Analysis
-
max time kernel
144s -
max time network
169s -
platform
android_x64 -
resource
android-x64-arm64-20240221-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system -
submitted
02-05-2024 04:37
Behavioral task
behavioral1
Sample
0d85a76bd4f10a1138acf0710407b166_JaffaCakes118.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
0d85a76bd4f10a1138acf0710407b166_JaffaCakes118.apk
Resource
android-x64-arm64-20240221-en
Behavioral task
behavioral3
Sample
tcore.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral4
Sample
tcore.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral5
Sample
tcore.apk
Resource
android-x64-arm64-20240221-en
General
-
Target
0d85a76bd4f10a1138acf0710407b166_JaffaCakes118.apk
-
Size
7.5MB
-
MD5
0d85a76bd4f10a1138acf0710407b166
-
SHA1
38580beb9d19cc6029787e8f93fdad726983cc5d
-
SHA256
838ee033311752143f09351a9079a873d66c0ab41c71204c1b24395ed6cb2f3e
-
SHA512
9b31225dbc6d6269585d79ca1c1a41ab7a3fab27e34e93963c48afcd3228c6418873ceed4772860733fece0a2588023681ce62b0ae73196822f0e1ebb567ec64
-
SSDEEP
196608:4OL+xKRI1RahUlNl6qTPhgIogHKXVArPPz3sxL3p29/HL3p29/xCkM:zP8UUlNl6IqIJHKXMPPzcxL30HL309M
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.senhaomaoyi.mobile -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo com.senhaomaoyi.mobile -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.senhaomaoyi.mobile -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.senhaomaoyi.mobile -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.senhaomaoyi.mobile -
Checks if the internet connection is available 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.senhaomaoyi.mobile Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.senhaomaoyi.mobile:pushservice -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.senhaomaoyi.mobile Framework API call javax.crypto.Cipher.doFinal com.senhaomaoyi.mobile:pushservice
Processes
-
com.senhaomaoyi.mobile1⤵
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4426
-
com.senhaomaoyi.mobile:pushservice1⤵
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4584
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
MD5bd4652bfbdc7d40d5f01b347b3368ac1
SHA1dfe6f3a64b925aaa9696db7a9439456015b3d7a3
SHA256d4d9f121844793a1f7b0bd78cf64c09a13b79bbac8c20c1bedad9d3e109de61b
SHA512cfd90ef2eb1da80b202ad6aa4f15e53dfa59ca9d45bf37ca0e7857ddda73ef62e92a460067fd89e921f954b994a275b1cead46ef1e75f13047842dc608793b34
-
Filesize
32KB
MD599ab42ebef1aaf3b3ace0b60462d4af2
SHA118c9e7cb628ac94f064a28e2fd7dd64b9bcf571f
SHA25662e46d0a9ec41e58de159a4d44259fbeb9e4074318b4f885992f8c556c6b0929
SHA512381329e4e90111a06109110a82041c121a31ba37894051536c91c50fb4ba9a821cd5f24cad59e0f12f48c7aef21482451b97c132ce901aa77b65ecb619006072
-
