Overview
overview
8Static
static
6502956d43c...18.apk
android-9-x86
8502956d43c...18.apk
android-10-x64
8502956d43c...18.apk
android-11-x64
8__pasys_re...er.apk
android-9-x86
__pasys_re...er.apk
android-10-x64
__pasys_re...er.apk
android-11-x64
gdtadv2.apk
android-9-x86
gdtadv2.apk
android-10-x64
gdtadv2.apk
android-11-x64
Analysis
-
max time kernel
179s -
max time network
189s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
17/05/2024, 15:16
Static task
static1
Behavioral task
behavioral1
Sample
502956d43c093218bd35b3cd6e6a933e_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
502956d43c093218bd35b3cd6e6a933e_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
502956d43c093218bd35b3cd6e6a933e_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral4
Sample
__pasys_remote_banner.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral5
Sample
__pasys_remote_banner.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral6
Sample
__pasys_remote_banner.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral7
Sample
gdtadv2.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral8
Sample
gdtadv2.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral9
Sample
gdtadv2.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
502956d43c093218bd35b3cd6e6a933e_JaffaCakes118.apk
-
Size
16.5MB
-
MD5
502956d43c093218bd35b3cd6e6a933e
-
SHA1
38c7108287d17c8938b7b94ede4aa64f5e408f16
-
SHA256
9c93f65607c03961c02682c00844000fa4d7ce93b0458188622604ef2bbd92d9
-
SHA512
a87ba15178719a14a70a68163c8024cff143d251e45b8583ef98383409057d87c5d58159c59479d3b46276d69c826d6549b84f36fc23b5a8f8b585a2ce41d360
-
SSDEEP
393216:r6k/ZYtJHTLtrQdfYdXRHSxvVqFEQZFsMosGF8Ll3kEmot:ekBYrHTLVcfYdVxFsatRt
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.cronlygames.hanzi:remote -
Checks CPU information 2 TTPs 2 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.cronlygames.hanzi File opened for read /proc/cpuinfo com.cronlygames.hanzi:remote -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.cronlygames.hanzi Framework service call android.app.IActivityManager.getRunningAppProcesses com.cronlygames.hanzi:remote -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.cronlygames.hanzi Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.cronlygames.hanzi:remote -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
description ioc Process Framework service call android.net.wifi.IWifiManager.getScanResults com.cronlygames.hanzi:remote -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.cronlygames.hanzi -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.cronlygames.hanzi:remote -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.cronlygames.hanzi -
Checks if the internet connection is available 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.cronlygames.hanzi Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.cronlygames.hanzi:remote -
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.cronlygames.hanzi:remote -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.cronlygames.hanzi Framework API call javax.crypto.Cipher.doFinal com.cronlygames.hanzi:remote
Processes
-
com.cronlygames.hanzi1⤵
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Acquires the wake lock
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4286
-
com.cronlygames.hanzi:remote1⤵
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4364
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
32KB
MD52e3ec93a9ba018be98894d179b83b311
SHA1041df81fb0f2eb1c21e1354da2f4ac9b7339d034
