Overview
overview
8Static
static
6502956d43c...18.apk
android-9-x86
8502956d43c...18.apk
android-10-x64
8502956d43c...18.apk
android-11-x64
8__pasys_re...er.apk
android-9-x86
__pasys_re...er.apk
android-10-x64
__pasys_re...er.apk
android-11-x64
gdtadv2.apk
android-9-x86
gdtadv2.apk
android-10-x64
gdtadv2.apk
android-11-x64
Analysis
-
max time kernel
122s -
max time network
193s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
17/05/2024, 15:16
Static task
static1
Behavioral task
behavioral1
Sample
502956d43c093218bd35b3cd6e6a933e_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
502956d43c093218bd35b3cd6e6a933e_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
502956d43c093218bd35b3cd6e6a933e_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral4
Sample
__pasys_remote_banner.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral5
Sample
__pasys_remote_banner.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral6
Sample
__pasys_remote_banner.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral7
Sample
gdtadv2.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral8
Sample
gdtadv2.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral9
Sample
gdtadv2.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
502956d43c093218bd35b3cd6e6a933e_JaffaCakes118.apk
-
Size
16.5MB
-
MD5
502956d43c093218bd35b3cd6e6a933e
-
SHA1
38c7108287d17c8938b7b94ede4aa64f5e408f16
-
SHA256
9c93f65607c03961c02682c00844000fa4d7ce93b0458188622604ef2bbd92d9
-
SHA512
a87ba15178719a14a70a68163c8024cff143d251e45b8583ef98383409057d87c5d58159c59479d3b46276d69c826d6549b84f36fc23b5a8f8b585a2ce41d360
-
SSDEEP
393216:r6k/ZYtJHTLtrQdfYdXRHSxvVqFEQZFsMosGF8Ll3kEmot:ekBYrHTLVcfYdVxFsatRt
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.cronlygames.hanzi:remote -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.cronlygames.hanzi:remote -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.cronlygames.hanzi Framework service call android.app.IActivityManager.getRunningAppProcesses com.cronlygames.hanzi:remote -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.cronlygames.hanzi Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.cronlygames.hanzi:remote -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
description ioc Process Framework service call android.net.wifi.IWifiManager.getScanResults com.cronlygames.hanzi:remote -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.cronlygames.hanzi:remote -
Checks if the internet connection is available 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.cronlygames.hanzi:remote -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.cronlygames.hanzi:remote -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.cronlygames.hanzi:remote
Processes
-
com.cronlygames.hanzi1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
PID:5250
-
com.cronlygames.hanzi:remote1⤵
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:6053
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
111B
MD57172aa8fde54d6d710bb1158db818c85
SHA1072f2bb1f5d3335a93d21a0b05de6d73c9d0b556
SHA256cbcf6cd8c9408033d069d6c31e0168397a50f7318c59ec7ec82035ac52f21c35
SHA5121760e29ad7ccebb6a143c3702f45edfa6fc5d260b15d7a2b8c351fa14cd0916f77b6f6d4e8cd7b4b16b8c38375d1ccc35a37fb655a0b30aec95f7f3355a7c2d3
-
Filesize
408B
MD572190d0555fd739c53e8ac8cf4c32398
SHA1f924f75eeed8e6f6ba39a578a7fd9550022c24e4
SHA25616d1227f4456e4ffed1ca31d934d4e136cb74fc2092cb838cb32c78153e59151
SHA5124167fa87b735798d73434027ab4984bab0c7aa6f3562f240ee19af5f32f24f011a532aff874f645575ce5650ee62be3cb5336f98007024cbeecbd90581249472
-
Filesize
408B
MD5629efbb0788ab9701b0762a664e1e0bc
SHA1ed3bc6c215f225bee08238eeb26169afcac6a077
SHA2562ed849b5c35304a485da14ad130633b4e4f8541d0c906a2fd62e95f041a70d32
SHA512b489a9cd9fb6da78b2519a801014b0caa5a286426395c91ea26f5489d1783852b0e840040cf27e0f8c4888f1fb51f44fc46b9fda9525e45a861f20626b1b3a82
-
Filesize
28KB
MD52cd47ada17ad7a4e3d5e2717cb2762c6
SHA17cb844672cec4a3bce75c8cf81e80e8ad7cc49e5
SHA2565f266f7cf5a44a3cfcc9bfbba94735081851edc224cb071fa6e650227e214279
SHA512c25229cca649bc8ef54c0770a976034801c0a300d181c107c41879d7f6b7056c6282210c98661428078381032dc6fb0872112dde7e8efb1a9f9b333877f18dae
-
Filesize
8KB
MD50e64c49a1d3a662b8b5429429477dfac
SHA132f5cdf452271173671fd5366693aab1484b122d
SHA25680cc44d4741c37c8655badd6c2f0391219f463849e7ae2fe7c1d6f76414b05d4
SHA5129804b348862dd970264eac9e465eba6ace9ddcde07dda14ada26252a16cbbdb4fc9a3081059f0247115fc56d0b262aef296581d3e3412151634c474ac161d4c2
-
Filesize
4KB
MD56b5cf7d86689048102904198e294b187
SHA101dc724b220415b3d6a67e82b1ae0f3e2ba6654b
SHA256fc410250582bbec34284db36adf0cdf3f6b512f4478175ab8a0b94ed438850a6
SHA5127b75ab313000d0425853ab34f595935744f742ae592ba6c188ad590e67bd788d6a03b1c3e8e9707f1f47ac097b2a4df7c7c13886934cfe4af7366bfd37940c26
-
Filesize
512B
MD52472da640eb6780cb015bcc38a3e50a7
SHA1766548232eace7b743b1594a872dca68c28e773e
SHA2561fd40b28966ddafeead81b117c6174f469a5bc70ed27f67286d58a9ce68ef06b
SHA5123fa68b311cd341204c234e4699369ea20ab6af970b93d9da77793c27704a00559ecc4ced56100be249d9db1c689ae735c0bb59a0ce2aa4c711c25f00cef81644
-
Filesize
8KB
MD57f9f62cc98beae86ae6383e11a345c6a
SHA144cde701dc08ec8498ab459dbf5367b1d201d8dc
SHA2562df7c983c461569507b015feddcd6426e86ed8c6ad0b52211746c34b4296993d
SHA512ac8c4f555037ebf0663c2e197528e3f7e20bf8b98efb8e20e666d55fd75f23e0a0c682ef0ee3425d6ef5c593bec0d4c0dc7bad79b434ddbdd71b7585445817ff
-
Filesize
8KB
MD5820ae4ec57c689ff31bb32f968f6ba9d
SHA1a750b20b4938880c6c80ce0853052f0abea1521e
SHA2562a5b5bfcdd4070cd17853c50d7035321517fd730674b962f84428631e47a9a82
SHA51236ffa710af37eb00381ce293c715e05d0ef8521b0a164b1297eccf3b5d9f56635a3910e71a33ff6de533d0db4b3df247cee8f257fcb854a51fd1e4c4f8a89224