Analysis
-
max time kernel
160s -
max time network
188s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
17/05/2024, 16:15
Static task
static1
Behavioral task
behavioral1
Sample
505c9f7160817d3e855eff2f149811ef_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
505c9f7160817d3e855eff2f149811ef_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
gdtadv2.apk
Resource
android-x86-arm-20240514-en
General
-
Target
505c9f7160817d3e855eff2f149811ef_JaffaCakes118.apk
-
Size
16.1MB
-
MD5
505c9f7160817d3e855eff2f149811ef
-
SHA1
d2d7682d023fe683b96e42ff50cea95957f4ac15
-
SHA256
cd8e15f7d989db4e45f1190c14f904f548af1a40d62537ba2f2ae933fc148895
-
SHA512
b1b439bfa2bc97a750331a76fb8857742f15685460b47ef6cf3f9e91f25ad7f94741b798bd8fe0f8ca56a76eb92ed361d35337a9233c057f814906747fb77381
-
SSDEEP
393216:gGq+FmVAhz0AxhG6XiJYDUrpKxGdKyO1HAUizykSE03At:dFmGhAQGoiJY+pthO1HIzTuAt
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 3 IoCs
ioc Process /system/bin/su com.example.a14409.countdownday:channel /system/xbin/su com.example.a14409.countdownday:channel /sbin/su com.example.a14409.countdownday:channel -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.example.a14409.countdownday -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.example.a14409.countdownday -
Checks known Qemu files. 1 TTPs 3 IoCs
Checks for known Qemu files that exist on Android virtual device images.
ioc Process /system/lib/libc_malloc_debug_qemu.so com.example.a14409.countdownday:channel /sys/qemu_trace com.example.a14409.countdownday:channel /system/bin/qemu-props com.example.a14409.countdownday:channel -
Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
ioc Process /dev/qemu_pipe com.example.a14409.countdownday:channel /dev/socket/qemud com.example.a14409.countdownday:channel -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo com.example.a14409.countdownday:channel -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.example.a14409.countdownday Framework service call android.app.IActivityManager.getRunningAppProcesses com.example.a14409.countdownday:channel -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.example.a14409.countdownday Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.example.a14409.countdownday:channel -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
description ioc Process Framework service call android.net.wifi.IWifiManager.getScanResults com.example.a14409.countdownday:channel -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.example.a14409.countdownday Framework service call android.app.IActivityManager.registerReceiver com.example.a14409.countdownday:channel -
Checks if the internet connection is available 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.example.a14409.countdownday Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.example.a14409.countdownday:channel -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.example.a14409.countdownday:channel -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.example.a14409.countdownday -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.example.a14409.countdownday Framework API call javax.crypto.Cipher.doFinal com.example.a14409.countdownday:channel
Processes
-
com.example.a14409.countdownday1⤵
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:5155
-
com.example.a14409.countdownday:channel1⤵
- Checks if the Android device is rooted.
- Checks known Qemu files.
- Checks known Qemu pipes.
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:5562
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Execution Guardrails
1Geofencing
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
4System Checks
4Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
252B
MD54b00e5bcb0978d65695b04717ba92048
SHA166bdae8ab96d9674f5138df4914c21af9d7fd189
SHA256b0e8e11627d1097cae8b02c688636e43800f6190c50fd179669b5ebbdec3cbe2
SHA5123ab75300638289e19c6b595cc4a72411f5ca12d4d06603e3d4b37c249e0be9ccf4e4df406e1885876b4900ff1268724b8b561be449716091fbbea6cc3e5c8edb
-
Filesize
512B
MD579b15c4c61ea7296d0db1301c3d87d7f
SHA12553f62f24b76b01d82ba37611c221abd25028f0
SHA2565cda860116d17b7db9ded0bd2e06a4c2be1a22d2c83bc82a807519b91ef458a0
SHA512fecbe1ffddee0fa1ad71553cd4909438102143746f92d73e52fce47dcebb392dec173c85c5980cf43d929f17a372c0bc0d95152f5a6f2029e915b72dcd91ded6
-
Filesize
260B
MD550c5557029e8af2aa764caf690ca8bf5
SHA19202260e1dfb6d52c806fb7e0af47fe444429b1a
SHA256e8bfc32b1611e6ec83ff68ad08076e7ffd16e5f9bd2fef715e615d3775e5c45f
SHA512f5ea8c3bbe848c01cc7309d80de84d41cd7de6e5962f94d2e0c393b11e1dd64cab51726636794c53f8765d6705c34fe234a32def7acb588b85cdeb28b4cd6633
-
Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
Filesize
36KB
MD5793e5eb5a333e5b23a8132576f594b2e
SHA1dde2a508e1f692ea976d7f62550df7f811374af0
SHA256e2430d8be7e83ff27dc333d85b6448d28ae8278070474661b7383b9dca664ba4
SHA5122db25357a266fc51d8b1cdd71ea9dbf979516c62f77273563692c119709d92850242c1b10c164a6c6317d28946121622e0d05e3f59fd281f7f57b8a4057784a1
-
Filesize
512B
MD53d05bebe257d2e166054a6ddf8b6dfbd
SHA1357bf1b60b8187782be5fc87da286a0f5181afb0
SHA2562b95d4fd47e43dddc5117560f36514a7c7d2c80fab1f9783de2711835c687977
SHA512d6ddd158eac3034ec7d8e4f1bba2ca86d80c5ed7fca7730052cba2321a8774059f4a56522b629029e86b7b3219bf38ef8f8dcd94a8b4b8eefea9c459f2f13707
-
Filesize
8KB
MD516496a37928678e50d6532f56a52a3ff
SHA1ee69739378dca0441b253fe721ed960cec126e76
SHA25605e8c32e6420a42945100e9cd4768428524ef7a4f031487125237dd3f82be7fc
SHA51246e76e815fc0e93b265f3cd948033ace7956b8b1e1e123df66487d6960cbbbad819a7815af283ccc38be2c746cd98675a9331f493dac0a990cbc18b3d1958f4f
-
Filesize
8KB
MD5edaa92f3c7fb78acad886f91422e8b48
SHA1a402cef27cf0964a8ea2fc271b11e891060ab3b4
SHA2564027b2d64490299405050388525fda0424d236833b332d8dfb0d710529e1d33e
SHA5125244d3dd3077dfdcf760d3d7b3266c86643f33cc6c00cd5e4f4c78762010ba68b209493f9c436b32fbc773634a2bf07d6daf3ca98983c0fb4f0469ecb76ec674
-
Filesize
56KB
MD59cec591e3ef91ae568f4cb6e7c2a8745
SHA1ccf756b6b465ad9ad7ff6bfbeb4e8345ba3f6ff7
SHA25605be88f05e9bfd4d6496caab584a704e7956fb87036529a0c8028f1e2bda309c
SHA512f824b3268338787275c184bb740d152d53c1d8e57a044f587530735ef04d021a2671cc2aebb17ae3b497a0ad171060da484a565bfa62d32ed334ae5ffb538f51
-
Filesize
512B
MD5a84d787238613ae4bfc032bb4c903009
SHA16c7e44a3e23840bce733f0bb8dcb255ae873fe5e
SHA256dbd9863bcd96d8c071a766a25a64c3990d33ba91e07fb74f61027f4eb7e18bd3
SHA51200e7b50f4e15438340c57ed7479ed8c11e40f4c40f7a508124143058cac49b089948e48b083fba013aadadda41368fa6c68cb2b2e9079220b2ce69ce93283c6b
-
Filesize
8KB
MD5b2f8624ab29e216c1ba5c056696ddb5a
SHA171b5ea7108af28282090a117a9fcf7347aa0f02d
SHA2560d4a74cc01f1e88e7643026246233399a63acb9adcdb3cc6a28c9fb4c3d7079c
SHA512eab57f39695065b7fc294b3d9194e12a5f6a420b74e8ea20f3866daed6a4efa5dfd028ec2b5296861b6e413874edc16140311ee07ab5d7bd9020e79a814b4c1e
-
Filesize
8KB
MD5601bc2ddaafbd54256b6a123c40e480a
SHA1117f121995ba7638a0b4779ece60b0694e1be6ce
SHA25617783e9041f98841f8f85dcef69ba603ce945dd2aca9fafedf4e88cfe36243a1
SHA512c537262743607a28f6d9fdd00e643e559b293a40edc547b5fcc7e32c65415f59ed51c18e05ae727db09107dd03ea6b6645c53bab526b380de5a3d4fbbe3d96b9
-
Filesize
52KB
MD5890776ec821b29b78bd34375a96e9109
SHA1af11baf9ace98e685deb06bc9787387fb09641e7
SHA25686475fb62d2c8abd9152ae15ae3d4d039f7ed105d635158b37c0790feae54e9c
SHA512547feeba7cd79f46849a3e249cf3e934a7e23be99ed4595ba1311b0f7aa9b7c562482216c9c058ebdec57bdde8af82c1069623689641adf403e1bb03d0e1caf5
