Analysis
-
max time kernel
47s -
max time network
146s -
platform
android_x86 -
resource
android-x86-arm-20240221-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system -
submitted
26-04-2024 17:27
Static task
static1
Behavioral task
behavioral1
Sample
0148de886a0e76d26b5feaffe9129ac1_JaffaCakes118.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
0148de886a0e76d26b5feaffe9129ac1_JaffaCakes118.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral3
Sample
0148de886a0e76d26b5feaffe9129ac1_JaffaCakes118.apk
Resource
android-x64-arm64-20240221-en
General
-
Target
0148de886a0e76d26b5feaffe9129ac1_JaffaCakes118.apk
-
Size
3.2MB
-
MD5
0148de886a0e76d26b5feaffe9129ac1
-
SHA1
92a5657fb3385b87e90c8567f848e9f28f8f0e71
-
SHA256
ab9053888d876d33d29120cdca47077fd55971698948f6086c89618065958130
-
SHA512
65d04efa2d41296c2c4f57ad3cc0ddbbe28bf8b51711cba7f80914fcf9a8a0f71f0f4315261a09015a03de7dafe52c37527fad87b6fc7ca19d7c5f154e2ade96
-
SSDEEP
49152:ZJBuh4MBQjrmm5PTMr5fWWcCa+mHLpvhSz7Y4/RcNzjcUBup7pHl5Uqrgg0P:zxMBQjrlAr5eOa+mHLLS44azjcAaHQT
Malware Config
Signatures
-
Requests cell location 1 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
Processes:
changda.xiaoyou.appdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation changda.xiaoyou.app -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
changda.xiaoyou.appdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses changda.xiaoyou.app -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
changda.xiaoyou.appdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo changda.xiaoyou.app -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
changda.xiaoyou.appdescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults changda.xiaoyou.app -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
changda.xiaoyou.appdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone changda.xiaoyou.app -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
changda.xiaoyou.appdescription ioc process Framework service call android.app.IActivityManager.registerReceiver changda.xiaoyou.app -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
changda.xiaoyou.appdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo changda.xiaoyou.app -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
changda.xiaoyou.appdescription ioc process Framework API call android.hardware.SensorManager.registerListener changda.xiaoyou.app
Processes
-
changda.xiaoyou.app1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
-
ls /sys/class/thermal2⤵
-
/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq2⤵
-
/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/changda.xiaoyou.app/files/.envelope/i==1.2.0&&1.3_1714152452880_envelope.logFilesize
2KB
MD566a3c2730221f9de31261a65f0f94e3c
SHA1a3420478a963aafd0def15b30333f7235d58e4a5
SHA256623fd788358129d410260d1de3b0c7c8588ba7aa810f61cb3f9073f8aae2f13e
SHA5120ed585c3befa32ea4081cd2155367da09a93604cf775f71826bcdc6cad0b82c16dc29ca87df997fd7c6405205390410d7fff10ccad8c01ea51e2b4d2cc72ed9d
-
/data/data/changda.xiaoyou.app/files/.umeng/exchangeIdentity.jsonFilesize
162B
MD5c76ff75451208360971bfad4e2be3299
SHA143a1d9b6ff2df18bd4f9d4d1df7d9bce0e06c04c
SHA256f369282ebc69ee3b3b471fb26f816e2338aa5e0d773b6318749f0be75c1a88b8
SHA512e5f7eebfd88c10848e2cae921010d2fe58f5263b5fa6e0b90f1b4337a15f2d8e3d88fdbfa3c8df7446dbba12228db4ce5bce811e10c8148ce072c1d77b35b263
-
/data/data/changda.xiaoyou.app/files/exid.datFilesize
55B
MD506b93803540fed0d22a448689c241831
SHA128500114908df8ae7932ecd65502df366d718415
SHA2564b2f1e39fbc2b7e142c74286c3218432bb65612ea3577b713f8303454f51550e
SHA51218f215ee09d861de3ab53a1e70286901ea3dacffa13efa4de54075d7ebe2c429d8be2e97a20e43eda60e4cdae135398aae8ccbb2096912cc462fb13316374c08
-
/data/data/changda.xiaoyou.app/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE0MTUyNDUxODE3Filesize
1KB
MD53b8534c15b31b14bc89570378d7f1eee
SHA1efa438f0015b63e27ed459c619f3223d69b46a61
SHA2567cbc5256345b362c58f504729009e581dda565d5e7fb443c69441c9a68de66e2
SHA512f4116c4bad860f3c010c40a31ec256391e0563ef668b36b6b831674be89dd713dc7db4b520e3c0cd48371f531e9d0ca5312b3032590f26cbcd5c33b77befa569
-
/data/data/changda.xiaoyou.app/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE0MTUyNDgyMDAzFilesize
1KB
MD5bfa7f8d848aaec63ac8df9dd7519a5c2
SHA183e9676a5e59daa63df19dbbce810b86ab41b71a
SHA25659fcaeed0bee847fe4a9da8a9eb8a1963f1984474e4b644ca6c2f454786987e1
SHA512846525576f0dcdbd3dbb487ec8e1fd0bb65be87837fb9ab84f9c78a28e60f58b4a11a3c5feec7fbffac3a889ece84517379893801798fda37e7297a335120009
-
/data/data/changda.xiaoyou.app/files/umeng_it.cacheFilesize
415B
MD54fd53cd59a46b0cf75e9c6fd66657946
SHA10858e645b341654e9158a318e97c1508ac5e0798
SHA25644f44ffb140ab1000422e96549e4ec87ba541a212228a7620edb639ae76d6f9d
SHA51252b49d5fc855554182d531140869e9cecfa489cfc53410deb7d1daea4f00f416f2ab830a0319e30e2a8f3efe25c67e660a8b8d4ecb8fb2d112b44f995d3df50a