/com.fiash.video/files/bx-sdk-libs/201/62.apkFilesize
256KB
MD56ef12237190018cee5470e7ab9388ee4
SHA19a5c2802667957f1fa7753ddfd3be0e07f822409
SHA256a11f384b6036d27a88096d9a222cc529925d923a1562b3c56ecb6d514bd4145c
SHA512d730116dfe1dae5ed0d961cf497537085d5ebdba2d63624aad3cd15a05f1a867c7fa71516a2b2adc34484597677ebcffff6ecd17ca6e570c04ea2961564d50fa
-
/data/data/com.fiash.video/files/bx-sdk-libs/201/oat/62.apk.cur.profFilesize
491B
MD50f26921bc6ae026687fb353f51db64d7
SHA15d7fbd5068e5a1d6c1df8396fb7f3224acd1ae4b
SHA2565e0f9f451264872722ce7fdaf1986bdc4b360408b565c5c7bb9e5d29cec82c87
SHA5125e8c6d76fd6fa6c5cd4401b4a7facec17601fc0523967dbcc9d90cebda64e7bf9db5f02be437209ab970045d86863f2ea3d3f5876c3fdcf491d404e30608ba33
-
/data/data/com.fiash.video/files/bx-sdk-libs/ui/loading1.pngFilesize
566B
MD5c9ca2d884373531463e3964fb95a5aa7
SHA139abcbb3bac8efa1e8da2aa834d20627e1e95ba6
SHA256e03d0b3fd7bc23101fc8bf1e27c4b431286b6a68c1dff4d00d3553e218ce5167
SHA51270c15e264cee2c21e3ec8bc4603aec182024419e5c27b90bb5425e2f07956f67eb714c041f26016f9bd7250b32534ab34b56242849b6d011aa94193625d10def
-
/data/data/com.fiash.video/files/bx-sdk-libs/ui/loading10.pngFilesize
572B
MD595e0486bb871b171524d80f5871b1400
SHA1fef3cad088ff4c7321cebfd317e5a153b42d8e5b
SHA25695409583d23ae3f49402e8124206038f8685c7ce82b0b30080619d17e1deddc7
SHA51269d00db3d9ef02fd197102bdb92971e3f43455334471082ba5589c86654f4d0c27150cccbe965fbef552c84b5dbebc54cef58eae20061419388c865588958307
-
/data/data/com.fiash.video/files/bx-sdk-libs/ui/loading11.pngFilesize
579B
MD5cb46e73ccd275a7d3c398d55901562ac
SHA1e2f1c6a385b27897bbe41a05943f8f32a77313c8
SHA256827e064792253cc7b609684358effcc2767ba009f8c8c48c964314a9fcc268f2
SHA51277cf9e281255ec78fe93e71f415ec39f8afc3f4ee09cd6c834567f28abeff5c9a7dba1aab84933dc6ef80b4fa68c64989671b3b17324a53c03ba4f0acc81c310
-
/data/data/com.fiash.video/files/bx-sdk-libs/ui/loading12.pngFilesize
577B
MD5e4c986d6cb67d82c5156ffc0dc68b814
SHA1c7ed39bd371538de41c4a96e4e1a43b07f84db52
SHA2565843e3bf949789bc93d6849450323faa553c8a5bd42a1a5ebbc97a2fd573177b
SHA512fd0d3e4162560c3c5c43d473e570df04faae7f883ca683577fdb62dbe2ca2bd6557b2750ccaaff7c59bd295a9a32a6f5a60cddfb20a2ecac4c5fbb6dd8f0b95f
-
/data/data/com.fiash.video/files/bx-sdk-libs/ui/loading2.pngFilesize
572B
MD5481590a268134eef86f9deacee0bdff6
SHA1dc352c7474fd5b8cd0569556ceec7911f1b2345f
SHA256c3bc52d64b89db5848af13a6956612f4cbdfa0c1161e797b3585a581f5e07f42
SHA5122527bebb3726b7dd9b0d044d329da6c942aada0c7b7bc00744554ac734f787be89354c171a7b1837e2583b32e429312aa3d7a9038a01f66262cb8e2ddc9c3b5c
-
/data/data/com.fiash.video/files/bx-sdk-libs/ui/loading3.pngFilesize
571B
MD546bd656d1b276ab5867975216d5b12f3
SHA13b651d499153f9d54a1fc858b81337c477ee9363
SHA256c7014a1528197d7c24d445c1dc0729bb4788fab07f4697410fa742f888d04b8e
SHA5125f44f697ab41737abd3394c089f647e744e546c1e9494ade71e5adf2718328c92192133dd282737def7dc2a64c60854bd310d1fed03358b79ffdbc699c52a098
