Analysis
-
max time kernel
8s -
max time network
131s -
platform
android_x64 -
resource
android-x64-20240506-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240506-enlocale:en-usos:android-10-x64system -
submitted
13/05/2024, 06:45
Static task
static1
Behavioral task
behavioral1
Sample
3e356eec96d1fdf44bb7deffd8537d48_JaffaCakes118.apk
Resource
android-x86-arm-20240506-en
Behavioral task
behavioral2
Sample
3e356eec96d1fdf44bb7deffd8537d48_JaffaCakes118.apk
Resource
android-x64-20240506-en
General
-
Target
3e356eec96d1fdf44bb7deffd8537d48_JaffaCakes118.apk
-
Size
15.7MB
-
MD5
3e356eec96d1fdf44bb7deffd8537d48
-
SHA1
e299e2e54a4f5e3250f42a55d41ef969e9ffcffe
-
SHA256
74f9afc54ef47525abc388d47e25978ba84d8ded8b8382430252e9eb4a57fd31
-
SHA512
9f1221837be6cfe15c5f9874722b5e588638c582c691723d9c50cfb40ab27119ce74d1940202bbba57332a43af5126f50f9dca6b4c86090ae45ae07cd3b3117e
-
SSDEEP
393216:4fgJ2dL0jbECjHuJGIhMIWxCrwR5JXMUSuWPemuLzW2zfqpWHQBu+:4A2dIvECjHuIVxTJ5S7GmaW2bqpWHQQ+
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.cloudywood.ip -
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.cloudywood.ip/[email protected] 5144 com.cloudywood.ip /data/user/0/com.cloudywood.ip/[email protected]!classes2.dex 5144 com.cloudywood.ip /data/user/0/com.cloudywood.ip/[email protected]!classes3.dex 5144 com.cloudywood.ip -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.cloudywood.ip -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.cloudywood.ip -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.cloudywood.ip -
Checks if the internet connection is available 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.cloudywood.ip -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
Processes
-
com.cloudywood.ip1⤵
- Checks CPU information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5144
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.1MB
MD55c554467252c53c7389b8d96bd7c3372
SHA1e63de9fbfa8f1e4a8f3c628459c8e1261c42badb
SHA2567d5d64cc636d9e06120254ade478294905faa7f936b31189c6b038f8c30f283d
SHA5124b38d146e3a038f35449b2fb57f444c69a4c56d408f957030b01dd49c0999f97d96f7585a385e17249f9b5724c5ed1c201c0574cb7c293a6f564716605fc5b8a
-
Filesize
363KB
MD5f7f5e960db0c8a6f3b5b8d1a0427a042
SHA1a8b623f9f87a6e785508befe07314da2fa903bfa
SHA25617ac5b03f2a51ebdf2cce66314bc8e3e1547bfa0dde61357fcc07768aaaecb3c
SHA512ec889d1d9428cdbac082d0b5ab81cf33ac417874a416daf27b02af3d207b1b02ed794fc0b3f0ea266c8edaf3bfeb8f3cef7c631af689405fa629fee948ae8cba
-
Filesize
349KB
MD50733255e286b6e6dbaba9cd897e6d6a9
SHA1f7050b691709a83633b7d3cde1b91bd6fff1c2b0
SHA2568ebf467743eb1ac1c31eee127d4d37e3109c23b856e7de94de04a11f8b9f6432
SHA512c3349d02dbdb02e3c0bcf52a752df5f142866aedfedca01cfd52a37166b50acd5159488260ee8f43a7b59da1288dc50bbabb6845a67135c919de1083ef9d678f
-
Filesize
982B
MD5492678d134071b33fe3b691e18c3e539
SHA13ddaa24fc3cb35463b361549f4d9b9c62cf2d86e
SHA2566587951715e8ce3f9c41191bf51a005c643787456349d52858ac46d07f7216e1
SHA512543f57d271d2a6a600b9c9e890415344d7298ee061d96d72b09d4601ceb0349c846f6352cb6f52603d2d019ef162bd20062a95f7b517b7246d673e15345a7de9
-
Filesize
32B
MD58e2136e373de4952a5caee1c99c6ce8f
SHA1cf3965fe33b918a7e76af58a28b3e9e79a824ffb
SHA25688b05a706ac294a0d97ab487f38faed249ef016a4d0ae119aee199d827e473f1
