Overview
overview
8Static
static
6502956d43c...18.apk
android-9-x86
8502956d43c...18.apk
android-10-x64
8502956d43c...18.apk
android-11-x64
8__pasys_re...er.apk
android-9-x86
__pasys_re...er.apk
android-10-x64
__pasys_re...er.apk
android-11-x64
gdtadv2.apk
android-9-x86
gdtadv2.apk
android-10-x64
gdtadv2.apk
android-11-x64
Analysis
-
max time kernel
180s -
max time network
190s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
17/05/2024, 15:16
Static task
static1
Behavioral task
behavioral1
Sample
502956d43c093218bd35b3cd6e6a933e_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
502956d43c093218bd35b3cd6e6a933e_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
502956d43c093218bd35b3cd6e6a933e_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral4
Sample
__pasys_remote_banner.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral5
Sample
__pasys_remote_banner.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral6
Sample
__pasys_remote_banner.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral7
Sample
gdtadv2.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral8
Sample
gdtadv2.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral9
Sample
gdtadv2.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
502956d43c093218bd35b3cd6e6a933e_JaffaCakes118.apk
-
Size
16.5MB
-
MD5
502956d43c093218bd35b3cd6e6a933e
-
SHA1
38c7108287d17c8938b7b94ede4aa64f5e408f16
-
SHA256
9c93f65607c03961c02682c00844000fa4d7ce93b0458188622604ef2bbd92d9
-
SHA512
a87ba15178719a14a70a68163c8024cff143d251e45b8583ef98383409057d87c5d58159c59479d3b46276d69c826d6549b84f36fc23b5a8f8b585a2ce41d360
-
SSDEEP
393216:r6k/ZYtJHTLtrQdfYdXRHSxvVqFEQZFsMosGF8Ll3kEmot:ekBYrHTLVcfYdVxFsatRt
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.cronlygames.hanzi:remote -
Checks CPU information 2 TTPs 2 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.cronlygames.hanzi File opened for read /proc/cpuinfo com.cronlygames.hanzi:remote -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.cronlygames.hanzi Framework service call android.app.IActivityManager.getRunningAppProcesses com.cronlygames.hanzi:remote -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.cronlygames.hanzi Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.cronlygames.hanzi:remote -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
description ioc Process Framework service call android.net.wifi.IWifiManager.getScanResults com.cronlygames.hanzi:remote -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.cronlygames.hanzi -
Checks if the internet connection is available 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.cronlygames.hanzi Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.cronlygames.hanzi:remote -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.cronlygames.hanzi:remote -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.cronlygames.hanzi Framework API call javax.crypto.Cipher.doFinal com.cronlygames.hanzi:remote
Processes
-
com.cronlygames.hanzi1⤵
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Acquires the wake lock
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4613
-
