Analysis

  • max time kernel
    147s
  • max time network
    130s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240221-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
  • submitted
    29-04-2024 01:19

General

  • Target

    06801922e51f9599b3f78a19c7be469c_JaffaCakes118.apk

  • Size

    602KB

  • MD5

    06801922e51f9599b3f78a19c7be469c

  • SHA1

    4104aa1fe43314df19b61165af1d6da2941778a4

  • SHA256

    28ff56f012a5a2f3d9484483f7e101cd779a16dc40ca55134b942278dc0c7e6f

  • SHA512

    811fa3114754939e52383dcae81ecb5a79ce0410068ac37f645a4f583961beeeeab87c0b2c2cf2a022e98c69cbd90c1c20f7c1840276ea344d2564138f9f93a4

  • SSDEEP

    12288:IEaFZvkGGNUuWW1NVwCKn6GAx1d9H1BY+0aTBpqSol2KpEhpX79w:IEaFmFN9v46flH72wOSoMK69w

Malware Config

Signatures

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Checks CPU information 2 TTPs 1 IoCs

    Checks CPU information which indicate if the system is an emulator.

  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

  • Checks if the internet connection is available 1 TTPs 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • feifei.shasha1.meta.face
    1⤵
    • Removes its main activity from the application launcher
    • Checks CPU information
    • Checks memory information
    • Loads dropped Dex/Jar
    • Obtains sensitive information copied to the device clipboard
    • Checks if the internet connection is available
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/feifei.shasha1.meta.face/app_ttmp/t.jar
    Filesize

    276KB

    MD5

    9aaea567e0c93e51718ba7eade0e83df

    SHA1

    0005116aad1779361b70093db00fed5ac090ae23

    SHA256

    b30a95dff6f65f444472971c8aaf895ffc8e66e0117ce242ec4cb8a8a519a5ec

    SHA512

    2aef1034335d8752f4e25ce6c5823ce03019536cc6e51ee61b5291c77a0f356a2517e0cbe7f2c4cc2d897115dc856449a342cfdc247c9d34d313187d15b2f890

  • /data/user/0/feifei.shasha1.meta.face/app_ttmp/t.jar
    Filesize

    587KB

    MD5

    f72c3d07507c3e26d317e9117ba757d1

    SHA1

    cdede4739e9dd9fd95243aab5e44c24f93f825c3

    SHA256

    1c65834d9ca018c6496a8b9957589d0e94657911b6635dc21a448d78f9238887

    SHA512

    3420714252e7503abc13c99274d767b0bc08671d769460dc61823ab9470e145fb75c5dfaadc617d3a05cf251ed5ecf38ea7e8c1d7b343bca4d7e8296f1b805d4

  • /data/user/0/feifei.shasha1.meta.face/databases/feifei.shasha1.meta.faceb
    Filesize

    72KB

    MD5

    ce1b192faf8421499069714e9ae50c4e

    SHA1

    d63620044b42db586a2c1a85a4cb5273cc7e21fc

    SHA256

    6553b1e3968bdca0a42e18657736ad2e3adc18ef6d2ba5de3673c4a06f9a73cf

    SHA512

    0f949900567f6c422874e197bf5f060dd00777cd20537513abc36b6513573f186c347a19b772eade4c449a0c00507a311f65fad253230a3dc7f3df967f6b04b9

  • /data/user/0/feifei.shasha1.meta.face/databases/feifei.shasha1.meta.faceb-journal
    Filesize

    512B

    MD5

    ab56d4179bd8df0c4c7831491cbe285f

    SHA1

    766286c1e9fb0d27442a3e9419fb7aae251d8efe

    SHA256

    a52f7c2b94f3f67c67391839673e42bda15121501322824050d466db2530f085

    SHA512

    3063ddd8078de1f919d9e4605ddf2ad6ca677da680cac2b285e83cabd935eb7c43c440d9fffa1988e873fd9032c82ebd56359a183d0954c74678d418fc2cba90

  • /data/user/0/feifei.shasha1.meta.face/databases/feifei.shasha1.meta.faceb-journal
    Filesize

    8KB

    MD5

    16f9415187104932f607fc7af7aac565

    SHA1

    02e4fbec3e3216ad40a95df07cc4c18d639c2ca8

    SHA256

    5923ac6e8363c5bf21694bbcef96adbd9b4739e9485376a47bbd981a0743641f

    SHA512

    a947c63b3e37e09d11542ef731d8ecb8e56458adf5a89367745e27a69f56c302645b59cd54d03c4aebd6d672e535dd35929c52f05a8c657d9393512ff541f405

  • /data/user/0/feifei.shasha1.meta.face/databases/feifei.shasha1.meta.faceb-journal
    Filesize

    8KB

    MD5

    fa335154aacb134517845b205bc311e8

    SHA1

    512d652d61fd4d8b0e3193867bda1d55cee5a298

    SHA256

    65a329a138e3f028e03cde3b6b93a29ab543bacabe0e2528139fc77ac559c7bc

    SHA512

    400bdb68467ff8428a7461aaf3220ed6240e4d802eec404cfbfa119f2c2e55a5e9177ac788e566f6a8fbf394101bc6d79905e56c4b4821f4446dd9d486172125

  • /data/user/0/feifei.shasha1.meta.face/databases/feifei.shasha1.meta.faceb-journal
    Filesize

    12KB

    MD5

    89e605c8d2dd307ef10034b5e9c54661

    SHA1

    1dd0ffbdcad8968ae605920b56cb76faf40b7642

    SHA256

    3dc6c2b2b011d56003b8fd0f1b34b9364e8a0a547011ae22e977b395f7125f08

    SHA512

    31f324bfadf38906265e2aa47c8a36dca0fdab11d4a6a035171524a28402ae7325b8ad3400b534b978e6b811191942550638618aecaeb1d2e6c092b8c5e8448b