General
-
Target
48405ae6bc6880438455299657590929_JaffaCakes118
-
Size
11.1MB
-
Sample
240515-1z443aed5v
-
MD5
48405ae6bc6880438455299657590929
-
SHA1
1ec6792110b8e5795c10319ff10758e97843936a
-
SHA256
a6541a2a039d8c329e711f735d2e03b6699a7469d766474b7ae1d6ff3a0315cc
-
SHA512
59e8d1761a05c906f0d6404dede4e7796471983d6c7439b076d5bdd0bd1bb6882c60fabe9896928fe7a6de9cda7a7ac4e21f2846d575e28c06f62af8d41a5361
-
SSDEEP
196608:1Mje9RWJseOSgSOSgsnP04OhMogU+HTBaIYWwDDe1IRAWn5MC9JHX7nyhVl3+:11eueOSgSOSgGDOhM/sIYWQDe1IRh/3d
Behavioral task
behavioral1
Sample
48405ae6bc6880438455299657590929_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
48405ae6bc6880438455299657590929_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
48405ae6bc6880438455299657590929_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
Malware Config
Extracted
joker
http://abroad.apilocate.amap.com/mobile/binary
http://apiinit.amap.com/v3/log/init
http://ask.dcloud.net.cn/article/285
http://lbs.amap.com/api/android-sdk/guide/error/
http://logs.amap.com/ws/log/upload?product=%s&type=%s&platform=%s&channel=%s&sign=%s
http://ofloc.map.baidu.com/offline_loc
http://open.weixin.qq.com/connect/sdk/qrconnect?appid=%s&noncestr=%s×tamp=%s&scope=%s&signature=%s
http://wke.openspeech.cn/wakeup/
https://api.weibo.com/2/proxy/sdk/statistic.json
Targets
-
-
Target
48405ae6bc6880438455299657590929_JaffaCakes118
-
Size
11.1MB
-
MD5
48405ae6bc6880438455299657590929
-
SHA1
1ec6792110b8e5795c10319ff10758e97843936a
-
SHA256
a6541a2a039d8c329e711f735d2e03b6699a7469d766474b7ae1d6ff3a0315cc
-
SHA512
59e8d1761a05c906f0d6404dede4e7796471983d6c7439b076d5bdd0bd1bb6882c60fabe9896928fe7a6de9cda7a7ac4e21f2846d575e28c06f62af8d41a5361
-
SSDEEP
196608:1Mje9RWJseOSgSOSgsnP04OhMogU+HTBaIYWwDDe1IRAWn5MC9JHX7nyhVl3+:11eueOSgSOSgGDOhM/sIYWQDe1IRh/3d
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Checks if the internet connection is available
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Reads information about phone network operator.
-