com.cronlygames.hanzi:remote1⤵
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4697
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
118KB
MD5e8f91314ad1b0d2b006bece9f8ab3f87
SHA1217f8b41f6c7d3caeb61393cef673f78a0fe99b4
SHA2564b4aa0b28f86c19d3dcfd9ee7d31315462c052762a3e09644e71ec3de0889e9d
SHA512e4965d64b4d7545889b8ef3741b2d789c00887c7b900d80e9409b83683efd4ebe828784664cfad368eede62bc62b35cb3700c3fa327775b6d010f96ab2c4cc7f
-
Filesize
117KB
MD5210c93d911d1a5a3feb6b660a39b5b94
SHA17de0999fb86afbbe808cf1d50b39583c50fdc2ab
SHA256e6f34f6e67adfd2c801c2018812ee4cd34adcecdd8c4318388bd7b3b8e28adf8
SHA512be1a1f83909da45b73360d8642fa68dedf3b82b30ea93c07c9762c4a2f2caf14b148bd06e19992fac09e7643bd039cd5470e8cd1d02ef7b01aaa789aa0704429
-
Filesize
2KB
MD5b20476edd13d24b63d1fde3d1a3d7fe1
SHA1ebf433ec7c7082a0a0b91a50d4e6b05d1125d350
SHA256899610c2c0de7775d4cae46e4b4ba3ebcb2ae55f05a378f530a1880ec34cda0f
SHA51296ab8066a6b00ad03b86b7bd0e5e33decade8f176425fdfb90df87c1de922eb7bdf3d91fb3a3ac5e240e63024a7553f0f5c434b4f09db5f762efc619659f6c6b
-
Filesize
8KB
MD5059ffb4fb1143538615078fc0416cbd5
SHA11834e3f7f1a447e04b04e916f411b22cc18dca37
SHA2567a714f67eaf5cbe0445f5188fca0b30493dc59a3a86a1edf4ac4114f514aef7e
SHA512943ab3a8bf826e0d9495d170d28776ce5141f7b05220a5c01bb6b8dfad04b4998283f175fa6d09aa9c81b2fe0ab30bb949c4aaa105710a7ecbb6e485e7a8dd83
-
Filesize
32KB
MD52cce8f37713094e7274dda98f5cf7331
SHA150ca012c886bee9475f363456dde593d191faf72
SHA256d4837f95e0bcea112973dc6efc1121053b5fdcd87f7351af8eebcd904f6b9cca
SHA5126df0767c1ee03af4f9c4372b0f4180bacb2e057c021508221ecabe16571bdcac4c78c447ee1c37a8628e0529df73f5b85ac42fee213564acf766d2658851bbfc
-
Filesize
24KB
MD5d5300eb5e0ec66ccc6e66e50048f8679
SHA19eebd4f6084c905066b419ac12e9223fdea0a317
SHA256a708caf0d5dee9622e0ad973ffc98648bb2d4790e2108dfab0571b150e920ee0
SHA51287ad05188cb69fdf7285bbcc8783f63f766c17b784d8e4fcbf53ab6b2763589d368263c53caaa15677ea63642b94d9534a7a6ab43971eafc7cb39b8bad62ae4e
-
Filesize
24KB
MD5fe0a5589c05e41e7c4dbdcd5060f7dd3
SHA1b9234101768f376e3ea3feccea66f0df65b91f53
SHA2564a1804ceb49343febcd97f761f29645f8741352de932114c908fe8f527abc4de
SHA5127506d86f546d16241804433f9a11a1aafba04132fee607494b48a4e96627f30f54bc5288bcab92a45f37bdab48b9cb24401293d6e0d542cfde73eac7b1a71689
-
Filesize
24KB
MD553e93f7bba08a0163237a6d60f79dba0
SHA124db24d0940b801f98891f3e204d975640c451a9
SHA256365b96dafa18fa37bade10afc0833e44b6a667580387ced001bb30e772251e35
SHA5121c6fbd68304aeca0803ac93a95a30a0dad6afd391016eb6930146081958f0b4d9ca2a98d0e595d213ed50c9403e4b2ebb0e37facff9399726186266b4c831203
-
Filesize
512B
MD537a3d85eecfe9d9fed082f5ab82f0764
SHA17a520f59babd1da7b2e44c2df1f8b1d37d40816e
SHA2563ac6d3c6d4afdca17353d8268c0915aadc886019842c71b6d83b30ad232bd502
SHA5120d51afe388cb942653a691e75448b3146108d8f054566c535db418b0fd1b493670b759068699cde248f9c401b882f3a8f622cff864c757ae1c1bcb54f3830005
-
Filesize
8KB
MD541b7ab128ff3d65ec20731c5aa0362f1
SHA1fab14d84e928470caf0cf597e8a87c09af2fc90f
SHA2568eb067f262e897acfc48eed8a32ed6328959d1aadf749c89f64d88b45cdb14f7
SHA5124c763ef09d6384b5ddeaf252529279f401e9a6a3332b3507429e7c96069dc2d6175beadde6808ef4b1d8340e3907142227ca65921207087132d47af556613f51
