Analysis
-
max time kernel
172s -
max time network
177s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
18/05/2024, 07:06
Static task
static1
Behavioral task
behavioral1
Sample
5381cfeb78ea0ac05bfc114da905f8d9_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
General
-
Target
5381cfeb78ea0ac05bfc114da905f8d9_JaffaCakes118.apk
-
Size
14.3MB
-
MD5
5381cfeb78ea0ac05bfc114da905f8d9
-
SHA1
a515981c967eea85d4279c4b6775fd9d4f05e2e6
-
SHA256
4024d0f1bc319647ad39251c338ec2f7a1c8f5fd8973637a9d72b64c47e5d387
-
SHA512
30c53b6e81a7963643a6ab1ea247cdb63cb796288b2f1d7a2e54dafbcda2b206588ae89aafd06bce3371c027ebff6e65910d4ef488d8a0eec1595f9d3a5670ee
-
SSDEEP
393216:2ggz6LQ/EILYWxCL++1UTSnrCNh43XOMZsfv5oUAJ8JfcUjCh9t:2BDVjgL++e+uNe3XxZsfhRUZ
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.caifusenlin.cfsl -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo com.caifusenlin.cfsl -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.caifusenlin.cfsl Framework service call android.app.IActivityManager.getRunningAppProcesses com.caifusenlin.cfsl:mult -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.caifusenlin.cfsl -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.caifusenlin.cfsl:mult Framework service call android.app.IActivityManager.registerReceiver com.caifusenlin.cfsl -
Checks if the internet connection is available 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.caifusenlin.cfsl Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.caifusenlin.cfsl:mult -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.caifusenlin.cfsl Framework API call javax.crypto.Cipher.doFinal com.caifusenlin.cfsl:mult
Processes
-
com.caifusenlin.cfsl1⤵
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4256
-
com.caifusenlin.cfsl:mult1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4327
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.caifusenlin.cfsl/cache/image_manager_disk_cache/78fefc26ee98a81e05de27fc9f7246f04fac9b22faffe5066d8f22aa4419dc50.0.tmp
Filesize39KB
MD5495cadef7c7561fe71e1314b9459c4a1
SHA1ea3eb58ab203481725191ca70869b71a686b747d
SHA2566efa48f69cda3a43f08177c57d591b07e9806db28c56ad0b6972eed5a9cd5894
SHA512bc297aa23d4be800e42d68d7a85680fac5e67ae51c65db17c156752353534b0c8e683929175cb1a792fdf1109f35d01800e020f3ee432d56d61cef786a063231
-
Filesize
179B
MD57e45870d682a9ce5aa1b9d3340d04f0b
SHA14dea7172ec818cc7d78cf4def29a2a6e32e3bcca
SHA25603016c5d329e6d5c7e5e0ac1ef8ae9e280b9aea14eec1f317b83d7fe0ef50e58
SHA512d4867b395c1f6845bdaa8fd49bd8831a1e008aaee23764b4ff5d0e6ca5295541819a345927c4af031c46362fec83cef3402af0e9ecac02a6d90eaac57d60c29d
-
Filesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56
-
Filesize
137B
MD5aeb05f61a95a3f22569f2b62004db547
SHA1282e09bb6376c00e55cd34c55651a53058ae4987
SHA2568e21a3b9c113399e7ecfb2a33aeb41f1931c7a8d492aaa2e8fdab93e8e8c8515
SHA512f75b5750d18e373d74ef1656d2bc7165a7496e0867f4b0cd2bf4659a326769cb6c9d9e21dda8c5fca9628fc5bc5ddef834e0714cd914f28021693aaba9d18e44
-
Filesize
18KB
MD524d09ce6bd6b4fe6ec4cfc45e6e13ffe
SHA1ebef080f062a4c3ff9834776207582b1d2c1cee1
SHA256a0a0ab1e3f6f26a57412df199a07f4d9bdd48490d49d9d0d2805172604a056e7
SHA512a53e627fd9d4895844fab6cf175eb84e0760a89ca9ef2335f5cbf744973ad97231d956a148594c8a988c1d52b48ba4445e372ae58882a05b07f6335b9495c0d6
-
Filesize
32B
MD5563bf04c05f21ccdec501371db9fd202
SHA1cb0fe094578dc90dbf4f4aea78fdae237267def2
SHA256ea3e0a063e7b3d34bcc00d4a6fe24cae1eb49f6331e0b3c52aa1624638cca152
SHA5123d5004543b25ee220adcd410c241ed7d8577518656d694773a42767f52fd600d4b4a04531870ee39fb208451789b9d80970275a2a36d655a2b6d4bc1f3ca29bb