Analysis
-
max time kernel
177s -
max time network
188s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
17/05/2024, 17:50
Static task
static1
Behavioral task
behavioral1
Sample
50b9200d22134cca4aa8598834586d33_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
General
-
Target
50b9200d22134cca4aa8598834586d33_JaffaCakes118.apk
-
Size
26.7MB
-
MD5
50b9200d22134cca4aa8598834586d33
-
SHA1
753c239aefd4159512dc4c6b71d33ae940332b9a
-
SHA256
eb2ac2e0fce673d8a0016614eef445812b858af9b101a96eb6347653334ba1d0
-
SHA512
a21150219d0785b775251e3980f568b33ee6de4a59665fa1fd720d87835d9e173f54afa46e77294dd51374b41e4b11f54291f9adf1706ab5f2c0bbf0bf09384d
-
SSDEEP
786432:pkZa0MiF/+kagsSj06sd/y45amzTeJx67vkFNmy7:pWMiFWkCr6sd645aG2x6QLn
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.hunantv.imgo.activity:QS -
Checks CPU information 2 TTPs 3 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.hunantv.imgo.activity File opened for read /proc/cpuinfo com.hunantv.imgo.activity:QS File opened for read /proc/cpuinfo com.hunantv.imgo.activity:pushservice -
Queries information about running processes on the device 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.hunantv.imgo.activity Framework service call android.app.IActivityManager.getRunningAppProcesses com.hunantv.imgo.activity:QS Framework service call android.app.IActivityManager.getRunningAppProcesses com.hunantv.imgo.activity:pushservice -
Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.hunantv.imgo.activity Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.hunantv.imgo.activity:QS Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.hunantv.imgo.activity:pushservice -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
description ioc Process Framework service call android.net.wifi.IWifiManager.getScanResults com.hunantv.imgo.activity:QS -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 3 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.hunantv.imgo.activity:pushservice Framework service call android.app.IActivityManager.registerReceiver com.hunantv.imgo.activity Framework service call android.app.IActivityManager.registerReceiver com.hunantv.imgo.activity:QS -
Checks if the internet connection is available 1 TTPs 3 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.hunantv.imgo.activity Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.hunantv.imgo.activity:QS Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.hunantv.imgo.activity:pushservice -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 3 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.hunantv.imgo.activity:pushservice Framework API call javax.crypto.Cipher.doFinal com.hunantv.imgo.activity Framework API call javax.crypto.Cipher.doFinal com.hunantv.imgo.activity:QS
Processes
-
com.hunantv.imgo.activity1⤵
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4296
-
com.hunantv.imgo.activity:QS1⤵
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4365 -
ps -P2⤵PID:4661
-
-
ps -P2⤵PID:4689
-
-
ps -P2⤵PID:4712
-
-
ps -P2⤵PID:4736
-
-
ps -P2⤵PID:4758
-
-
ps -P2⤵PID:4780
-
-
ps -P2⤵PID:4802
-
-
ps -P2⤵PID:4825
-
-
ps -P2⤵PID:4846
-
-
ps -P2⤵PID:4888
-
-
ps -P2⤵PID:4916
-
-
ps -P2⤵PID:4938
-
-
ps -P2⤵PID:4977
-
-
ps -P2⤵PID:4999
-
-
ps -P2⤵PID:5022
-
-
ps -P2⤵PID:5043