Filesize
512B
MD5b56fd30853809988dcb8742eef8d19fe
SHA177be651bd3945f5c31bb0fac664546d245a0914d
SHA25659f983c1d2d516df32fa8023aebcc8fa6f9480fe0301d8a6680a4b9879781ffc
SHA512ba3d5fb75fa6609be9dc01916a6fb726b6e48214fa879eca0528e47761d7953f5cc1e43cec851aed469a37d90e2b598a721969e125b6e0f0409f8b50b9a5a80f
-
Filesize
8KB
MD5de3d9806e5b77983b16d1cd4312222d1
SHA11299da0e62798ec9b62489a0e6cc9be8afcd6951
SHA2567b648c857404b5787b8e6bc124e39d3d8e1d4c460f02304c10d07f6cbef34eb3
SHA512a5637e8b146e907823945d4d028cfb1360dfa673894ee83e28939b8915c7e9f18db4284ec7e3c8b5840215358b7916277c0f49628b8a2fab991a3af5681c8a74
-
Filesize
8KB
MD5a51db34cb5db444bcee3b374d250e3fe
SHA134f7de84f56811bd2b833ca3af43e3c8269f79f3
SHA25682433ced55a1008404dda4937a403cfb5a28fb631dc443636f4dcaa5181b21fa
SHA512c5c3dfc7ad659b1e65418894bfe8e4defcc90935c6dfc42861e85723e3dac57db43f685c225b9459070a7bb6eeeb7e893a9d299bccf6374e11e1875684b532d5
-
Filesize
8KB
MD516a15d373e064902acf03c307309e387
SHA133647fb150af78eb74499aa410c043a68e48b3b4
SHA2564804d53769059f1d5e61c44e429de69b03800c63616024526fca82f05ee33004
SHA5127f1ae4d636ea1c7caed6fd13eb3921fa87d87b5f6da799739507563ed6dfd7c3ef8de415c378b6e16495c0ec5b57c3d4938094920947df4602f0e46f2a43ba1d
-
Filesize
8KB
MD53fcebafeb9d848026cf73c0633c9f422
SHA1b8a7b2b00dc9f0d29be6c9c14d25b982d0b1f9d4
SHA256709fe7338b9b0d7ff43320a53b5e74d6276a61b343b303e7b00242e5cecf99ac
SHA5129be942f99dfdf275d516522329578097487eabc27591803d30af2eaa0e0046480b5f4424d1d63060e769372c2a5d8e708c654da71d3fc6aaeee1bf2bd6a4cd99
-
Filesize
28KB
MD5a5fe2d9c09a28ee2c9a87f9bebbbce28
SHA1925d6a0425bb9af8f0d632b80dd0616ea26a281d
SHA25691f29cf4f83febcc109d50e33a156f89281ef8da287156419c8922505b5e30b2
SHA51275bb8da2e36f5f6ef940036b3ea011f59a960a28fc4a7b216a0e6358d8334fb6d2374e30778d7989bed07e85f1cb742faf507bafe5aab8a08aa1d4f6a6ef84e9
-
Filesize
512B
MD582ae9cd6c2fb30dec73d1e5ee89edc3c
SHA19a46acc79f5ea9087e02e7a207ea2d781e0079e9
SHA256a52de860321b4f2d418d137fc8eff3826621cd2fe39c696db01f01412b5a3b44
SHA512014bfd32ff7a9bfa414c0f4d3fbbbf62e8d8b880d389935bc6b3413699d60165c6fcc57f115b8497c69ab06313e11928e60475ead0082c3bc56ca527b0c30b54
-
Filesize
8KB
MD53f9c9b71d4ecc2a03736aa50c76f1bb5
SHA187ba36c49be9c7f94a49bb33b9580c70ebfb07cf
SHA25657c0de85824199af2fef9b057ce7a267f31441159290c0384191bc92bb1a1323
SHA512993dbf349dd08aebd504293f19591df0b271e496acc0ebc462b72f1fdd0f3d0c6f80db56b66b716440392a16aae98c8f03f42ea75d24f8446231b77c1316cdf3
-
Filesize
8KB
MD57c0aaa0e65e6a59b168bd37b55df46ed
SHA16a744bac1ccfe855cea660beebf715a8f43daa54
SHA256c3b4328bf45a99d5a5c6fa8b8d13f5fee09cbd81d7f895a90b8228585c2090eb
SHA512fe1be3b7511d72782adade09148216bc563f68d593954114e95877a988e8dd44132e081d9a7dde5add14a401c7ad3b027e064a1c7c450acd63b4703045041d07
-
