Analysis
-
max time kernel
173s -
max time network
191s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
17/05/2024, 15:50
Static task
static1
Behavioral task
behavioral1
Sample
5043537704010b4e7ece10f65cbb315a_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
5043537704010b4e7ece10f65cbb315a_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
5043537704010b4e7ece10f65cbb315a_JaffaCakes118.apk
-
Size
12.2MB
-
MD5
5043537704010b4e7ece10f65cbb315a
-
SHA1
0d7ed630442c6e0bb1a4dd10eb8803b796b292ea
-
SHA256
8d7bbbf3f6892ab2c1cbc453644ee6091ddc1c36eb4fa9fab422d52bf9334e72
-
SHA512
acb274ba3c2d8b021f88fd4d6635e63e77e35d6edb8edf0be98ca3adca4f39d619a278accffd95c8256806993936558d3e743aba1373825a9b202101a8c8afe2
-
SSDEEP
196608:xJpuVu+M4dw5mzjTZPFPPPJNala/5fCYTFZUhMaN+6L/706dNlNpKcYPo9joATUY:xJpuVuAdrWcFZcZT0sdWPoTf7+G4Z+
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 7 IoCs
ioc Process /sbin/su com.mobiletool.appstore:remote_proxy /sbin/su com.mobiletool.appstore:push_service /system/app/Superuser.apk com.mobiletool.appstore:remote_proxy /system/app/Superuser.apk com.mobiletool.appstore:push_service /sbin/su com.mobiletool.appstore:channel /system/app/Superuser.apk com.mobiletool.appstore:channel /sbin/su com.mobiletool.appstore -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Requests cell location 2 TTPs 4 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.mobiletool.appstore Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.mobiletool.appstore:remote_proxy Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.mobiletool.appstore:push_service Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.mobiletool.appstore:channel -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.mobiletool.appstore -
Checks memory information 2 TTPs 4 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo com.mobiletool.appstore File opened for read /proc/meminfo com.mobiletool.appstore:remote_proxy File opened for read /proc/meminfo com.mobiletool.appstore:push_service File opened for read /proc/meminfo com.mobiletool.appstore:channel -
Queries information about running processes on the device 1 TTPs 4 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.mobiletool.appstore:remote_proxy Framework service call android.app.IActivityManager.getRunningAppProcesses com.mobiletool.appstore:push_service Framework service call android.app.IActivityManager.getRunningAppProcesses com.mobiletool.appstore:channel Framework service call android.app.IActivityManager.getRunningAppProcesses com.mobiletool.appstore -
Queries information about the current Wi-Fi connection 1 TTPs 4 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.mobiletool.appstore Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.mobiletool.appstore:remote_proxy Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.mobiletool.appstore:push_service Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.mobiletool.appstore:channel -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 4 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.mobiletool.appstore Framework service call android.app.IActivityManager.registerReceiver com.mobiletool.appstore:remote_proxy Framework service call android.app.IActivityManager.registerReceiver com.mobiletool.appstore:push_service Framework service call android.app.IActivityManager.registerReceiver com.mobiletool.appstore:channel -
