184595fbd6f24c48f8f62af580da50ee_JaffaCakes118

General

Target

184595fbd6f24c48f8f62af580da50ee_JaffaCakes118
Size

11.8MB
MD5

184595fbd6f24c48f8f62af580da50ee
SHA1

adf5685eb2984a7c6f6392f4caff433df5f13586
SHA256

de093a48d4b32ad4ee4a474e4f3210081de84fd99a02eed9066e745fb340f887
SHA512

f64af64e6130f84115a01c274837f91be067fd47651ae6b0f45862fa706c33cca1ac38e7f858e065d13af1ad4c427bf2421375022c0f68aa2c32229be7bd99b0
SSDEEP

196608:vYzaf0mCpgFGaH/1BlzeR+WTaNlbwlCuRuc0JsNHFyCcVZaWx5ChWu4lWmjXUwB4:AzuIMB1aAI4c0JwF4z6hWXYQkwB5N/7I

Score

8^/10

upx

Malware Config

Signatures

Patched UPX-packed file 20 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

resource	yara_rule
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx
sample	patched_upx

UPX packed file 20 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx
sample	upx

Requests dangerous framework permissions 6 IoCs

description	ioc
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE

Files

184595fbd6f24c48f8f62af580da50ee_JaffaCakes118
.apk android arch:arm64 arch:arm arch:x86 arch:x64

com.dongguaren.run

com.dongguaren.run.Activity.WelcomeActivity.WelcomeActivity

Activities

com.dongguaren.run.Activity.WelcomeActivity.WelcomeActivity

android.intent.action.MAIN

Permissions

android.permission.READ_LOGS
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.INTERNET
android.permission.READ_PHONE_STATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.ACCESS_LOCATION_EXTRA_COMMANDS
android.permission.BLUETOOTH
android.permission.BLUETOOTH_ADMIN
android.permission.ACCESS_COARSE_LOCATION
android.permission.WAKE_LOCK
android.permission.VIBRATE
android.permission.READ_EXTERNAL_STORAGE

Services

Android Permissions

184595fbd6f24c48f8f62af580da50ee_JaffaCakes118

Permissions

android.permission.READ_LOGS

android.permission.ACCESS_COARSE_LOCATION

android.permission.ACCESS_FINE_LOCATION

android.permission.ACCESS_NETWORK_STATE

android.permission.ACCESS_WIFI_STATE

android.permission.CHANGE_WIFI_STATE

android.permission.INTERNET

android.permission.READ_PHONE_STATE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.ACCESS_LOCATION_EXTRA_COMMANDS

android.permission.BLUETOOTH

android.permission.BLUETOOTH_ADMIN

android.permission.ACCESS_COARSE_LOCATION

android.permission.WAKE_LOCK

android.permission.VIBRATE

android.permission.READ_EXTERNAL_STORAGE

Sharing

General

Malware Config

Signatures

Files

com.dongguaren.run

com.dongguaren.run.Activity.WelcomeActivity.WelcomeActivity

Activities

com.dongguaren.run.Activity.WelcomeActivity.WelcomeActivity

Permissions

Services

Android Permissions

184595fbd6f24c48f8f62af580da50ee_JaffaCakes118