Filesize
8KB
MD53b9f7605650bf5beacad097f4b12b544
SHA1706d7468b34bb4a9fbfb19593af87c6ac89f1f48
SHA2562316744c92994b687e83eb423d90fb8c284c742baf8b9f7175173fc0a811009e
SHA51272483c897e3c10ca8cb6515c053b90ab3ab5425a9ebfdeb4740cac692fe6b838d7ad25a239f75e0c721f748f3ed5d684deef650ce025f272ad920ec74e134dc4
-
Filesize
48KB
MD55de3414effa60d01a1b66de1345be6c2
SHA1b4ce9ea9443633d05e815d90148d8790d70944e4
SHA2569075d29165357f6183cb41e737265f1d1daaba156733e9c9171dd31278aa5e88
SHA512a1e506dfc8a84452efae65fc0c83ad61182158b5afd97196c0dadec5fdcee779699c9747cf6894481a3b59e8192edc4df3943a2dd5f5b9cb7aa0961503dc6b00
-
Filesize
8KB
MD56135731121eff64a2b76ca257972b1a2
SHA1e1ec589904f96e05e99efa873a9224488eb86210
SHA2565103c15e4ab844e2df98147986ba502f24086a49c39d26564c05618fbe69656e
SHA5123084de92f5ed8547ca4832fc7d3fe699e4992e361f5d6f0bd031c35fa8b0aae5b96243ee028c8ae546eb688d5d50b86f7ac1409248e340df88c1ad0e7c808761
-
Filesize
8KB
MD556dc7c4b35e8eddac3f80d05c836a4f4
SHA17201c402d24e229cb8bca36674814c9fc51428ac
SHA256f3b5e39caf81e8fb0d00324f6c53f6f9f63945e995249541b3d96e3f11d05408
SHA51200e8d7ed27fa6485d55efb2c21fd04c41bd93f3e93e6829c14fef451050a75349bf1ef2d04fc4fdd62b93b93172f0d9728bffe7a8c48c262bb9ac7e9315d1722
-
Filesize
8KB
MD5677ea09244532101f06027f1c8d179ff
SHA18d201c0d2d117a0142202a6b660bb4b975b87bf0
SHA25623d107be5121e03a3adf5142e69ab0f8c3f6afbff73d70ec76af1ef576bdf66b
SHA512bf227ba061da5086161acb0ab1441e912d9fe91677c03da8ee9d67f2a72f153af4047cc06600f185547269aec8a91dde39c34c73c461abdfe3347aadcffc3d36
-
Filesize
512B
MD57f765be093c995efe494299c9c4c05fb
SHA174563bfa105540abcd09ad6c2d3c7f11553d7c0e
SHA2561e3a54be8f79e1169f8a5b1fed214eb1eff16f888cbf0ce9d7b859e680d45c1b
SHA512fc4e8a981d35ef0077fcf7b127b1092eba7bc79febfe6c1f885f04772f2c72408c605141776f07c29f1810853ada274bcc8e4a96019b49e1a4edc37dbff83078
-
Filesize
32B
MD5dabbcdcd3cfde1ccc86c27c38eac82a5
SHA104ad219bfe33a72b4ff1abfeef61c077aa174de5
SHA2561e823daacc25e20f64d9f002bed8d58c8091749c331c8a594d078432a38b14e9
SHA51299baa49015783ae8d5630f7e097c790757200bc5b2b78a861b0dc5c5ccda86b7a75dab25731687f777e6f3f5918294606c6e552e636562668cb6ada22af02e5f
-
Filesize
4KB
MD57d8ab211552f9e089e7a4615265fab46
SHA144be9696cf88a1f506fda05938a5bf2980c494ef
SHA256a0fd3a5ff13e5c338158902c5d339f194b180178f82f7503001a54fd06ce7cde
SHA5127e1f77ead8a2b21bf08bceb45764057fc33f7cc1232c2707c2732b321c34286280a2c11c7f982795add49cc77f2c8a6359d7b2b1fdb63603d1068aa978e843f5
-
Filesize
79B
MD5693814a563e13d55b0f56bc2a098430d
SHA18b9c159f0b96241e952bbb66c43cd8a2b4e9265f
SHA2563dc1e150d85860336175cc354be94cd12515952144f73420a3c050b5de199dea
SHA5126834256fb30a50674095956e4347d3593e253d630255dcb3d7ded5d714207d3bc6eff28041ac70ff6f7c1fdfd35889251a65992241b421592d0848914ee413c0