SHA2563e144e1f55018336b3351fd2253fff650a8a42a48ce3b632728d7f609e5beabe
SHA51283bcaf13c8f53fe2acfb6b1a749cf2e3e909b4fc312b3931020e865c0b18e0c303cbc882a5a8ff07a25bdecc985805dca259ed53f15b207b64b59e10c4337547
-
Filesize
24KB
MD5dbaf65666d0060ef3265ad60d3021a92
SHA1637ae4ec743b16ff72c3964199b778c2381d1b2d
SHA2562770b8a343e965bb6517a3c91e1f0f9fed61bbd7005710bbadf530f547ceb749
SHA512642b2d1fccd996dac18adfc38090ab1471aeaab5d86ebd72dcb36d8d723d3a5ddd697e1798990f49fa1cc998220dc789c33ee1ffa23b8a51d94c701499871f92
-
Filesize
24KB
MD56116b0aa94f80f5734d8ef461062aa76
SHA17ee44b3cecfb8415cccd7d546d2a744f77e44e42
SHA2560ff24167063dbd1905de4d364b74615d6094531583cfd1de1133385a026f5be5
SHA512d0bd561fea0a0a5773783b8c734679c73835390eeecad41bbcab601a6f9f355904b2c2451ecfab8dc2f2dd082fd2d41323814e3a2b3dbab849608f8717a71f75
-
Filesize
24KB
MD51a311323600c2400668593cce6de6a7a
SHA1c2ee70857c97d926cdca4e5d193bccc3b02f28de
SHA256fea3e42d5edcb30cc94db7f8bb0f59c225a7d5b4bf2088c73ee3742c4efcc9d8
SHA51244596c24636081af3e8f5649549f0d6182661d12b4e7b1544b8e3543f96453dabc96ad2406a2c15b6e16e5d837c0e4d1d8341a9b8a0464a6e5b3461026c45cc4
-
Filesize
512B
MD5adc32f90266b9bf5850ba1133d5f0720
SHA1e9e231a3362aae70e019c133fea85930020e0e2a
SHA256af718736b670a2322007edd6a55c6fdd0a4820e0f6ca5e6a4817226297a89483
SHA5120cce05f83fa09986ac3253f0ecc7001b8691c4dca67ed6b2b735e56e0c0a9fe607874b4a5be54e680abefadb05a5435bfc0507c0289a0c094ac2645deeb33a29
-
Filesize
32KB
MD51fa61727dc5959908580916ac2ab991a
SHA1680392a2ada7af08d8ed76a761403841362125fb
SHA256dde72c80f66603d0543edcf4f748e8f3fa2c79356013333be1bffcfaed469c44
SHA5125b6913d80fc9e78a6172852b32be39b12c7f0754f4b35fccdcc1e92f251845f703586cf87c2eef9fe559f33fd3260702931acfe08986da8b4b06aaf3e933b0ae
-
Filesize
8KB
MD53e97902b22923a51341c582be7a693d4
SHA12da9ebac8dcd7b5cf8352d550f17905f019f907b
SHA25690c27c2e6e09f939ba8fece2155b09849fa667a67a203364b9b7eb85f433ed51
SHA512aa958d9ccd7d8bc641b16e4dc53eafff599bde7f980eddcae0ff4bef06515a80df346839c9830b95855a73a99f2590d84f9bb14ecfe27751c261ea69443bd2d4
-
Filesize
4KB
MD5d7608a78653524e4313b2bf4110104b5
SHA19f95bd4193f1c7d5e6e33ff232b42a0ad895290c
SHA2568e70f275d05b74e8a461683df9272606b3e53c46577d3985c91c31cec1d10a09
SHA51223368a7cec672f92493f07d249fd9e6e1fdac7a667294e070d13f1d47c30c6803cccf55a302cfaf7f719722d6a10e662839ab7a2ca3f76ed01ac624ccd320fc3
-
Filesize
8KB
MD5a74b686b8d1cf9d08589d10561d91d17
SHA15404e7aed268f6ebef2a03f758db53e12943d5ff
SHA256264048a9f39901cbdcf552e9902cb2afd9bdd405c1367c77d9a485ea179da3e5
SHA512dd8dfd95be69cea4f110bd341781caf64aa8c1cbdd971267461ee4ec31cb280f6c56fad870c202291c8e4380a807154a9904ea19af9a9a73e99f186b18c4da6a
-
Filesize
80KB
MD5afd55b75e6ae3a6574cbbf0af1e17801
SHA183fbef23b0ab87cc787318e462ab15700bd72678
SHA2561d2249abd57c91eb74e1ccedbc57f79d7d0c89ad21571784a4083dcbc8e437ca
SHA512430e06b074d3e7343b9479c2abf1e48dc259d924db03b5c55d1f35e93c551ff411d4d8cb631290b2eeb6075af9f94a6a60b630967680ff76cb78af3c178741d6
-
Filesize
689B
MD5d70e1b5e07e595d20f64ca2ee4093e31
SHA1fac52bfe216be43bb49ab11e9e54013e3432316e
SHA2566ef977288d3f44def1765c805c1613a453f768f2a1846b9962c500092bb50a21
SHA512b6ce5691a814809e4309a594a9a2b82608d1dc78868e846818c3d6b27e9058ccc51ee0a035e315ef80b227d6864f6defb2c621a87153d4f5753f6280572cf8cb
-
Filesize
294B
MD587ecdac3e07c5bafdf0ebc8d82fd2627
SHA15617f924e11d8c14008801144414de2f4248d63e
SHA25670e7099dbc0cc24d74da51d6d4b3567ff1f06066a1eabd4bf789492e3eb40348
SHA512c6dc2427a0596ebff77a44a4cbcdec6dfc0bd5838df1c2019a88ae3e28f85cbc88176f9f3dc2c19803a1e7861fdd4718c186a663ed02ea2c87dcd22f42080934
