Analysis
-
max time kernel
67s -
max time network
130s -
platform
android_x86 -
resource
android-x86-arm-20240221-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system -
submitted
19-04-2024 05:27
Static task
static1
Behavioral task
behavioral1
Sample
f99958f277e1eb858a809ac107cb7c61_JaffaCakes118.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
f99958f277e1eb858a809ac107cb7c61_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240229-en
General
-
Target
f99958f277e1eb858a809ac107cb7c61_JaffaCakes118.apk
-
Size
6.4MB
-
MD5
f99958f277e1eb858a809ac107cb7c61
-
SHA1
b6ae13023ac1117ae78b974858e12b2e77d2b82d
-
SHA256
bd49f8744e72498ba891de83a67e8c9cf0a74b9fea45ad7212ba20d17698897c
-
SHA512
bf1f71d75e7cf942d5a3b94f5926ff383842d82ff26535baccbeee2ff83c76b43dbf0eb189fa2182be877599bcae5dd20ce8d25c1a110b3a1c7a91afdfc980c3
-
SSDEEP
196608:RMiBXr7woKqZRpl3Wd7jYKXUpTgqw9EHJyAc4z:R977HKqZbl3Wd7jAjw9XAc4z
Malware Config
Signatures
-
Queries account information for other applications stored on the device. 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
Processes:
com.wandoujia.phoenix2:accessibilitydescription ioc process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.wandoujia.phoenix2:accessibility -
Queries information about running processes on the device. 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.wandoujia.phoenix2:accessibilitycom.wandoujia.phoenix2com.wandoujia.phoenix2:update_servicedescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.wandoujia.phoenix2:accessibility Framework service call android.app.IActivityManager.getRunningAppProcesses com.wandoujia.phoenix2 Framework service call android.app.IActivityManager.getRunningAppProcesses com.wandoujia.phoenix2:update_service -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs
Processes:
com.wandoujia.phoenix2:accessibilitydescription ioc process Framework API call javax.crypto.Cipher.doFinal com.wandoujia.phoenix2:accessibility
Processes
-
com.wandoujia.phoenix21⤵
- Queries information about running processes on the device.
PID:4461 -
chmod 777 /data/local/tmp2⤵PID:4492
-
com.wandoujia.phoenix2:update_service1⤵
- Queries information about running processes on the device.
PID:4588 -
chmod 777 /data/local/tmp2⤵PID:4656
-
com.wandoujia.phoenix2:accessibility1⤵
- Queries account information for other applications stored on the device.
- Queries information about running processes on the device.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4635 -
chmod 777 /data/local/tmp2⤵PID:4717
-
chmod 777 /data/local/tmp/.wdj_config/2⤵PID:4786
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.wandoujia.phoenix2/databases/142b8011d30dff4cf4bf0dc97fa951f6_aysnc_downloader.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.wandoujia.phoenix2/databases/142b8011d30dff4cf4bf0dc97fa951f6_aysnc_downloader.db-journalFilesize
512B
MD51aeb08f2c9fcab9b244937c5f4c69b30
SHA173eb64629065e91afca5c9b697b9b10f17d01c34
SHA2566d62f20408c467d569cde715f5b22049e5e690248b8cbafb187c4abbf03eebab
SHA5127c4025b860a88beb05b17267ed1c5b15c388d0b2d68e54cefe1267a02fb5203cf16ed4c00a7692d3f67c966ad6a720c04df5cc34bb030de7c62ae4b648e35dd5
-
/data/data/com.wandoujia.phoenix2/databases/142b8011d30dff4cf4bf0dc97fa951f6_aysnc_downloader.db-shmFilesize
32KB
MD5315c4b401ab6ead70d308ac86b10b14b
SHA1ea87c398ce7e59d864e81afbc4b9871b43caabfc
SHA256fc50d2d1d21f8d97fd39a78333ec5b9ca5b67a0cd28b9b43802173c8d45c89fd
SHA512509e20e595ae24f3f8d110dddb9be150ee983293796091b28d702ef18614bebe8e0cd9c73ff9bc29a8155c0edc1df68d563014ed268f84374cd190cbd927f3d2
-
/data/data/com.wandoujia.phoenix2/databases/142b8011d30dff4cf4bf0dc97fa951f6_aysnc_downloader.db-walFilesize
32KB
MD5328131ead48aa9a631a93bc7124e2a53
SHA18c113c422ee7fcf2cbcea30f0a53f96f9083ab08
SHA25655e4cf5b2f7ed6ce4eacd81ce3aada43968e105cde1bfff16f1c1ca189e3ac44
SHA51222b31e6b8f110e3be924492bf596df1f8a975c4acd915a3cf45f7fa5ade0d8eaa8e9298f5ce3cacf012db8c6da9675de2a87fdd864ea1dd97cdf021e9d835686
-
/data/data/com.wandoujia.phoenix2/databases/c4d3d1e0e4ee9b329ac0e10249826edf_jupiter-log.db-journalFilesize
512B
MD5b803249cf0d464108a688e15d50bb252
SHA166df522623717e174b9e5094e3bb37f832fd6b7e
SHA25681da1747f02e743a7aae8412f7827babc0d043b90433146fd8eff51a0df13a47
SHA51286072af933d9c26425bfe4e34a6e35b4fdc11df48a3909f005bedca6a31865cd5936bb4e461c8546438a7ceb6671fd5d4a56f88a0515a5950b22670f7b18faba
-
/data/data/com.wandoujia.phoenix2/databases/c4d3d1e0e4ee9b329ac0e10249826edf_jupiter-log.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.wandoujia.phoenix2/databases/c4d3d1e0e4ee9b329ac0e10249826edf_jupiter-log.db-walFilesize
40KB
MD55ab5f8a9a2d36ce48bb2b9fe1f21d7ee
SHA1f4aff75e3a150daf01ebfc54fca00ff9f5f7baf4
SHA2569c23d571896536c862d1ba6e44c71cea99d1a5ef78f1dd951d1ab9405dd2a014
SHA5125959e8f15306f292c967013ea5d060105385bfee130cdeeff137e4c18fbbe7cb4b927f07824639fa0942ead3d7281a19b684bbeb4c7b87c81c39bc77f3ee3682
-
/storage/emulated/0/wandoujia/.config/shared_settingsFilesize
73B
MD5cc03a603dc14649512bb9d2ab94235fe
SHA17914194bab824749912e3ab638861608632cbc25
SHA256cddd86ea036cf4318b0c823e70b9ac32ec4882936165e262cd48d75cc65a157f
SHA5129ac45c1df62e9bd91644d55da8a5033dab219ab3d60f032d7ba43d7a1819a04f118cfbc6110166d0fca6f2a2668a74070e2d26d9acdd470555df659f82267277