Overview
overview
8Static
static
650192673ea...18.apk
android-9-x86
850192673ea...18.apk
android-10-x64
8xq_skin_blue.apk
android-9-x86
1xq_skin_blue.apk
android-10-x64
1xq_skin_blue.apk
android-11-x64
1xq_skin_orange.apk
android-9-x86
1xq_skin_orange.apk
android-10-x64
1xq_skin_orange.apk
android-11-x64
1xq_skin_pink.apk
android-9-x86
1xq_skin_pink.apk
android-10-x64
1xq_skin_pink.apk
android-11-x64
1xq_skin_red.apk
android-9-x86
1xq_skin_red.apk
android-10-x64
1xq_skin_red.apk
android-11-x64
1Analysis
-
max time kernel
177s -
max time network
187s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
17/05/2024, 14:57
Static task
static1
Behavioral task
behavioral1
Sample
50192673ead239a83f5fa78e0eea2b3d_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
50192673ead239a83f5fa78e0eea2b3d_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
xq_skin_blue.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral4
Sample
xq_skin_blue.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral5
Sample
xq_skin_blue.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral6
Sample
xq_skin_orange.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral7
Sample
xq_skin_orange.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral8
Sample
xq_skin_orange.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral9
Sample
xq_skin_pink.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral10
Sample
xq_skin_pink.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral11
Sample
xq_skin_pink.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral12
Sample
xq_skin_red.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral13
Sample
xq_skin_red.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral14
Sample
xq_skin_red.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
50192673ead239a83f5fa78e0eea2b3d_JaffaCakes118.apk
-
Size
8.7MB
-
MD5
50192673ead239a83f5fa78e0eea2b3d
-
SHA1
395d1f12c4b99d70f54060f7d42677b482c2823d
-
SHA256
f05c16eb969304b72f9ff3aa0701e4061484ba93734fea92ee3e88f681460442
-
SHA512
7d056cc4fdeb91b0bbb6530df20c262fe6f36609dafcff1189b543a84853ce49c02219dab4e92b66c5a58a71a126cd14cb7e3458e7e1b2ee693ace4def5c03de
-
SSDEEP
196608:4mUJezQjeDiGRgUAPeMieU7e0+LEeT5fqcWE/Yqczl6ilobxJS3obxJd:HUJekeVue/emeDLEe15WUazgrq41
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 4 IoCs
ioc Process /system/bin/su ibuger.nnjm /system/xbin/su ibuger.nnjm /system/bin/su ibuger.nnjm:remote /system/xbin/su ibuger.nnjm:remote -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation ibuger.nnjm:remote -
Checks CPU information 2 TTPs 2 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo ibuger.nnjm File opened for read /proc/cpuinfo ibuger.nnjm:remote -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo ibuger.nnjm Framework service call android.net.wifi.IWifiManager.getConnectionInfo ibuger.nnjm:remote -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