-
Filesize
32KB
MD55002415067af2cc04eac2643b11a85a1
SHA11f84e584a72db002820943715eb02e72e6b8d601
SHA2560de0bb50addc524a216691d2503f0143682067a1985e727126fd8a0acd8902bc
SHA5124b4701fa61e10abd8a600e9e4f849219bd3acccfd8f738fe3d2016218179aac3960725b9a9ffa4a5cae0f4af717013b912eb1fa15ced8c4e4bb4051cbd102cb1
-
Filesize
117KB
MD539534a58a3b44544d6bced0cdbbb007f
SHA15a6d7252a63a760124b05f23445be4b149639198
SHA256a5663dc77da04fc906369f76bfbaaa750c369d1a1ad94536529c03da6d32d802
SHA51259ac3e9299ed01438b8eb25ffc190d3a5b463ecc690c677c5401c69e52abafa492d1a398441ec88afc723485605f921df6c58b2254b286bc13603b1d4eddf6e8
-
Filesize
1KB
MD568f711f91b30322b47afb13a62dabcca
SHA116aaf6995838b2c090b7317a5d0a99272e7eed7c
SHA2566cab9382a7c3c49c504a816ba12e7e9acb7ec15cf8d2c50e240d71441045851c
SHA512b8cd731ef55363336babe0f8907b3a91e8efbbd6e1eb900be6689b74908331ffd6ca6c899df1bc7a8193fea1f67aafaff21bb66cba578f207e327cfd03796459
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
3KB
MD506e503ad7fcd664a11915840347c8325
SHA1e47cfba4b05489944be3b1d6e1e94cf008b89f35
SHA256b6582eb794db24ed7a2ab80f263609658ad4238ab91f576fec13b49cff7d7f5e
SHA5121ee4264d3b7750241a7635858d4655a4c2d54a36d3e0fcbb4bd7ac7a8917e3550c38ff1c06cf5824cfe13784b0ce3ae0a1e4b1a9351b4997323815e5c118f54f
-
Filesize
381B
MD50be70c96e256603192d4a1c228471583
SHA14f143caf9657a3f3fa8e7dd2b5bebea829f670b1
SHA256005259813e7c2ba08553d175e1914fc61e4d2ecec0286c0af8793e51723c5eca
SHA51288bc2b8bfacd4e354de11c40915524fd1674209298f2a21b10b8b11500dbd9a0a97c244eece3a0f93b0ad8c79f9cfadf4ca99827a2ec4b200b6d054c19b74626
-
Filesize
111B
MD5d1c99e4df6b6643d0b5b88e908837f19
SHA18732c8d43ec5257c245f758f1e371d5662a14102
SHA256e2d9f9ba47bfcfafae3d9ce52884eb9552fdce09c875a247ca637966416638b3
SHA512a54c7246095ebf6a94cdee8ee124a23690ce5e27462a6fccd579e122c0701cce755bc7c600ad36f2f7207f04a87d762cfd5310bb0aa305ea3c1f6ff14ee6dab8
-
Filesize
381B
MD504a8bf1d057b1bf91fd529fddc696b47
SHA18ee96e0cb4a5fd840f7127e4cf442f68ce9b5f2f
SHA256b43b1c3a39a10576613edf2018cd88f54a6c3a2e1a4059e763e408854f65b7c4
SHA5126d3cde4742d1c54814e57aa943666cc2251912ec6dd55a21687f59184e4351348fa2798415fa1ffc4352122a975e75731daa3cf2fdb9076dd46eeab64761bc76
-
Filesize
381B
MD552939a0de0dd9182d3764803a0554a14
SHA174553e05ee7e42399f7503ead951a3f6c399cc5c
SHA25637dadb9cb3b57164e9ac10c24a12e1601be7ff04321aeb83a9af5f07ad2b20d9
SHA5122a0704d3bfe000d82d9f55380751d2ee8700a9f98d2194b7a772ca8992f29b008fba93a1008552bcaa1613ffc4ff9af568e0d0a01c2f0543d4b2aff53c253c9f
-
Filesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
Filesize
28KB
MD50d3e99204c6401ea499fe9e6d9855497
SHA109829f00ca458eab7374d5079393a2cd69a2348a
SHA25663ad014cb50908591939d6a1536f85eece807425af4f4e8a1f9b9eeab13cc5ca
SHA5128d9a50aa9abd17e508ed3ac35a3033e8f9e550d1088baa951f53e6c4697c5ac026d22b90e36e27341d64baa3f0202bd89ca97583e99feb25f8c26b5776c59c68
-
Filesize
52KB
MD5e33152c71592b2d918f0b87e9d7c2f02
SHA1623428b133f94f72b8c0f82318d3448d3472c808
SHA25691af58d88a622cc2aba757a6caf70de245f3662dad2b43dc4ecefbadf1cbadf9
SHA5123f6fcf7e01fe94e8d4ed0071994dc7ab4a9799af0a517d2a250197537b69e7614e407f52d4992a53fb47169808ac6b79270b626d63f59f0009a99b6c73ea1e5a
-
Filesize
28B
MD53920d846e4d318287e786a05663cbeaf
SHA17811c0696f5a1f263860f0e471c3206d6f8242d1
SHA2562047bd026a78a02e0e16ad496e02e9ebfe984e3bf4ab5c6d1abb121ca1f27352
SHA51245b9e3c72e7b900fdd5471862b568706eb50955628661b6221cf12b71352cb6a3120f0e83c355e7b33e6a70ac84c392060febf2933f43884034e68f356fc6df0