-
Filesize
4KB
MD56bfdc64c509e2d7f6831622fabb3ab29
SHA144a656fd54724f5041b5eac3078769748ba92e42
SHA2568e3486a67ef99de591a6bad752926d049583536b339d6a6e307a175f437374c8
SHA512e4945b93e69f5de136dafe1d242b6cad53d7e532a01eda205178ae771e93757a5afa439a5a9c1a7d8db0afb185ff896420f4f11ef352253cf6817879690c61a2
-
Filesize
28KB
MD5e2c58b77c8409b969743565ec4a39d38
SHA1cf67fd7fe48b4c0d371c7038953d96ae66cee0a4
SHA25656574ed9d8db3a39aa60baaafa9f8b1c55353a494718918eceebb096ef1f773c
SHA512768db6a41301f9b0d6e36911e2635bd5d4f69e7b5ca755787b7d53669e2ce740669b8a5d2d0c5e49c765195af9098f6c61a87c12be7cfe435d4f19e26597813b
-
Filesize
8KB
MD5a5eb80184a68826ad144498262c671cb
SHA1bd9fb74601d80e17e22e8142942051a4f2fcf038
SHA25620909ded4e0b62c93ff897efb0496d997eb90c433cb714d8e3d002fe32ceac46
SHA51233fb2611986c3e75b650f7181e1802c74b126005fc1e0db8d4f18ed592657a08aa3c56a5cb8b59bc1fc37807279992bb3301aeabe50cc9178837d512b36519b8
-
Filesize
12KB
MD5ce4780fe652a5782b2ad6f04f3091e0f
SHA1edc13d445e38f3e1df5f70a185c050e2592fe64d
SHA256264d11860a42505684f3ce811ce59e5b9b48ba940ed1e679adc814b9cf82e5ae
SHA512c9d91329be506f9b57ca66bc993957f27e65726fb5cdb9cb49966fff89a4d82c9facc5375db820d37e91abee438dc5441996848180b2895de97a631c5a52dbdc
-
Filesize
616B
MD5adcc306628d8bd2c582e336f3e3c415f
SHA19d0029431fbff259c150fa918ad2123b78274c22
SHA2560cb46d91c9788a404830ec6dd96db99d68973b598f2abbef00cc2be226ce96e3
SHA512146d1107035fdc6da5dccd97e4bc432b5f53df4914c99497582edb6c12a9491b9c24610394b136f75c7f0ce41e83db263b65607202293fde2dfb58a5661e5299
-
Filesize
148B
MD5f3ba0712e470cc687170b34dd31e7740
SHA1fb85801e3b3b90a6efc2ee91986aa921dcb04deb
SHA25684960f72ab303d5f896ce16d91162e8afd26833c37274292dbf44b721da4ae31
SHA5124db21bf6700badbf670638ae6e54a57390e66d6905cf0258059b5b6fb33bd1a9e82c7991852bc91bb5ee6d24e8b7241b19eb1eb4e178bdd7d52dbabb7c39912d
-
Filesize
111B
MD526433758475838ce09b499ae47488577
SHA1c7993d09f6f992f00dce3bafc19e32dc84cf2ee3
SHA25669cc1a4dd281bd27912667234892a630475f8575a4123cc4ed19e7ebc536002c
SHA512a90163540575c5a0632579f70ec3da65ee3da2d0a5de154266035944962f72a89b89cc9e33575bfc6424d7b31d5228e5db08b388c4cabd4d393c514784a403b7
-
Filesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
Filesize
111B
MD53f28e36f7b7694ab56204c4b74b3cee9
SHA1517dfd95f4d98c8ba890e39e69f89486a725f9f3
SHA25649727069c324f3fd8d739e028ca09610dbc8d8f94caf199ec3dfd0e716d98fa3
SHA5121a7c364281f404f622fddddfa962ca9466f5a8908a4f13e1edd375114280f6b69a9dc68ba4ca0c19565256569fe70f599176a5df40cea8b96709cd97e8f6394a
-
Filesize
408B
MD549a88d20545e16b055c48848b45f6e5f
SHA169717627465aeacc06f2a41bbd7e01d2b302c32b
SHA25696519bb3c6c194b53ce6ed590258677426597be6736d53d9ebab63cfaef923e8
SHA5123ee3ffe493e199ae384cde2c66935541fb46e8b46cc684f6411664183765a79ec046ff1612eff98249828bbd7b2b6865a2ecd2f20563c24c795b36a765e5308b
-
Filesize
408B
MD5905837c0b925e429fb39f0a190f53454
SHA1d86a909e171f31f7264125587827cffe72fea272
SHA256113e13f375cbe770b7f904cc0d276c15dde7acb7149e2f2da43ab837430b5b71
SHA51241f4f3ecf4d641e973f8d150f891d7a1397d9a2c1f638b0e887a631c2167c7ea94cc6aa7249904845b24007aaa54d94e7a744e8f4ad046145b7e04ecc92138d3