-
/data/data/com.fiash.video/files/bx-sdk-libs/ui/loading4.pngFilesize
564B
MD5cd091a0751e76f79ff3cf125c1a48de6
SHA1a556ec5e68754f6baecafeea1c5326b31bb2c586
SHA2564db89b6b876191ee93f7e7771a677e3f0da9d215d70c20f3fc060c37f1f65dcb
SHA5127dcecf550654f7db7c74c45fed49e275a87c05dd8fa54368966009160927f692c9954a39b85800b706a3345bc8b650142b5630500e656aea27be579a1f97d96e
-
/data/data/com.fiash.video/files/bx-sdk-libs/ui/loading5.pngFilesize
570B
MD5628b0527e70e5e0842b2ab424ed187a4
SHA1aa0426ee19fd8037650bdc823faf2b52a62d78d9
SHA256376c3e37b7a7f33f95db90c23558dbae996b12538a6689fac14a4456f55f466f
SHA512a0a6ded27b1deafc2ce77c253c275bc165ddd1315c7e76a55b547eb47e74df2d8d7029ebe3e34eb0749f3fada67f58da1bb70b3dc8898dabe4006937853313e2
-
/data/data/com.fiash.video/files/bx-sdk-libs/ui/loading6.pngFilesize
575B
MD5a29fce099213c0d8ef612c49761d3f33
SHA14874ff1cf6a0b2a7f8f2f8e78899a50dc7270c63
SHA2568d57d4607d8fc350e32489763d58e103249e122a69408bba527f1445d6ce17d6
SHA5128764722c5f0695c4eecb9762136b4cb5b951aed25722b6b6bc7fe10d22d3ca4dab1ca8bc8526f3d3ab9da5dcb239a2a1e06c2df19307d17859580b65b8697b1e
-
/data/data/com.fiash.video/files/bx-sdk-libs/ui/loading7.pngFilesize
558B
MD50b5bfc99d8b963895ffc2c175c057d5f
SHA1026de3bba13cc4196640efd0e139be5f16502351
SHA256e3ae8062b8a45615ea289c621120d80de337e5b774939dcadc8bdfde96ce49ae
SHA512cf29fd5d6e596e4560906d10aca2d42008bf46015452a6331e617fe6fe15e299a87f183fdc3cb9c5b8eef0292c6079229cb2cb8c4431bef2cb720f815b2757d6
-
/data/data/com.fiash.video/files/bx-sdk-libs/ui/loading8.pngFilesize
563B
MD58af29a29969165af206a94ffd75d5321
SHA12cc797185d5c78c0b7ae5bac23fbb75c9dcca86d
SHA256fab834f6694eec956354cc3ec2acbf41943891b5a4c97de6856bc6d048e2ed09
SHA512b10a89f6f14a2639ccc180b28534280f1adb60c96512d776313ce31a7a0259e7ff73ef3997053510572eaaeb7448500c6d80367fb1a6ab4f95a5fcf3fb28bb38
-
/data/data/com.fiash.video/files/bx-sdk-libs/ui/loading9.pngFilesize
571B
MD572b42463a0a82d6615cb60c06807a18f
SHA103613710e0ae16adb5b0a4068c97b3524c00abb9
SHA256bee1c3872558addb794c2f946fd70b2e9e6144735557a0009c0ab2b284d460a1
SHA512c85437ec4a13ef753ce3989a141ac46be7c09f07281cd2dbf9776f1a2f2d5def65014c3589da4c61ee00ae92e1e304ff77859e56f8cf1f46e3da1bd4175812ac
-
/data/data/com.fiash.video/files/libwpay-core.soFilesize
25KB
MD59536497e4025dee4c315b766d2a3a871
SHA13e072368500c8cb1abdbd6f9552da51b58e5c0ae
SHA256b61f2f3c8da7db4fedecb5d5a0264fd3735ac947916cdd994ede40ea9bcfbc39
SHA51256225949d6169d0e9f21583a65226b3e7c7e3f1ec39194bf284ab93af6f805d237d3da9d160af2d991d17bf45b298da46cdeb95f61b7c69f0b1b45eac387e9da
-
/data/data/com.fiash.video/files/mobclick_agent_cached_com.fiash.video2230Filesize
1KB
MD55dd2f3bccf26ab7adba42373a302496b
SHA1104684068c57cc723df2504c55ec774f3f9a3b48
SHA2567abf7fb345ffa29d5c3c33ee320df26aabf85e937c17775ba46358a6a7a60cba
