Analysis
-
max time kernel
5s -
max time network
130s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
17/05/2024, 18:03
Static task
static1
Behavioral task
behavioral1
Sample
50c568ca141f5e0a26e6292ccf751b61_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
General
-
Target
50c568ca141f5e0a26e6292ccf751b61_JaffaCakes118.apk
-
Size
6.2MB
-
MD5
50c568ca141f5e0a26e6292ccf751b61
-
SHA1
0f0d616b9ac6e2163d34f5f454d1ad2fb438cacf
-
SHA256
ab49fa00872d5aea4438e25a42f11cdf196871490dcf81a619e73da1b274eac4
-
SHA512
91e5bdf316cd94a040660de0e647f035d0ed22071a0ff2c1d1cf07248c362496351cee00c66e87d775bdcfcae5a6367d0e921a34819fa0c9e27ecfcdf2da65d5
-
SSDEEP
196608:wR2v0uKTeOUOVhLzMfFNJhiXD7EFH08CuEKF2Yx6o:wo8VTeOUwhgNdEYFUZuEAx6o
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 3 IoCs
ioc Process /system/bin/su com.fanhua.box /system/xbin/su com.fanhua.box /system/app/Superuser.apk com.fanhua.box -
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.fanhua.box -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.fanhua.box -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.fanhua.box -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.fanhua.box -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.fanhua.box -
Checks if the internet connection is available 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.fanhua.box -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.fanhua.box -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.fanhua.box
Processes
-
com.fanhua.box1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4239
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Execution Guardrails
1Geofencing
1Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5b627b18181fc1ff7ef092615cba34cd5
SHA1499ce7eba938e7d6c14777b5efc10fa5b3b6412b
SHA25635510bd34261d300588b9b7a6d4be06bbcfc5c7a31115270066e1f950350ce46
SHA512112d4066333b15b51f407685a48a387ef0ca8d7c70ef30f8bbdf1ed37f68b56224be06003847c6949286c80541ba2d894b817700653bf604a0072630a42f8d33
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
56KB
MD5836bb9b27f308b2bf51e56a4da426416
SHA1dde4d74396b75f2db699a754cc0fafa4f8908d10
SHA256f7578c9c2b7ab9be2b5d479156ef2e57a76eb98feb3373778af6b5fc3f10c9f1
SHA512ce1b976d4f970284503845d6e5fc43c0b50960f758d562400f2297429a2d2af2580bb08a4e503189e60b3e03a135b80ece4dba309062b58ec726dbaa2ff99ba6
-
Filesize
512B
MD5c35467e10bad166168622fa46303af37
SHA1cedf4dbff6b844d8629fc53bfcee3b5a14284cf0
SHA2561759afaf1a042c199cb67040a75e4bb8193cf7eda432b4f9c08866cb5f5f6cc4
SHA51227db205f7d24d1aefb9e855bac63ad54fe2e4c0fbc521c19788e733be748ef40c6f52e792e94fdbe4f52a9480a833b9f15c91810a16e885551a97e4e55a773c9
-
Filesize
64KB
MD56e17c34fc1e211fe0ba6593cba562bc8
SHA185e44f26585114f8d2c730f23313399dc60d3011
SHA25636a0a9019f8276bec2bb7f960319b6d665057983e3b2290a4aa439d06e981dc0
SHA5124398ec225abfa79efeaaae661961283619af34315163229573b2d57712761bc6ddfe62c0fe8323cbd29077356f36e216057f73a9c0a5ed4d03e17a4698c770de
-
Filesize
129B
MD5285fd2ca5cc5c4b05aded6cb66b75dc2
SHA115fbe6ce7253e47c808716b7f7b912b2cf258919
SHA2564cb0072e6aed7b479d7e5a7cec366fcc90b3ac8895a74bfeea8cc294d7f8f147
SHA51275b0142e87f1f65b87463b9ebaa8517b0bdda7e5e465b3c6adb24fc26d80d7bc428d045992ac2986b5bb002e7f8c0d7ac2d58aef4d9773e84f9476ca003e7e48
-
/data/data/com.fanhua.box/files/stateless/dW1weF9pbnRlcm5hbA== /dW1weF9pbnRlcm5hbF8xNzE1OTY5MDM5Nzk0
Filesize1KB
MD5a6de119c9c6d3fc2ce1a855233883089
SHA1fd42d0e716ea39bed304aa9e3db21df3343f62d4
SHA25611b112b003092a6e8c2693ff3915052db6c4f59a50943ebf29414632e74d5c04
SHA5122eadb488989554abe3fedae0939070d27eafaa5e3442d6af14d6293aa9469fb4f8502bd3cd85afd1361bdd600b2fe69de31f153de26fea4641051cea12c7ed59
-
Filesize
415B
MD505edd54f96e0d9847519d80bdd051f77
SHA169aa6e6f0f6d7595f022570ec8aa21385b518a4d
SHA25612a3831a3515110d5c06a37f922a1502ea1f3d86efcdfcdfe4d328d977965b27
SHA51225cffdabb6bbeb7f01a3010683d0f9c1471c092a61121347368aefcf92b444ad0b50819cf7d944d3a924c2fdf05a3a437e39efbac08f0b9e69eeb24dd92043ca
-
Filesize
89B
MD5d988f9362527a92577fc9f3ce5f3c991
SHA11dd2680ba645242b3ae0f7cd9d7b01763146c2c3
SHA256fba668a3f4bcd694a55d923a8c4e327c6e72a43a835db2e96def263392bc526e
SHA51249a07d3966aa92c54eb01eec1a57409bcbe160a040e91c0b560499c35b2bf1066862f0734b5855cf93a4fa106682dd147b141f5e1001b8c36fe55f0f76de75a9