description ioc Process Framework service call android.net.wifi.IWifiManager.getScanResults ibuger.nnjm:remote -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver ibuger.nnjm:remote Framework service call android.app.IActivityManager.registerReceiver ibuger.nnjm -
Checks if the internet connection is available 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo ibuger.nnjm Framework service call android.net.IConnectivityManager.getActiveNetworkInfo ibuger.nnjm:remote -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal ibuger.nnjm:remote Framework API call javax.crypto.Cipher.doFinal ibuger.nnjm
Processes
-
ibuger.nnjm1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4315
-
ibuger.nnjm:remote1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks CPU information
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4377
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
108KB
MD5b8e92aadda897e679bc29c8830066dbd
SHA16c01cc71b8d7def308049ff4010854d4fcafd124
SHA256da452fc67a4f21d80906141f9c0eec972ad1d5f3a662eb56fdb3ea0c3b46c6d2
SHA5125a7f119f54e2d6fdc0dce377e2b4c70f267f502028c4aa2ae6444efebed8ce136bfb64a1c1f3caa7b45c6bab84b9ed1fa784fd2633f90d569827015901b22769
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
104KB
MD5ca7f1ff30e585635ee63546ccad3a2e1
SHA1c1c81080587cb78546cadccc81709ba4490e468a
SHA2569a07eed8370c9b2c1fb951724bcdd0920ff0dbf98c947a52a95d7478d4daacd6
SHA5126cab95192c032ec2b4421ea8a035362f7a076b922f9c9891510431cfe7cf47999c6428527ced9a11db132b36da5f6e970a4f34e39e11cf6e66959da48b978d3f
-
Filesize
512B
MD55066201d8eafca9155df39dd61419835
SHA122cd396b1415dda33ef4e43f7809942719aa385a
SHA2566d1517dfe268020e11213d034dec4108e0039b4c5c3e018b6a7ce6077df1f592
SHA512a14a0b5d2e1f5c9e0262750087a9c19df34982eec66b01b8bf5fa2d63bd9825390184255b9e560908f74dd1712e61d46a38315ee0bba8293bd18ee25040c5e8a
-
Filesize
36KB
MD5f3a16abbd9176a2ce2e76f3bf323ae29
SHA18aaf11a29593eb5489811557a733aa007d684f55
SHA25675d276a6eab5b0a50cb9f2891efa3c64faca01197f48217cd4680823f2ef46d3
SHA5124b865445ea3803a8bd3856b2d1e3a719049d6ad86a1cc38fba1c17de11764d855821b723b5a1a1de044d8513f6b602ac71aaf10979861eef431c38851b8e828d
-
Filesize
512B
MD5bb97a750c0883b6b5e47d9e685b6f5f1
SHA1b034bad5770eee35e8ef01053ebf8face15e7212
SHA256895cdd3973752944c243e785794b988da1fbbe5bc24a92ffd8452af806bde687
SHA512d5a542ec6ea827e3b982d1cb1f935eebd4fea6a0ddc4ebe7195d3b966fa2a9838aaff28ec586ca1e3652aa911f2206b09f78b3ae0dc242b2a4e067a19804a086
-
Filesize
68KB
MD571cfb79a4a6769233c41123cf4c55987
SHA1893e154b6303c6b78af3d97ec9ba6a407d17e434
SHA2562e6ebf71146bc1d74edde7474fc13a3fafb65a0554c9779967b46fea646460b6
SHA5126326d7baf9225b8a5e430ceeb3445c131e35f13ffa6986f5f4d334f87db09e6e4adfd0527392c86f3ed94c79427850f61859f378c78fc78f53024cc083862abd
-
Filesize
56KB
MD547fe23cf3e8c1e490bf31b657b2236f5
SHA1decff12d54b61af4b0ee9bd3198c670b833591a3
SHA2564f7fece740565c3b21d2dafe3ab2dcf4533c7f4e3ada379e145e442257169174
SHA5124df5ef654530a391377d3cffb0588bac8d1d353a76d0face8285aee7b42403432d63fc5317c9ff1b444675d926b96935cfe8461a406d380be00095d513423133
-
Filesize
32KB
MD5f448b6dddd6fa233c506cca8fb93adaf
SHA13c408e5911dbce1b5bab29d292b06f0cfb4237e6