SHA51277e778e2f5f409e664f5147479108f5ec5f52270cecd87d8affd035aacc63ac5236a4e9211b185a90dc6a76dc39e4d5042a64062c7a922e076863eed613f0b80
-
/data/data/com.fiash.video/files/tim/DsWAH7HH4-WM6CZkSa5RgXCG2Nc=/F4QcGqYUmtjt7nid8zzSqX68EgU=Filesize
309B
MD5d9371cba2aa6a3e5d391a41f8591369e
SHA1911da7412c9a74a965df4920672b9acb04fe1762
SHA256a4f0aa13ec635b003e74b69f20a49de24d3c490cada78a1121cece9e2fe47cdc
SHA5123e768f5b368464cb09dd4719e435e24e54e1b2be4e1e3480aa7ab0cf3a39bd461d874bc0217c4e93e9d0d5effd91a685dbf1721df79acf74e28a6b83f8c57837
-
/data/data/com.fiash.video/files/tim/DsWAH7HH4-WM6CZkSa5RgXCG2Nc=/Q6SoI48vGt6E7NJX.zipFilesize
3KB
MD5e1ae6c1a693ffd311c5d3358204a5b65
SHA1d1f96310216182d398134f1804d2cea68c23389d
SHA2566fa0a1abe959bd8374e5371555233b0730739995b2d59265f30a1c38c0c73777
SHA512cedc4d8a21973c3f5c112d23a724c496248809703b8b7f466b871358e97aed9b726767e0b913e241fb251a06047fd395a9034fd8d9e90b61e0cd788b14cb5be4
-
/data/data/com.fiash.video/files/tim/DsWAH7HH4-WM6CZkSa5RgXCG2Nc=/e77DEMA7B7Csg5vqZqZvHg==Filesize
381KB
MD511f5d336138d0fe4cb2d939c00356941
SHA11f7cebaba76b4c98e793e23b594e66aa6f5f7c2a
SHA256d442c57a3317657a4d4bd52e780383058289f0100b4b139ecfd8ef5fb8d49231
SHA51269d437c284921a63f9d4b18908c466905e73523b4599a31921e9ed3210a01aa73930626b4ce44e1c01f6f337deac678fdbdb5ebf5cdb40c9d5613fd450665281
-
/data/data/com.fiash.video/files/tim/Gj9FCFCVDMZEpfFyXo2emNlosUY=/data.dat.tmpFilesize
351KB
MD538f8ef336ad58ff25497a15a564e26b1
SHA1c4bd6765cb0896490faf607d65984323d46ee65d
SHA256961add961f443eb1d75480131c08ca330863cd85a99d9bab1c71f28a05f878f8
SHA512391d26149c08e52c7e803652ad5a7c251f18bf67243d7858c0b0aa040ed16a884e6638c050a02c0173f86f51f0403ae3d7a4f1f4e0ec8e4d5b142ac1ea57ba4f
-
/data/data/com.fiash.video/files/tim/TzxVa9cImSXWY3-DX1e7lhQh2-o=Filesize
85B
MD54858f61328fa0636b6b634475d27a459
SHA1bf5ec1b0936a618da680f252830a6e0c0ab7a140
SHA25606f29c04986d6fcc7da266598d3fef3b8a4b6c70f9474e03c2eaab633115e088
SHA5129eac3c18814177fa223a4bd10f9c9677419ffd1ed4aea3571deaa9207b1e680954c3836bebc939e0f0d603c3a192e89b60b6588bdc885e5fb0432a01daa19787
-
/data/data/com.fiash.video/files/tim/TzxVa9cImSXWY3-DX1e7lhQh2-o=Filesize
96B
MD50738109a02208d61a48e888b2753925e
SHA19dd5c1724b023f53aaaa86d02867d8cb628f08a8
SHA2566ad6ceeb0f161f47bacb11806822ef9a6c720f1b425182a0ed4fbd3dd8b13060
SHA512c96a75e9df83e5333010dd99680e1ceb30287d7c475bd2854184b3210b569df7c78a8f1a463608e58ce6cb0a827677b866f96c9f8554cdd2e0b5e3d69aa0ccbb
-
/data/data/com.fiash.video/files/tim/VTcJhWmfUI6zvrYHQ0kO63_GpIHWtI2t/abeeVY-sxrT_5Jvt/lib/libtt.soFilesize
11KB
MD539b6ac5154df77bcc92c9cb4c76560d0
SHA1b985bd345461490ee6c62548a87d648413faccda
SHA256ab50dcbe107ba99a5065f674f1b4b48bf3d83ff3f0b256e68c502ae483dc72f3
SHA512cb1dc48f50d9ed016f75b03917e9a66d2a2a9ac751e069063a9cbccc8c76f5c32223795c77aeadfc21989d700fcedd718c9c70e878a8a3962e1152bbce005e02
-
/data/data/com.fiash.video/files/tim/zImbgVVxT9gLotLoQo92Uf2GrgA=Filesize