SHA51253255410e39f81945d70a7dc95594328f4f5a016e9716786c6fad7635d8bb69c7f4a1baaafc38a3ca5c757c10886868f78acb2e9e6820ea474ace4da034f069d
-
Filesize
348B
MD5cfc226fa7931f6ac8ddabfc1cca8b4e0
SHA17c45fb85ae8a5b37104efe3aa776538804c7c664
SHA2568d11fe391cfe5c30de1d6fe2cfa3351b89ee0dfeb652e3df271d5ad1cbe12c63
SHA512f68c1e89503ee969f12e1147b2c91ff5fa4255a5654809e73ee4e5659a19b86343227d7c7962df17b2c669859f3cfbf5133abab247ab96fce80a78d9bdc2e974
-
Filesize
32B
MD53deefd42149178c1852595dfb10f5772
SHA1561b33f14b77f01a6746897adfee1844aaf7f6b5
SHA256d8b16a7d09b195c00c9e1f46216309223573507bc08c34946757bf701fe2fee9
SHA512eb98d7dba512aff4cfed804e09047cadcf3ad3fbb3e544cc4a6ce6d2f231894209ecb6d36ef0cdb2dfa663303217bde1fb74697abe8a6abf48037860b17df4c1
-
Filesize
314B
MD5df826d93aa697d43511b258d1712524d
SHA1895743d0f732f9a92417af1963404c6ee1a005a7
SHA2565c4ead8ff0434ab59d453f0189472f1f83671e6f544e5796e424bf34f9b26d9e
SHA5127c41e425628608cbfbbe98ba8b4db951485bd20f66c224934bbfd93ab90564565762518ea3137faf3d2a9db25bd5a94c239f17c82006d9b941683b16ff6a7c78
-
Filesize
27B
MD5a1d4895f960c116d4b9deba9d624ed4b
SHA1c5b72e71f1641dde86732e13373b24e705db225a
SHA25651cb8e6ea4b055231f5a191aa5c491aad9255ce8b13ce7038a5241b56cbe7780
SHA512148802e94758c75e2419be8e5dfa1b0c1fefcaef5695c59960db9a5e9c25d8021e5e4d33b201cf14f44de28ee1d9715e6a5cd1f7d18cb8119dd40f095b861a07
-
Filesize
488B
MD5dc8da7cdabea281d4abc8a0d4aeefff0
SHA13176ee5ce18c871b7f04bd2a3ab7e1a264b70d00
SHA256d2ce3415c8e507cfeb6077785e72ed441cbdb8081c6c4ce4f5ffea4f3f7a7215
SHA512d30262b422ac6a692a87124cbb50f3938aeda29918a80e01769a0180536fb17ac5053c938faa948d9a5ebac91529892270fabc692b6f5c4fbb6e3717e0f31ab3
-
/data/user/0/com.cloudywood.ip/[email protected]
Filesize7.5MB
MD5d2345b6b061f723c6a5cb4c3ed89e1b5
SHA11cd88839dc1417d548476af09f3196588c01d952
SHA256087be3526c55211477540818ae404f48f5407a5252e7d606843539f3562aad60
SHA512d7229054ab515667cd291d941470e1fe968144aec02d6a4cebbc865bc1e53261b0adef19454e380e49a5b5de3e554ad13ba38d610b2e38c60b9c4211622e7d78
-
/data/user/0/com.cloudywood.ip/[email protected]!classes2.dex
Filesize4.4MB
MD5d44a708ae7f551643253c378cc139e6c
SHA1655bd823214bdfa630440d264be75c33e496ed77
SHA2564122328d9b125dab5a6e3268e69cb058cfb00f88f16ed7cafd71db66fab67ce3
SHA512977822257440d17d05178dc59b19df1d5a396c8f2a9dfdd9e30408bcaa970aac2fc0337e64795efa25ec0e27a302437321630037e03a23ca5433e898ce4ae33c
-
/data/user/0/com.cloudywood.ip/[email protected]!classes3.dex
Filesize63KB
MD5474b32d4c0e89a526d09888ad01024de
SHA1029bdad358148f4191eabc923ae4487191d11d05
SHA25664849e15813bb028bcaef90294e5ac6505c5a9e95a2e02fc548f9c8fb53ee8d8
SHA512fb9b6363d0efd217b3ac636a6874fa9cdf16375e15d2942c7df0ec5262cce6348f31c659492cb2d2b988284fa723b115143dfd97669b05fc2365c037b5f06e48
-
Filesize
48B
MD54c4c5285293d5141f582aefa4e038669
SHA1e01852a72e5a8e6f7d63a21426b515118196047b
SHA25636c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731
SHA512097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399
-
Filesize
32B
MD5c05019695300bd729dadef3afe624577
SHA1fc8621409852fd4d1cb5d42d0d04200fd41692bc
SHA256bb45ef26a363fe88026305f348d452a4742d01eacbd2d747ccf28e471224b049
SHA51276e1b32a0b4699ab082962dc13b73c1f872cde6ff2fb3d0997b6de9048586f1fceda0e3eca5bec5a8cd9c2d2d3ad10ee8fcc1741e53a1e23c866b45b20f71ed3