Analysis
-
max time kernel
136s -
max time network
158s -
platform
android_x86 -
resource
android-x86-arm-20240506-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system -
submitted
13/05/2024, 06:56
Static task
static1
Behavioral task
behavioral1
Sample
3e3f2c8c7cf9d4cc11e396bda0e01897_JaffaCakes118.apk
Resource
android-x86-arm-20240506-en
General
-
Target
3e3f2c8c7cf9d4cc11e396bda0e01897_JaffaCakes118.apk
-
Size
14.9MB
-
MD5
3e3f2c8c7cf9d4cc11e396bda0e01897
-
SHA1
00e43e3e500a8ab1d654b456a9b0139b02a13b4d
-
SHA256
5428765b8f7eb40ce41d779563e9e7eaf50336c8cae5cae9e0883045e3f0420d
-
SHA512
7c3d90c4bf271e159f3c602d99a4e85423423a9241ddd4f1d6420462b6ef2502a7bcbe22d9ed0e7ece5a17b2c5bf4cdde9493b9670463d53a2a6ec336502ad4d
-
SSDEEP
393216:l4vWsc/Yf3dmEU+oZ8IGbJOX5Y5l/zxBcvPZsj3der/GKbR6VBd/:63c/Y1fvM8v85Y53GvR63dU+KbWr
Malware Config
Signatures
-
Checks CPU information 2 TTPs 2 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.yunti.lfs:push File opened for read /proc/cpuinfo com.yunti.lfs -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.yunti.lfs:push -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yunti.lfs Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yunti.lfs:push -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.yunti.lfs Framework service call android.app.IActivityManager.registerReceiver com.yunti.lfs:push -
Checks if the internet connection is available 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yunti.lfs Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yunti.lfs:push -
Reads information about phone network operator. 1 TTPs
Processes
-
com.yunti.lfs1⤵
- Checks CPU information
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4295
-
com.yunti.lfs:push1⤵
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4369
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5732ba972b6bf73d76c72b6a7102e49ae
SHA195314d1e07ee39c9856f0bd7e38f40dbaa3b3170
SHA2569676db698817be6e619452a421c50631d2071010a3e093ae4fd9a04a466fc7a7
SHA512ba1e7471e769ee4eb8e99ebfb22bcbb9ff9f051fa8bd3b0257aa8da47d9dcdfdda4930e23db42c3d7085ffb9569e4e04a24f372439bd571da455732b7ccf345d
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
104KB
MD5082bc374e0bdea2eb082de8fbff82668
SHA1f13426691bc456a534fe48924f768057a3359ba6
SHA256148e07f4745ffb78d9e69066d4ac2e8b1f1f94e29528d3704e53490881e9c2ff
SHA5125a1bacc4ed2cbd388bc5b8c9ef036aad6e5135011e564883c7bc07a3aa6a87c91d6af041a71d324df38e1fae55a4305596257d63843bdaafb0d608423408808d
-
Filesize
613B
MD5629094ee9c55360c6f2674946283d57c
SHA144a5c498882b2db2d514885b18453179e3733356
SHA2569a3ca543feb26afb1b67a7d90b6130ef93328517b5c039b1729741e04d76d5b9
SHA5124ded15c4cc00c9f0ac95f5071943419a91d9d73d8f7c20ffd0f70c41f7fef63f9fabeffd81c63056e7c088d4b1b743d53eaac5118f58fd99c3d3c56f074729af
-
Filesize
294B
MD5ddfe3a6248531a3403137594e70aee25
SHA162eb82d132d53af38dfa233314c67495de6518f2
SHA2562c5032abf33bf6537509ed8d8c6c4be0e8c1bac50cf8c1a8a800069d1c64bd76
SHA51201dcef70c092547266fd19f856cd55a140f6231da2bc342b6aded88388b0346fde27227902a648e3dc65395bfaf9b9c2c7d7aafc4a46c5ec7f31d99abfebe1b6
-
Filesize
381B
MD5109c0318d4996fa584d972aa7e880755
SHA1351d86a52e3297fe22dba213243a7263579b3fde
SHA256633cec488dc2106d966b8e56ec727070c14f2e42f4ce2bfc1e1e96ec06801f17
SHA512b0564a2588e78375e63e66114176d0bc07991b35234f56f1ddeedd8aeb629acf9699d61cf260823867e9042234ce68af2fbb1391a0f41520a7f999ad85f0d229
-
Filesize
380B
MD56181bc6508725c75f2138fd4b0478a6e
SHA195c5b6bb70c8a0311ef2953bb0e687cca9e514ed
SHA2569b256d5c3d9d1598889d50503374aee48d11f94b9e2469bd7c67c730cede2192
SHA512ac1238d8f511bffcc7c71517745c61e3e74304718ae87e7716fb64653424f61bfdb00b6558303d8c2fdff3f9f280aa57054b901a67a675638b7926ba91f1bb3f
-
Filesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
Filesize
111B
MD5ca2972a64909d4384bfacbb9a4e8e1a4
SHA1c276eb2414bbde31ffa172ba16e66004b3d972ce
SHA2562bb860092073cdc7085d54dbbc07939225f3e48a67fe464e0079a0b287b6d472
SHA512ee2cb18b7231b099a56f030d8267b3e0a1e496b5609a445622bc26897336ca129656194e294c46fac43e520122a87dcf8d12f756f5399cb49a6c598477046a77
-
Filesize
111B
MD5f25ee2ec346fbf7df0eb4f684696a07c
SHA10fef4fc5fb245f4f393cb04d66e2a6a019c87a38
SHA256c61c1e4e1709b2196354c3701cff9832345d11bd500b8df76911a91b0583cf4c
SHA512ceb923152478f41a70bc3b74ba5d86f12220da66d290b27af6d1d14cd23eccab2abe67e3334df4b321ea67f350daf678b274afbe37e5155312492f819623e172