55B
MD5945d02f98bd4e7106ec3a9845b25e592
SHA173491cb732835e29e9a715dd8753d6b68cd86539
SHA2563e3c3dbb20929cb39dec82aa35f6696b2a7e42f84981f0f800c12568c0429615
SHA5128021976bf13060c167ff7b7bcdf56c66053f063ef316c98bc51fe8513a2e87fbf68b863766c1286b8bd35063774a301f20856a5c7c4620184e5f39b6677abd31
-
/data/data/com.fiash.video/files/umeng_it.cacheFilesize
245B
MD59b7b42c42dd241a639ce9c0e28b1daa2
SHA118b913c47d022e1e6f515ecc290f97a1e63c0800
SHA256cf83a02770b1fe64ddb5adea4c0af65779d099ad56e003047a6bc180cd7d571f
SHA512d73245181478976fc777797c93525b2b2043e6d11c2f444a767fcc961492346edee19c6237150c58825453a112d4876aac09c954ace75fdbebf483f48dae51ef
-
/data/data/com.fiash.video/files/umeng_it.cacheFilesize
125B
MD5a39e055377ce6d079dfbf88d8cbaad5e
SHA163d14f90607dd8c9eaf199f3e5fb241fba4d74e5
SHA256900269cda5b6ffafb8d83a7d14446539edeaf6a626f39cb7a7af6146a142b360
SHA512ecba8991060020b189508dbd5b24dc13e83e6ab7d5283e261ef7f4394abb7cd8058e72cb168b871a887c32c13114f6a1dc8be4c9aaf2d9741a5fe0df020d2602
-
/data/data/com.fiash.video/filespushplugin.apkFilesize
68KB
MD51cc2bda5b2446238ddd1047ef0688a03
SHA190886b519a020b36598b6b6c3b0bcdd3249fabbe
SHA25646d87a2ed30d8ef57cf2c09b17cb6351fa12f33cd67b8832663732c346ded902
SHA51256dafc0d4c8d60b21da05bc44e2d9ecc86bba6624f7036c9f1018478333545e0f5348506f655b959087e5144dc32921e9b20697052409aa8a6b6b2538ace0c41
-
/data/data/com.fiash.video/oat/filespushplugin.apk.cur.profFilesize
436B
MD53e986dbbc656694d0199aaceaa8082e8
SHA110757fc2ee85f31a5ed06721e76023bf8abba8c0
SHA256983a3cf554820e7c227020977aaf63fc6ba460a45af560c33ab93756a2d4dc4e
SHA512761a09334c4c00522687ecea33a8b411af45925105122cedf9031b769bc2f69543a1b54afe2aa19eb6dba31bc04387c616512594a95b3982989ea0a542b16362
-
/data/user/0/com.fiash.video/files/bx-sdk-libs/201/62.apkFilesize
499KB
MD5779f5c33f7d70ea521a8c6a3bcbb081b
SHA18978f6f3a4402cc51bdd6be93c127225f1562188
SHA256d1106b9c590b427920498f45aadc9a85a7154ea6c45a7b78382f0ea89eef53ea
SHA51244e50dfd0314277e1cc33fa9fda201785287da0185043af8342a40160ae63019a53d4e2a2bfdd238eaf8c1b19912c64e857c010ca35c05bd453f154bce06fb8f
-
/data/user/0/com.fiash.video/files/tim/VTcJhWmfUI6zvrYHQ0kO63_GpIHWtI2t/abeeVY-sxrT_5Jvt/DzB8FiBAQAFbVkMI.zipFilesize
616KB
MD58e08b2043b87bc0b45b0e8fbfecf0639
SHA177ab3061ae96c8f28a6f4c75c4fe63926a63dc8c
SHA256a81996c9134aa61051dd666ac936bf32febcb7b7afc60fdec83874edb51b420a
SHA512d8b0bbd6e63588c38344b35efd4ba51f798cc0db1bccc47c88ae9597b6e1c350cf3ba1754e3226d2fd5ede1e3043d5f60b927332e3d8caf0c4b5e8120baf3ac0
-
/data/user/0/com.fiash.video/filespushplugin.apkFilesize
158KB
MD5d32e54343ff8e5e2e44332425d6fe58e
SHA10af3ad92b5ce7813f8faa152b7ba3e07f86b6ba3
SHA256fac261da91bd50c1e8b543e060917fc682c9221b494317a552e4c5ef1d24dc6e
SHA512a938673cffa71abfbeeeae222620c0b252e231c2b7a0c08abfbdab85043f574c1023812e53ea797ecc850744d492737cb63c9b391e43fe74e46d028a6f0a4caa