Analysis
-
max time kernel
5s -
max time network
149s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
17/05/2024, 15:39
Behavioral task
behavioral1
Sample
5039d7038eb55d127685f3bc28601d44_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
amap_resource1_0_0.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral3
Sample
amap_resource1_0_0.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral4
Sample
amap_resource1_0_0.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
5039d7038eb55d127685f3bc28601d44_JaffaCakes118.apk
-
Size
15.3MB
-
MD5
5039d7038eb55d127685f3bc28601d44
-
SHA1
8d0710b5e15cc73f2b98ca905195cbf042e515c7
-
SHA256
60fa38ba267e5cbebe9c10ca95dd93fa01f27aa982ca759fde1f7296b80bf1c0
-
SHA512
79ff97587ce36d562d2d4508287d6275c3b3d8e96a07d38375676735d66693afef6e9319fd046ce487b248498a833f1af6cd67e7398b06f947962c9812cee93c
-
SSDEEP
393216:ZKmqaL7Qkzv21yRwqTilIk3C/Y8nvsEeQEtPKSkCBdlbAA:ZOa3BztTWlzCQ8EcEcfCBdp
Malware Config
Signatures
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.vigo.tongchengservice -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.vigo.tongchengservice -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.vigo.tongchengservice -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.vigo.tongchengservice -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.vigo.tongchengservice -
Checks if the internet connection is available 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.vigo.tongchengservice -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.vigo.tongchengservice -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.vigo.tongchengservice
Processes
-
com.vigo.tongchengservice1⤵
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4337
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5a5711b8f1228e29d2a40ee2cd8e8f10c
SHA164a1096f3506f7469ce381183b7edeb79742c69e
SHA256601ee99130dbdce765f8fd319215a638590ff82214d86469f52cb19acd67ad8b
SHA5125d7f2402085d7f7b505c16358600cc11e19fcb76bf1d65ae82364a31d48ea5603d1864c4590da596f6c8354a9e82a7874e64be721da00d1dac54d04da2b8e3b1
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
72KB
MD53d2f6e16ea2b9983a72e040f54d226b5
SHA11c75dec310728d33108f793fd755bb5ea35e33f4
SHA256d1718dd9b2469e56407b6339da710bfd8f5b3efbfa189070c4b9a42b3e68edf3
SHA512ed1ec5121b9b8571a20a17d70715b5d82c670d044e8143e94c08eee51978dff3e5426279d71c9f48be0ef9475944045cf61c47ec495f514659dc24099c280770
-
Filesize
512B
MD5a8a5c3f89ef3c1eb2a6e1f03376125c5
SHA1d55330bdc5409caba120c8d01ad37c0621829c9c
SHA25622833a632fdb46d68d54d8fb84f0c29f1614cc3df52ece4d62c86bfc44c8ca87
SHA512086569bc807f1bb2d9486dd86e58b21ac6b4d3013925033710434c4d712a46c1aa3fc19b68b5f29a23c722c6faaf55814bbd0750a382fea72f50a19dc7b4cb14
-
Filesize
68KB
MD57eeba7ca5d265c99b3b5b039d4d5cc6e
SHA19f400f64aa2d413d6ab824993a182c2ed9ce8006
SHA256c6233f29bda8d81e375b7bb63ae087e3c2c82701cc50e2f79ffb032f7e850e36
SHA512b12f1ae252f2c7cf077c9b6594dda5be3323177afd00320df9bec56c609c8914baaa5e2b0a6457f66c13aa1e695cfaee856faa7f275082925b096c22b4d6bf57
-
Filesize
512B
MD5ef1423cde77f5a88466ec24917ac2cd2
SHA1822f9dc99eac24e7a79545f8825d4129bfa7e9d0
SHA2565f2fe427e2e553916db430c5f49b8ff82924b2a06259b88637af1420136a2f17
SHA5123a249dafbdc03a13907f49adac64f99ec0159c0037877df45949df652c958e60262bc98b95bcea053f74056e69e89554e97f4a1b914cb6728a526c051aba5de7
-
Filesize
32KB
MD5a67baee6ee1f353da95f0de30b72fd74
SHA1dc17d4ab07801b1135041c1b9b98bc5a2bb48220
SHA256a5893846ef8306c8cce58c5ab10ead5ba5a40a3cae7e663b3b559066aa367c2d
SHA512f04c2394dbaca7de70ca68cc21dfddcfea47b071a4f5b08e481771c20d78a226265ae2a6fca390338e669ffed0f2c5a7e008cf486fd77a23fbe5dfee11511dc7
-
Filesize
111B
MD5b1588176dab11c3be63f3b8fc48e35f4
SHA1eabf3ea0876bd4f0ca707f09d952e2956b8ca781
SHA256cbe02d1a376c8ee66f9ab400f4cbc8ca27b8c28ea3d29db64e5336f99f21240a
SHA51259f748173c6352b611d051460e90b6b019bda3db46fed195fdaadfbebd9bd63b7f0b043a43e69db5220043240e0c1f742e013c290fd8a4aef47a53f5f11f7b79
-
Filesize
213B
MD516a536e18a452414c674b058cf58e17b
SHA1ecd3c44e3e4528e4740e4c1b21433d6a628f0ac7
SHA256b0c8d6adda7bda88c413b1661835df32b0ce4dcaaf838ce98b27e423cfb904d1
SHA512d0a5ad1adbe1fc331e4ad83bb2ab84bc5a3129cb463a45effc1183f35db98957c2d4edf82aa16428e45e5d16e2e527164f5f1a33d1d2fa3282af415695d72433
-
Filesize
111B
MD557daa271140e90119ad0549ad3c442b2
SHA1d9c886bf79ac737ef8d04de7a260e903ef6f7d1c
SHA256f87aed113e29932d16e7b850e18c197db3769496b8793a87c6c631da6bc53500
SHA5127f95f3f269ae32336d663f1fc5f1dc6be63b68b61cb4c9269981a45b4a77b1307e65c3fa065fb1737b53c071afc6b6f23858648e425fd433208cd609f1d0d6f5
-
Filesize
167B
MD57191c2f53b68ebf91ae15081b2428e40
SHA105c5713a54b42f1b7c9f2d8fc1fe7e1ba3466e10
SHA2568c94d958f1ab07f5481778ba1316d7b5461a7cf5f797cb93f087fa61a17b4daa
SHA5123b9203e43c1d1e8e557ed9c8c21b91d5d53e14d409e06a18be89d3ff3c0ab661cb20b5232fcf13d8d4488f65b24958df1f620bacd221f336096dbc1cdaa2b86c
-
Filesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
Filesize
1KB
MD5c145025027d77000fa015009616f6fe2
SHA115ea9e0825be045d8ecc22cc0edda070f2c5d400
SHA256ebbca6da8023502cab6c3b6730f75bf988b437d5bda1460d930e24518053c8d1
SHA5129b8bf4ef173965e56527c3a726df8e8fdcdd496e35dd8a23d598bad2b9457a5f75875b0a34487356dea7774a34178679b202433c4da0df4bd0a112ce3c1ef4aa