Checks if the internet connection is available 1 TTPs 4 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.mobiletool.appstore Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.mobiletool.appstore:remote_proxy Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.mobiletool.appstore:push_service Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.mobiletool.appstore:channel -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.mobiletool.appstore:channel -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.mobiletool.appstore:remote_proxy Framework API call javax.crypto.Cipher.doFinal com.mobiletool.appstore:channel Framework API call javax.crypto.Cipher.doFinal com.mobiletool.appstore:push_service
Processes
-
com.mobiletool.appstore1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5155
-
com.mobiletool.appstore:remote_proxy1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5477
-
com.mobiletool.appstore:push_service1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5715
-
com.mobiletool.appstore:channel1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5937
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB
MD58e282bcf588353c0fcb5c4e8e921d213
SHA135ace4a2a26df2138a6e6eb2d0d5c480a2d86276
SHA2567a817cfbf881d8237821020ea690dbaed2e9f257ff7cccacf385bc8c2413dc07
SHA51291b958b0ef401421f858e68c3fec030a1b2287320b3d2a1a9cf7cd325852d0b03c6c425cdb20a49d75aef102ac2230caff5f03036fa91847ff16b4d57c60ea20
-
Filesize
12KB
MD596b70217e1b020be6d1b7e0961c71ab4
SHA106331c1b5cf94c120fefee1164d018819127228f
SHA256b15799bbcefdad0d9c738c81910312ebfe0b700ee765191f39919340800aebfe
SHA5129aba7a593170c9877344a5f7911bb0ddfed26c70274eb9e53ac56a6fbdf189da8a0fcd221cb4e83be9f1bc438d78ca484975187dafb5c76839138720695fa14e
-
Filesize
8KB
MD559e1f19f8dff1e70191e59d7a732b4e9
SHA1a7f06356c1e05322f50e0688d66386aaf82cc7f5
SHA25640413465fb17139deba347745fa0f4860b9b76bd8d5c0f9f9a60c9dbe3d0eb81
SHA5129e5b799fc89555cbe6f4fb1ac22ca3098955da5bd70ed27ec3d582b0b3b502143c172e9deca35e154be048ce7286eaa01d0419a171a1c08af70f4f4071a25daf
-
Filesize
8KB
MD5c3bd72523358da599f393d1836b5d985
SHA1e603dc633dd4febb46a66e963661cbdb2d9bc4ba
SHA2566d94d7e23114383742e988adc47607dbcf3de25e546240453235e341d6351108
SHA5125162756098529364e2afc5657cea048ce96d91f2f81e7d4281820628c1207a77fb8a1a5a9ba6323ecb1a15e8244d13c6562f52c7faaab4352a657c2b3fc7bf85
-
Filesize
56KB
MD5ddbb1009d18ffac135ff10b8065169fe
SHA1aaafce41cbe84945cc912afe75e6fc82389c2ef5
SHA25645eceae33f191bc284ab8822fa76b156fab03610de4106e4d067c903bbf080b9
SHA51278822e97f68c04b6f3c7f915ebbbe8cba843e11ddf36872a0e0ec0ba47f0c3a58444469df0649750b9b5fb252aad0048ce4948cce7c7eb96d27203565a84debd
-
Filesize
512B
MD5a29d1f44b2ac43e6bb77c512818ef190
SHA1dcb98c330d571226061463b123fd07964dba5e16
SHA2567c59dd6c374c91a700096b4cc06926f86506c301051765005de475ea8133b5bb
SHA512c9f4af8ec881e65aef95330e3799594a1b13d1a2604e94217edf3ece1d97deb6d71a6763afd154bda36d5fa8676ea38ba92606fe40bddade6f85ae58ef18f742
-
Filesize
