Analysis
-
max time kernel
69s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
17/05/2024, 16:45
Static task
static1
Behavioral task
behavioral1
Sample
507976972d535d15107b547cbb79610c_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
507976972d535d15107b547cbb79610c_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240514-en
General
-
Target
507976972d535d15107b547cbb79610c_JaffaCakes118.apk
-
Size
21.0MB
-
MD5
507976972d535d15107b547cbb79610c
-
SHA1
8d726d912f080d56f52e4ce375cb423e6e6e6619
-
SHA256
b90ee40a07c222afb7be61c93d0bf1840ee0d3195652f011bbb4d1c3e516f9d4
-
SHA512
99d73837a6beb8bbe68d43b2f07117f57b28b6634fc1df5f881b7f2ff73b6e51fad49c5cee86e86c1805b8164e07119b87946143bb1d4aa5a010769930d686fb
-
SSDEEP
393216:jxpARbTwDOcTG6WKQ/LO/1qhbiq64KSFMUzUcU05cSX8OygHR8fGbeJHR8fGbsMc:fARXwkTOEiqkSCRcU0K4LySeMEeMO
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.ganji.android -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.ganji.android -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.ganji.android Framework service call android.app.IActivityManager.getRunningAppProcesses com.ganji.android:TaskService -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ganji.android:TaskService Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ganji.android -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.ganji.android -
Checks if the internet connection is available 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ganji.android Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ganji.android:TaskService -
Reads information about phone network operator. 1 TTPs
Processes
-
com.ganji.android1⤵
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4335
-
com.ganji.android:TaskService1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:4370
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD5e6dc2e3dd1e7528be9da27c3ef7720f5
SHA197a50083a4899083b42a3978c4f21e4623be9ea0
SHA25619a323e450da3cc3b43806520947bee0bcb21e8a825070967fc7b133ec1f9e80
SHA512a5bd06ae6a9bba95cee44522fb51289906908ded4aab85e4e206a57eba45e869a328b412b8357aa2ec8e9cf138a9e0a7b83b41b370246b522b7a67dc5327712c
-
Filesize
19KB
MD5f3bd96ec2af5e9f596c5115898e1b0bc
SHA102cb04e596035f650e610aa437c752ab649e79d0
SHA256d6aa5dfeebc6b87a3c6632b44ffb79e082104ef429940ee88511bd814b59ba2e
SHA512af5941ecc3634379bf641abce5b04af8798d7ae457b8e96878f423ec5112d90f1e678a3b8c807ea75e14592b3d52953e8005b356ff286a58c71ccd8b7879ba31
-
Filesize
512B
MD55ee264a5b87c832785d1fa15eb3c1fb9
SHA1e89af591dd8d14e17364b2b426e4ffa0e787026a
SHA256188a3354dc0b468ef37a29fb3fc1f4f769fce0f3774d3a53b5aead5a8584a1ec
SHA5123580e9a70b30b49b79d275fce828e59a9807f05ecfda64d44c222c189ca467e5e97775568ae64b9f57afc6910d776b136cbe365d0831828e3260badfd9009b40
-
Filesize
48KB
MD5f0152f4577cc41cfc5b02316ea83026b
SHA1292f584e6e9535673b693b03be11713265b13782
SHA2569145c1d3606380e08d320be55f1f334be0e6f113e82b4399403a96a5a885bdc0
SHA5127fd88988d1489deb15f58da612af2e9b22ce69095d6312f3d154c4ecbc0f854444bdc0eba0aaca7121a929dde79093a70cfb359a1c0ff69ce0dfb8b9d84e4668
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5605a75d2c65fb629a7d99f6c79084235
SHA1f82f199f4454adcdc0679546fefd2f3088a8a00c
SHA256352d029234517ea67ed8feabea72c79cc38dff6a7338d49c1d3afe100dbf973c
SHA512b0d09c3ee3d610c7401325089fede2e28cc3de41bd0dfed818b99f3520b95c557de224205d4c44a94926baeafc5ecdd23be42aec9f5435d6c08b7621f26c1c14
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
36KB
MD5bf25e044744894d0223bba10ef410741
SHA14833e88c954b9a5b7863a4d3882369bb2746a7da
SHA256ac6f11abf314b4dac85463df50bef83e2000fc913036ca7c7411755ac6de722e
SHA512f312222b96670cb54ab23491cd6769cb58219b814a33acffa2cb5b5c288d444e154d7a23430cceabc3db3bb7d3755880ebec5437e58d8cf01a67f0df4f56c62d
-
Filesize
248B
MD58e820e56faa85eb97a83a2c2529efad9
SHA19c13aebe8e33b9ed7e0992ce3ac75ca6c11757f2
SHA2567b8d81a0630d7b1e30d04a6aec07c7c38e092ccbfb0bd54fcca7ce64b6e71e1c
SHA512c95d3a30bccb09aa83c0b63c0ab69591277cc716e1b7b4e2190e54971872c1574df3e5672562767a91f2ac15077a8355fc9b91717030378f42889eb557a78875
-
Filesize
556B
MD517a3291b8c080ee1f2614807ca00b40a
SHA1b13b809f9fa9fa1dd1d7a296d6c1198acc19b80e
SHA256b3ef9bc1ecd1226043e165ea9baff830e523621c2f9a73ea54be4fcc91ffd04b
SHA512fa9c7a78b3bc12c1f312d384cff6c1ed385fab83b6298653aad6cac74b1af776d97700e37c670aeeaad31b0e47cccceff558d7b70f4a08a915f65c51f1d5c19f
-
Filesize
211B
MD5b367a89206cff6f1c5fe1d8fc777e946
SHA104d8e4ba9c338311f6e0097b5a443f30e7088dfa
SHA25648f123ebb96a9d0004a36953f94b5ef4703479ee68df50c7d601c7b19f125986
SHA512ec4aaf658196a6cf09332eb07304c414cbe1000b7bd7119ca0b9ad3e36822e7e343771caed7b42c744cab76a548169f507efdb3f6b73a7377f14e35d658bbba9