SHA2565a745ddc2ce91756cc59a389c6748f2a2b4956c3f364cc3479bd29373d02bfd9
SHA51255aed2efe24dc6eee4d44bc848665cc2063517d113ec42c02baab4683b8a09999db20a779946dc304fd322d01f16022311ceef9ad92b35a73161544c8f591745
-
Filesize
36KB
MD55981aee9d03af53296b76cdbdfdf97d0
SHA1e1034e0e40f88b2e65dc3bb8a45206a41cc5dd78
SHA25625a4274ce223a91a1a67c1941b98347bc102ce3da822eb76f11e3954d81dec94
SHA51219d467f11ee4ec046b7aeb10bb98ee00f77f4866680f49236c1f63d8c6ef0b8ad77cf0467af7247d812fd2b5d22bedd2b09ed29077c19eb482b4e1424364d6aa
-
Filesize
512B
MD53dfd250b7df291813c69680d783e3534
SHA15e9898d16582da621a658e1b6e3acf9aad3c3ff7
SHA256f3a7e5b97392e9b31c7c23e1da5b113335e0c3c4c71d7eb1e151f952f51c602d
SHA512e10ffada24d996cf2e06aff2febd158ee2168e5433735c9df931787773d1edc854808d35799abf44a92cd92e00688a4f3569a521133dae8bf99765e86474132b
-
Filesize
32KB
MD5cfce5ed1a3370cd4df38891414660766
SHA1cf8453b62be18678e2d2ac69a715d19751c341d4
SHA256244fc1dee67a5315192948c0cdb7d291d5776faf5a1dbb591537625e5ddf3091
SHA5122352a82f41ab250e30f5635824395f46e3f604e119e87d3e322e10bea8fe8ee678fbe0ad8439a634de913d3b094df1ecb3dd5c092776be62dc9db4799729bce9
-
Filesize
64KB
MD5460f3507913b83c54f417834ce596669
SHA1bb112f55bbd606d7744b6febe6a09c240bb29195
SHA2568e85c6366677482a577751f9473958cc435265df0395ef68a1549e6c9f0c6920
SHA5121b61b4d076a98fab2ba6bffd585dc0fefe3fa48bafbd155a1bf0bf719f01a3456b621b18af4463f917198d69dc92d07e914eb7d4336d773dfc0bdb923f543ab8
-
Filesize
512B
MD53b1fe88a5fd4d63aa2e8cdd70180709a
SHA13d39b795c79b62e99656e13fbb541ba1dae8b0a5
SHA256eaccf70339b260e836e58958109ecf2894f029dd618e5bab66fea60f1e8ace1c
SHA512ebafc4347255abc9f630a48c10f72e7dfafdbcb579c58dc2fb0a94e71faacea2035dbaa37372d2816f9345794747cdc18171f9ce3b73204766733b0abe1bbfa1
-
Filesize
56KB
MD53e905658bd880eacfe5315ad1c93bbfd
SHA14627a073a2c39c6e83a5bbfef8b7d90a23c6b0ce
SHA256de2186cf7b35edc997fb511c50c3ea8a2fec08b3e443c92ec210ea5d3f58dbd0
SHA512207138d9217a07b752217200a712f757a8faa4c25b202055f335afe368817675ff09ebe8639e2ab94471ff54f27d56042c848d5df7cbfcb7d168bcde7c626ef0
-
Filesize
573B
MD584908bc677c45bebd41fd68c4add6ff3
SHA1b5867d0d54a866f42ad429f48e2d3c65f95640b5
SHA256bb036d272981a697614af1d144447c63a4f67b881acc03dce82a536325247510
SHA5128fed407a556fccc0f3f01f3fe2d9b6894bd71bb584abd619d60053a8d9036a55fadfe46ef06f4237880e6f251d8cad37399eafdab6b5678931b9d9826a062868
-
Filesize
310B
MD56e0ffae3838c7381e7f5994ffb6a84cd
SHA1c26f45ef55596ccd23f382ab82b3c669d6f5dd59
SHA25608b86611fdc748337fcca99120ee177be98a93be8e65c9ed5ed49e8f9b4b54c2
SHA512624b348d4c8c49ca96e4243524850eb3e9b9ad85e2a9d29baaa5cf779dda7bb3179a50b100695bc89a9367567592c533e174dab268af8a413d6613b678bcb042
-
Filesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56
-
Filesize
107B
MD5c9383021bd97affc44be4db7018c4d7b
SHA17e680409d1c86e35149bebc22f2cf8c484f0d23e
SHA256b7b7e032170e3190a84359e5c37adede1d58b6bf4c455ef0c01f73335709bb65
SHA5127303f068da97319891e2d25c1c737035f1cfdc365d75d954102b612000e54d7e2b5dfafe10bdf909563e2b46ec3ff9e546423bff6f0aa9496880eab1c1c36a81