-
Filesize
512B
MD5d0f78d1912084cf36ec7360064d9f33d
SHA146eeb0c45e28ada19e90915ea40a88e92276f04f
SHA2564f83bb309981c86660c67a1bb87be1e168cc6b45fdcade418c3b103de32e66d7
SHA512fd160045dc4c771bbff78cb15b0d2a23069060d8ce8c67375eea6dec4f722d6021eb79b5bcbd25856e2a656344f6ca3e30fe1877d0d1a9e73dbd92be80515697
-
Filesize
8KB
MD54b91145fbedae81595f5433673401afd
SHA1f96f34f11a47f7188fba017b57fdb311a30b755f
SHA2564411eeceb0e3a4344bf447d69c54a475801e81043c88b433838000335635901d
SHA512aff883ac3aece5a24097f731e95337fda1c453e35e18ffd6b26f72508fc3323461dc66cace573c9731fb91f506ad3f264c431fd461c5234ef81d78e020846679
-
Filesize
8KB
MD536c9fb559a37193469b68f0c4b37ee71
SHA10f93540d8925563c163ab4ff7a8106b544711cfc
SHA2560adbc41bc33bebb9aeec7bbe2af3e7c271daafc5bafc63d847ee9da69e34c41b
SHA512b348b2d2b1dde2f3937dc687e67fef1da24970c12b2af6edd1d6102a728ea4d5dafbbd7d65f80acef423031dd4a77afb214f05a208ad5c9f913daa79bfc97cd5
-
Filesize
8KB
MD59daf59564b92329844295f4f2dc77143
SHA1697107cf58f997e5d4c49459aaf41e8776d173fe
SHA2569e1a43be8c72a2d7adac0c83900fb2e00d630347a5a6325c424b38c4beda9661
SHA51223bfa5dfe134a791b3c33dcab1f3a1623b409e925c3e56c0a59586dca8041f56273e155288838865ea96fef0ebada06bc71b2d5d4a2ee811ce436fb4b296a078
-
Filesize
8KB
MD5d44b462d23ca7efc4cb21a3ae8a6fac1
SHA1ff22c01ffe49b592efaa913a39907cd70bea35c0
SHA256bcf2de7827932d49348dca2f03bb6d75618a78e8b6e6d86a40dc42aac71c4f42
SHA5124ded9f9a5cc3e847fe2a35f1dd22be8d73019296650af36201bc3443a8027772ac904ac88753f422b5c787be5d0d176e50dc40150e4a27c0c7d06cf225d9060f
-
Filesize
8KB
MD5b5634ee40952fdfb8496fd7f311b4d26
SHA17fae5b7de804bcdeaf4327043b76618351f25e75
SHA256078c0a83a1e29e3b4747e9eed1083c518246b16bbf0b6bc5f15e766479eeb24f
SHA512f27143987f9b264e9a3401cd067372e79eff116acfb77f279a9e063857e54f2680ff93f370609f253a7ed1e3266b4b92ca17c4ec1f1050229c19aec95d8ef2d2
-
Filesize
8KB
MD5a9696ab387fb1cd506306a555442f6c1
SHA16f606d7870b9d34affcefc3b5ca97a270b51db9f
SHA25666b71e828d03fad29ea08800357e0be99aff16b456da53982610e3d0ce534aef
SHA512ace8f4a2d3ea30c2da9ea1af61a1798552d3de505ec46b7b65863d9114290f63db7e569b29867f0398ea8dfb46461ab9558abd4c02c3976945f161c1ecf93999
-
Filesize
8KB
MD559991402ed31e9bb684d0557c69ca044
SHA1902437bc7448e9d9d14e1166cf28589d0bc58e64
SHA256762584e72355acd968a29af32c990aefa88b761626af9573a9a96437a9bf8bc4
SHA51215ebd6b709ff26d0b140bd5aca56f477baa2622b00e93f8bd621f0f169fb7fe5ee203c9ad67fe2a3c48cbf54aebd2c748e51a9f7cb2bc92d93653562bf105db7
-
Filesize
36KB
MD550f3d63f4b9241e212be8ec20bf3e374
SHA110353f506f0aa9dfab398275482eb42da167232a
SHA256be9049dfc1751c212273b6e4d07202e47cc7de289dd84d388a27675609056653
SHA512dfc6dc641041edc77b5b77bda43ebbfd0eb6c0f4d55d05a7a914f77c58f2f465e8d29aa7e2c9773ec93a257154a6c779a6b165b8765a214aa154976887d8ff7c
-
Filesize
20KB
MD550bea860cba5bf1a6e6b90d96fa42fdb
SHA1073871c64daf004ea0ec9cec6b6fb3e28684c5de
SHA256ce5a9bf3957e7e1020bc9b972b0a580b8353817913ceef8b47f4a6f60d41b1ce
SHA512f40aca27c4e0ab3c7ba7b2cb49ed9d66ff2bc17b8f131eebc8fb75b0598244135e6425157411fdee03cab50dc3b209f89db103cd17d432834e0747257b2839f9
-
Filesize
292KB
MD5f82bb996bd6aad579e89deed176d3eda
SHA198d80799fe12b53060f0e74bf898da9a282b1a26
SHA256582661fd7bf1234de481298fe5dd8b6749b8175e824751feb505228ed9a49d20
SHA512af6d0ce5eb7f6ee0e3cda367a0e35d54c30acfe81c0f3afc6c9ff0174ac8d5835f193ecc065d422710ca7b618bb06f87c9258f3af49b576f37be073653cb3e0f
-
Filesize
65B
MD51758be848de7d3049c037690a22bf90e
SHA16663d738ae4a6ea21555c94ade0d00c5c79735f7
SHA256be6e21f121a7190c5d42f268953a085aaea4c026d859e8040a9f31280c7c4415
SHA5129c4f75ff285699a59a907bfb0be66193011009c77856f162ea50661424af85532e86021d82dd00371670a7be33be75e2c0759eb59e6a0970ea4639fc7691f610