8KB
MD5d973d6197e90e4952353317d0be6ce8d
SHA1957fe28aab83e3431038e86fe767ef2b8901543a
SHA256cc10b2cfbe0a4827a2b705e877a55b93ed9bb58002cb4ae228a8e8ae470bad31
SHA5122b070b16ec6827ac9d3b8c28444f37f5ed2cd4fe3a3b2c3fbcdc976b3e8bf16e91d0d404832f2461384ffc5ab7331a62165571489b3996262face3702e790ab1
-
Filesize
36KB
MD550f3d63f4b9241e212be8ec20bf3e374
SHA110353f506f0aa9dfab398275482eb42da167232a
SHA256be9049dfc1751c212273b6e4d07202e47cc7de289dd84d388a27675609056653
SHA512dfc6dc641041edc77b5b77bda43ebbfd0eb6c0f4d55d05a7a914f77c58f2f465e8d29aa7e2c9773ec93a257154a6c779a6b165b8765a214aa154976887d8ff7c
-
Filesize
36KB
MD5b2aec2a775854360f68b021ce413f83a
SHA179a0abbf123e70ad97d516cbcaae1db9a56f5f7a
SHA256e9210840283cc5362216e5b8f0c07b44bfc403173969142e4e9c0089feab340c
SHA51222c4efd2119511d8887e4063c9b28d8dcce5392b170eafb760e3f56d5492659d4df7551077aaf541528e7ad7d455c5e889bb8f883a8782000926fcbebae0737e
-
Filesize
512B
MD587530932474c1e9714d4dbc8daa2f879
SHA17e5039f118ebe93b89dd4386678c2384d1fd9f04
SHA256fb9ad7e9129106c538b94ffb6ad6e837289dbe6a3481578c159c41178943469b
SHA512cac0f9fe5f9082645dc4a220218b68c51944f214cabd1bcf72cf00e7d4d080e14963bfba921b5430b81220cde2aa44d43d3074edbd8bedc1076bd9ebf80ed1b7
-
Filesize
8KB
MD54bacdea38f6d349e99b3287fe0203c13
SHA1679db764194e4e1d3486764b39ff2391d16e69b8
SHA256d5dec3c95d5e5e3e6452fcff3acd83ce937c7ae6e537e11398bc576247a7614d
SHA5121ac0731069469ae0674b30ee0ab6e0ecb52c9f695e6fb396573e1f0cc34644974c8b221ecdb38fd5272883d83a7b5901efd4f44370d5f981c8b94c9f03ad64a0
-
Filesize
8KB
MD5e798d65c668c6e7d72d8db182484f47d
SHA19b1b38359c4bd22f9e8b495392cd3cdc9130ba68
SHA256e7a9d7da672c6caaaa051fbef7c9e7427ef7531ea0d96b9f3858553e7ad4e106
SHA512460aadd1d07ad362b6172128f9af0f2a7d3c7019a633d698840c51291c9bd06d472cdce5d14f59a6165b3eac368ab07cd2691b18c9411588d2f7ce79aa51f576
-
Filesize
60KB
MD5402a847b1424357a316c5bb6b9d7d735
SHA12bd36464145d167309e05cd0e598ce9dfc05b7dd
SHA2567958eca5a6410e6b18bdf9537c7951b5a49f2ef5eb5ba10ea0fdb13a950d9d60
SHA512ad921b8b1203c648fb46ef232409789cec0da3eea78f5e1ed3fc502338c4036db985cb375589f4a5fcabc0eab8a5810d87656f29a2bdb08e27b8ef54e86c5ad3
-
Filesize
8KB
MD5a34e276a77b93e00cdc54b603de4e734
SHA162bd7e4f4fba1d9ffa61aecc03a696534dc0a1e9
SHA2563637fbb764cb55139cddcf9f1d0a0d19bb47e14b6b7d08792544a9b99c3597fa
SHA5125ed225a4a8e749861e7d7611aec79db4cb38f3a7ce8576428ff50e58f610afb440338c6d5fbb417d0fa936c62bf68b4ec5ef250ee17cf6310a3fc4ed623171b3
-
Filesize
8KB
MD5d6d9cfa138c9026ea2b8fb3d28c012e6
SHA1e24bd1ce981429feea395987fdfcdd48f744d14e
SHA2562a03d783a1b50313f6b6bd27730c1ef3209ad3201a4e2314d009c6d334eb9f5d
SHA512f5b01405aff22a0d67b22be5f3248a25f523ad2df217803856cf8ae88a5a51a30d817814488e61c009799576198a747a8b63eb32b563a0d2bb0c95f56153acc9
-
Filesize
8KB
MD5cd463e4c0134bdf9901518252b0499a1
SHA1f79d6d54702b57c5cf9b7ffa1a7630510d48bafc
SHA256d359a57e235fa8bf90a73a975b32e47538c885fe44e57e21aec6996e281375d1
SHA5121547e6919ca38a0287f732cf82147b01aeed39e1d5d6d67b98dc1241b3e2f67f8c626a78c3950c4ef5deab4b3867f604df1f338452fef05b54ab059d3fb6bcab
-
Filesize
12KB
MD5fe8724f18fa96009a98094ce49760fd9
SHA132c9a7ad62160bc4441e8443303af846edfdb1f6
SHA256f0a2a4bc17008e96d60c58fc78d6ba2168cb7051f40dfc86ae505fe3effca2d4
