Analysis
-
max time kernel
147s -
max time network
130s -
platform
android_x64 -
resource
android-x64-arm64-20240221-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system -
submitted
29-04-2024 01:19
Static task
static1
Behavioral task
behavioral1
Sample
06801922e51f9599b3f78a19c7be469c_JaffaCakes118.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
06801922e51f9599b3f78a19c7be469c_JaffaCakes118.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral3
Sample
06801922e51f9599b3f78a19c7be469c_JaffaCakes118.apk
Resource
android-x64-arm64-20240221-en
General
-
Target
06801922e51f9599b3f78a19c7be469c_JaffaCakes118.apk
-
Size
602KB
-
MD5
06801922e51f9599b3f78a19c7be469c
-
SHA1
4104aa1fe43314df19b61165af1d6da2941778a4
-
SHA256
28ff56f012a5a2f3d9484483f7e101cd779a16dc40ca55134b942278dc0c7e6f
-
SHA512
811fa3114754939e52383dcae81ecb5a79ce0410068ac37f645a4f583961beeeeab87c0b2c2cf2a022e98c69cbd90c1c20f7c1840276ea344d2564138f9f93a4
-
SSDEEP
12288:IEaFZvkGGNUuWW1NVwCKn6GAx1d9H1BY+0aTBpqSol2KpEhpX79w:IEaFmFN9v46flH72wOSoMK69w
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
feifei.shasha1.meta.faceioc pid process /data/user/0/feifei.shasha1.meta.face/app_ttmp/t.jar 4452 feifei.shasha1.meta.face -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
feifei.shasha1.meta.facedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo feifei.shasha1.meta.face -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
feifei.shasha1.meta.facedescription ioc process Framework API call javax.crypto.Cipher.doFinal feifei.shasha1.meta.face
Processes
-
feifei.shasha1.meta.face1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/user/0/feifei.shasha1.meta.face/app_ttmp/t.jarFilesize
276KB
MD59aaea567e0c93e51718ba7eade0e83df
SHA10005116aad1779361b70093db00fed5ac090ae23
SHA256b30a95dff6f65f444472971c8aaf895ffc8e66e0117ce242ec4cb8a8a519a5ec
SHA5122aef1034335d8752f4e25ce6c5823ce03019536cc6e51ee61b5291c77a0f356a2517e0cbe7f2c4cc2d897115dc856449a342cfdc247c9d34d313187d15b2f890
-
/data/user/0/feifei.shasha1.meta.face/app_ttmp/t.jarFilesize
587KB
MD5f72c3d07507c3e26d317e9117ba757d1
SHA1cdede4739e9dd9fd95243aab5e44c24f93f825c3
SHA2561c65834d9ca018c6496a8b9957589d0e94657911b6635dc21a448d78f9238887
SHA5123420714252e7503abc13c99274d767b0bc08671d769460dc61823ab9470e145fb75c5dfaadc617d3a05cf251ed5ecf38ea7e8c1d7b343bca4d7e8296f1b805d4
-
/data/user/0/feifei.shasha1.meta.face/databases/feifei.shasha1.meta.facebFilesize
72KB
MD5ce1b192faf8421499069714e9ae50c4e
SHA1d63620044b42db586a2c1a85a4cb5273cc7e21fc
SHA2566553b1e3968bdca0a42e18657736ad2e3adc18ef6d2ba5de3673c4a06f9a73cf
SHA5120f949900567f6c422874e197bf5f060dd00777cd20537513abc36b6513573f186c347a19b772eade4c449a0c00507a311f65fad253230a3dc7f3df967f6b04b9
-
/data/user/0/feifei.shasha1.meta.face/databases/feifei.shasha1.meta.faceb-journalFilesize
512B
MD5ab56d4179bd8df0c4c7831491cbe285f
SHA1766286c1e9fb0d27442a3e9419fb7aae251d8efe
SHA256a52f7c2b94f3f67c67391839673e42bda15121501322824050d466db2530f085
SHA5123063ddd8078de1f919d9e4605ddf2ad6ca677da680cac2b285e83cabd935eb7c43c440d9fffa1988e873fd9032c82ebd56359a183d0954c74678d418fc2cba90
-
/data/user/0/feifei.shasha1.meta.face/databases/feifei.shasha1.meta.faceb-journalFilesize
8KB
MD516f9415187104932f607fc7af7aac565
SHA102e4fbec3e3216ad40a95df07cc4c18d639c2ca8
SHA2565923ac6e8363c5bf21694bbcef96adbd9b4739e9485376a47bbd981a0743641f
SHA512a947c63b3e37e09d11542ef731d8ecb8e56458adf5a89367745e27a69f56c302645b59cd54d03c4aebd6d672e535dd35929c52f05a8c657d9393512ff541f405
-
/data/user/0/feifei.shasha1.meta.face/databases/feifei.shasha1.meta.faceb-journalFilesize
8KB
MD5fa335154aacb134517845b205bc311e8
SHA1512d652d61fd4d8b0e3193867bda1d55cee5a298
SHA25665a329a138e3f028e03cde3b6b93a29ab543bacabe0e2528139fc77ac559c7bc
SHA512400bdb68467ff8428a7461aaf3220ed6240e4d802eec404cfbfa119f2c2e55a5e9177ac788e566f6a8fbf394101bc6d79905e56c4b4821f4446dd9d486172125
-
/data/user/0/feifei.shasha1.meta.face/databases/feifei.shasha1.meta.faceb-journalFilesize
12KB
MD589e605c8d2dd307ef10034b5e9c54661
SHA11dd0ffbdcad8968ae605920b56cb76faf40b7642
SHA2563dc6c2b2b011d56003b8fd0f1b34b9364e8a0a547011ae22e977b395f7125f08
SHA51231f324bfadf38906265e2aa47c8a36dca0fdab11d4a6a035171524a28402ae7325b8ad3400b534b978e6b811191942550638618aecaeb1d2e6c092b8c5e8448b