-
-
ps -P2⤵PID:5064
-
-
ps -P2⤵PID:5088
-
-
ps -P2⤵PID:5107
-
-
ps -P2⤵PID:5133
-
-
ps -P2⤵PID:5154
-
-
ps -P2⤵PID:5191
-
-
ps -P2⤵PID:5214
-
-
ps -P2⤵PID:5235
-
-
ps -P2⤵PID:5256
-
-
ps -P2⤵PID:5277
-
-
ps -P2⤵PID:5296
-
-
ps -P2⤵PID:5318
-
-
ps -P2⤵PID:5339
-
-
ps -P2⤵PID:5359
-
-
ps -P2⤵PID:5383
-
-
ps -P2⤵PID:5408
-
-
ps -P2⤵PID:5426
-
-
ps -P2⤵PID:5449
-
-
ps -P2⤵PID:5471
-
-
ps -P2⤵PID:5489
-
-
ps -P2⤵PID:5512
-
-
ps -P2⤵PID:5534
-
-
ps -P2⤵PID:5554
-
-
ps -P2⤵PID:5580
-
-
ps -P2⤵PID:5601
-
-
ps -P2⤵PID:5619
-
-
ps -P2⤵PID:5642
-
-
ps -P2⤵PID:5663
-
-
ps -P2⤵PID:5681
-
-
ps -P2⤵PID:5704
-
-
ps -P2⤵PID:5725
-
-
ps -P2⤵PID:5744
-
-
ps -P2⤵PID:5768
-
-
ps -P2⤵PID:5789
-
-
ps -P2⤵PID:5808
-
-
com.hunantv.imgo.activity:pushservice1⤵
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4410
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
1KB
MD5bac68c07c2f1b9a736f97edfea29afd7
SHA1061cff830bbfc46da1ffae2c59aa5195778f9a9c
SHA256cf106ad7aad65f1781269689e4585ef23519bd6d85211261043b5b2bc0724d9a
SHA5129aa0b1a635caeb914b91de1b11607fd5184e0672bc86ae6d4cfa4786bee75598b3103ac83f99c45d83bb7103066ac4b21bc9654706384a94e04f21dcba16469f
-
Filesize
28KB
MD5c2f71a5121f425a023d973c80bc3fa13
SHA13c763d857ffd88c472eea20609746f8577ada2c7
SHA256a429a4e7d09ceed3475c9a3360746e017e7efbbc60a2823446c45d0b8b17e6cc
SHA5121072ab26d709f665e83593ab45edd48d07ec3d185f0959b8e57e0392b8b3ca98da74c5a6c7798b8a8beac1b854bb79f0598d2702e35d037c9b8059dd6917dfa4
-
Filesize
44KB
MD5af714fe325998dc30373a625e808b5e0
SHA1b6040d84321b8d42ee31e6bf30af978975b190be
SHA256668e56c3946aa1e1352986a3e6db8f922f911a160bfc19f315cebb6b8718e391
SHA51236e4afd2c900925dcaf67e8590c7cd08121b07c5e0a089de5825c890c4785485edb26fe017ebc0c2984564576db429c937741955f2c6eea661257f7970d1ebe4
-
Filesize
1KB
MD54d926b3398de395a2b5e416685dcfedb
SHA11821f776d641e359458c5775fdbab8eb79f8b21d
SHA25643001c84d179f1bf1b155755a36e16d16d718a1d81458cbd558f379e4a79fa3c
SHA5121fe1404efdbe12a804d4c6308614e79e2f240cfc8ca5d54c771b0f8da98a5870831b2a157145440624b4750fe45eec1b7e1e614c69fc04018d3a21a79e0ec25c
-
Filesize
185KB
MD5f605e60db7c88fe286079631f12c2871
SHA18660db255fd21b403ada2b32d805a6dd0568d870
SHA25640c0b2e6cf2f2c276bd40a81ceff29e82d08e35d55c74df6014079fe9e6a1ab6
SHA5127b9598e8382a3afc6ee9e3ed6d2084d7b486c5a9ab2b4ba958b0dd4d0703b9cc876dce5ef8fa8416a4b579238aba923172dbe400b0fd052b63583a80d946adb7
-
Filesize
32KB
MD58506d170f831e2314e9b4550f46d1583
SHA1598e7198996b9b60f17a40969d3d727116af1f21
SHA2569563fd857d0c16d198dc55fd661a661b4f3bf374b758eecb424d877a4e2fdf18
SHA512e179d26d1757fc66528dfa831ab2f271ea0db9f44c3012cb8a1ce00a5e159e3254bcbda3c22b8f7deec453066f3d7e86683f729675964972c12993fd31685389
-
Filesize
89B
MD5e2307cc29a7f5db66132663cf93d122c
SHA132ef870dd7f5b676bd4a2277a8d3366b4bc46147
SHA256f183513662436707b24d1a6771e05900138d0adfc4fac7395229d8938f593aa0
SHA512b0c2b0535713b40f3f557d0d7f866f052e4c5eac7fbb6b217208cc0fdd56a78aee3c3522198c0486ae8debc7a3f7d649f11b3acabc25022aa6f0e6d15418e52d
-
Filesize
89B
MD5d272fc0e73cd2a8cc0928b78ab51ee1c
SHA10a55e3e400ec65aa4858a2aae8f0644f34c36437
SHA2564200dd5c2fad6e008b677d3b19c8442eece7e11c48b01a71834ed1797ef6b81c
SHA51228737b3d037bb572f09378bcf2a9a7889c2915e93be1af25298478e54d71cf8283b668648440efdd990c89c84d52234a52310200d3fb39eae28d6b6cd308cbcf