SHA512f61b51c60a38ec5ebd4681fdc231affe5c23262446f103cfac920aa9f3c0bcc83148d2dd0d04f55544a65ac761732c9b9a3017be23eb434d02897de2ba2350d1
-
Filesize
12KB
MD55abffcbad48696ff18e2596a856ac561
SHA1b17da341d3aa370c67d148467400d9eb3b5ac98f
SHA2565da5d3977f518a0893166bb275ba05fa7b3990a131196312b49c8ed89459f6ef
SHA512b95ef3435fe8bba10526cb70212bae5c5fa7b3c53d98aa94974366df0c724c56c867c5e699b78c4b3b43909d67145031fcc19ab0a54bb1773633f369718edbe3
-
Filesize
12KB
MD588040b0f5ec33e5e1a2928cdd828caa5
SHA1ac48f5901925989e40eb0cbe522756ef0f88bb79
SHA2562bbc76308b3d0a0aad01bb8bb6642dca3cf1af239c2f6b64c059eea50d95f3a7
SHA51265294c66c73db67948a037a0b1d77408249498057866ea40f6e565ad7ceb78c1fa00736e31f176b9826d5236203b4769bdeb48d64071ad25b62457f7e27b7fa8
-
Filesize
36KB
MD5dc45edf9049a9a860a780c564e692bd3
SHA1f48f2398e837fd70b5a0cbad5717d2bdce8f7407
SHA25610b12ced315543fdc710187626fbadae00c02e85331ed88d2755036a8d8ea33d
SHA512c924461778f1caee57c68379a32a6f27ad47f63ac91f1447c3a691e831b092ca7efe2345c2e6633ae45df3247b4ba48e3d6b8660b9fbebe09a16f39e70e8b15c
-
Filesize
12KB
MD5dd08c1049a8ac1a310fe915df4bcca61
SHA1d7141cf41662ab5d1d64b4adbcfdea0d6cdc3db6
SHA25617564d947a99fda8e66e5581026d6f4035a5a2761191f84b47ae811b9686ffca
SHA512b6ffce39b326cd57e598777c667af214f2bd0af8b97066b68b05ba27094cb21963dd0ad6d55cdbf4e3230c5bf86722ddf4f9e3f8912d90b7df7582be04ee1ae3
-
Filesize
12KB
MD5bc592c54bfd3419b3b0bd04c8502d509
SHA16e93d47140258efdf65241deb14ff308a3a452ad
SHA256a82ea2a052ea37620b38e500e57ca74c7b71c23c37cc2cf7ee53c3b3b16cac73
SHA5128bb4fe81b359de83f5c35c472ab6a8f9616a744df2961182f155882e890e52839fd698356caa93640936a517210f0d6d16e89c12b9a706a9fbd628aae26c0db5
-
Filesize
8KB
MD5e5f51f1e53752dde0203fe77de61d258
SHA125b6629487c199eb612181ba96fa2849b968e60f
SHA256a640cb294be35c18f5520a77ec2db9c2f76c0427f35eaa4106d9d76aba463a43
SHA512d4b7e6a3c18cb9dbb7f3a5e40885d4ab958eebc4e27794c48cdbc54a783444dadcbc397365784e308ee2541185438a80696ab7093b22a9c6e2719b790eced028
-
Filesize
20KB
MD509f820c93e859ec750d3d98dea6c5919
SHA17f2351d858576faeece6790ca662c8d8e074c25d
SHA25624a937e220e4145ca69aa28e9f714f0b6c6c7e760a871fde091d0eb803ef2fd5
SHA512dd339cfabe04133224458d246a210da9745ce7f86d664bd3360741647b8a8a392270404a21201b6ba0412e505d5b6f12e56964ba299647dafdf1cf2aa18216a8
-
Filesize
512B
MD50f331c929522d024d9570bc42d4e2083
SHA133e9f150657d8c2b0e5dca58c4b1882429dd2d88
SHA2561dab6d763cd39ad7d3400dabcb5a69a990ce104afb2cf1cce5d99fd8d9b6c336
SHA5123d564dd91cc08a2598728012f5942344d3a61278ba7af88815e3a1cdc755385b950325950bb2f7bf14943f64c233308895d19c7c51f740956a2acdf34da70a4e
-
Filesize
8KB
MD54a3b099d4fa2432c0d66ae90d11be940
SHA16292b55f4ce3e71aee6e4b828bddd7efea91b827
SHA256670d1c29780d291d1bda344a7e0f4fbb8ac46228a62ab7672f3ee91d6042b83b
SHA5126385fbba253631b02f14b0df5490888e1d5c615f39a4e89559751de12a820b182ea09d0aa6522816cd87c592e6f85af4fbcac923c7085a49f97199ff96a0f8b6
-
Filesize
8KB
MD5269bb2e2ae64b7978eb03cd0196d25f2
SHA1a57d77a2a0f1d418a8a2149d4a451702a030c309
SHA25689bac577a034ff046484637029fc15427d6c9f8160d929f4a50af72f0fe92831
SHA51257268b343f387239eb3d5362f23dd181ef43799776abcc41b45b1b917171c437f20de2476d3df982f14f3e64e44dc27656a1e29b90fa7b0b8a14aa2045a9c3f2