Analysis
-
max time kernel
142s -
max time network
193s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
18/05/2024, 07:52
Static task
static1
Behavioral task
behavioral1
Sample
53b1e66a9d2bcd4e0bafc461874191a8_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
53b1e66a9d2bcd4e0bafc461874191a8_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
53b1e66a9d2bcd4e0bafc461874191a8_JaffaCakes118.apk
-
Size
28.1MB
-
MD5
53b1e66a9d2bcd4e0bafc461874191a8
-
SHA1
4b81c3fb4428052e2d26e996c39821dec8fdf57e
-
SHA256
ba31e250bd49158eadbbab08f5ee16049706fee59c152340b03b09f9e46bd70b
-
SHA512
53fb5b2c6625638e2935770f360ebb54ec43f5ae613935a3bd46c609f38307d63312d5331a14e6515fb3e536b6ecc05aba9c762da6f85cf5e0a52bc180e6487e
-
SSDEEP
393216:UmFyY/R6QK8sLuD//lPehqKuz6DWi15HRl3EfQMyay3ndKBaSYkeAbSGxv78:V4qczvuj/lPAV7LVEf0d3uaSYISGxQ
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
ioc Process /sbin/su com.everhomes.android.bilinshe -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks known Qemu files. 1 TTPs 3 IoCs
Checks for known Qemu files that exist on Android virtual device images.
ioc Process /system/lib/libc_malloc_debug_qemu.so com.everhomes.android.bilinshe /sys/qemu_trace com.everhomes.android.bilinshe /system/bin/qemu-props com.everhomes.android.bilinshe -
Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
ioc Process /dev/socket/qemud com.everhomes.android.bilinshe /dev/qemu_pipe com.everhomes.android.bilinshe -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo com.everhomes.android.bilinshe -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.everhomes.android.bilinshe Framework service call android.app.IActivityManager.getRunningAppProcesses com.everhomes.android.bilinshe:pushservice -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.everhomes.android.bilinshe Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.everhomes.android.bilinshe:pushservice -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.everhomes.android.bilinshe Framework service call android.app.IActivityManager.registerReceiver com.everhomes.android.bilinshe:pushservice -
Checks if the internet connection is available 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.everhomes.android.bilinshe Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.everhomes.android.bilinshe:pushservice -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.everhomes.android.bilinshe Framework API call javax.crypto.Cipher.doFinal com.everhomes.android.bilinshe:pushservice
Processes
-
com.everhomes.android.bilinshe1⤵
- Checks if the Android device is rooted.
- Checks known Qemu files.
- Checks known Qemu pipes.
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5372
-
com.everhomes.android.bilinshe:pushservice1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5446
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
251B
MD52156cde19be462e06c0c021f736e5d7e
SHA1dc5050239afcdd207c922a73fbd51a752ee91dcc
SHA2567176c0fa8b0501e682fbb588801033092d8d325c9c5d2785a47d5e6ee4d8bdcf
SHA512a2901d4fb3e1617fcd7d8d11a4f98cf7fd6c5d0f650181221f99b550d4e4482fa2a8ca449ef2f97ded7c48612c0c07b85a51cb8912717477821a567223bd1fec
-
Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
Filesize
56B
MD52962ae148072945f8c52733f739f2dfe
SHA150cd7b4fa4500f22c9ecc09c3e679a85210b951e
SHA25695d6f02a568345f290571c2adb955e84eb74ea12244b7ddadb4b1b7290f06977
SHA512efaef87a0db95a3dab5273f3ef6b376bb672748d22b40b1ed7d65002ece97c65985f7fbc14676704403bfc8ac119566814b142d7febc7297fd5c41a071ff5f4e
-
Filesize
512B
MD51e34183c4a11bb93db72526c412b060e
SHA194d2d84db2bad773ef0e0586d4f2d635cd0fd6ac
SHA256c7718127e1ec79acad4b3c63909a7f9315c6e21ec65d2ad5bd66aff6aa213ce3
SHA512f31ee535eddf6d8914af023d4b80d782bc3debb2c5c6773d29d6e6d800b33bf8d7241de02100f2a94b254996ad1dd4fe2fa80be240514efb8ae966df50a05cba
-
Filesize
84B
MD5205648d32d561056ffe2927e4a5ad1cd
SHA16ebf435af0f73987b8a2160b279670c7766faf55
SHA256b67ae6dd41734f44a3906544649e33e862599c1f65fa51cd57ef05c947ca5f85
SHA512f2af4f91dd4952a3a4fb35b642af1d079922f5bceebe235f8b4391ad79aec771d4182080429fdbdd9aba8dba0b8d6807896413048bc8066b2b29adfdfcd862ab
-
Filesize
84B
MD57d9471076d3a2ca4151bfa5a993d3308
SHA150fad942b674fc0a8092ee92166f1b3550383100
SHA256d0a9962349c137ce964eec2c0e72ae89c16e82f99e784a1d4adc0121f561b8bd
SHA512480b2d5db4d48a8691bc7a125a830450bf21e924ed6c02f5e1644e6174ff8300b1ee18738966859c55c1649bec6b130f4fe2abcebb9a2affacdccb9df278d3f0
-
Filesize
84B
MD53f209c0da8a1255a9e5c7d44c60b0f47
SHA19f4b6bbc67ebdafe6d3409542d5ca4d06c6f0c28
SHA2565dac28f93b5eb920047e1fdfeb331774ec46fd9b29281ef9ca45c4a723a51ebe
SHA512a56bd483229f0e9919919fd588be275419ecb280099e7d10d5918a876f025a99e3ceff885b99977d3cfd6710c9345786bc09523dd64fd7778c117138394043a4
-
Filesize
8KB
MD5a8626ef0652741b5ce877df172a0cb9b
SHA1cd2ba1f613be6740aedb55c2bc21f446acbc56f9
SHA25699a26b616b83c6c0898f910092001927454016652d680ff4a495cc2541811473
SHA512bdbf335b728fdfa0731bee606e539e8948719523feb18aefce48620e74f1146a65a8a4da2295305f9733211235942ab7b707dcf56c24e2e36f02948c3c69f240
-
Filesize
8KB
MD5dac34e2daca0a83e2dcaea9b83b2e509
SHA1ae0fbe31165a9b047425c881deb90dddff4e9365
SHA256400ec3cb35230809854ce3ceb8ec8d176c4bc14d325226559eda3ff0c7545ad9
SHA512b20773cea4db6954a79e74a0b58d3c38dd889e7b9812b20766daf65e30c278ec8fa634dfd90a0ff7de8579e115eaada5a71fcebab48662d06477b8b01332788a
-
Filesize
12KB
MD5a6dc8cc88600d599284c273c6159d877
SHA187ce2cd60dfb67571d6c1ce448de8c144960af0d
SHA256add7029d4b87ada42a424b1347ba0a5121b62499e134f58fe24dfcfaacba9fd8
SHA51281ec1972877911d6921b356cda04039d92eadf0ef21e2a40247cb0dc1ca73a61b36823fc65eb38709881192d78b3e8c2a419d62e0e2ced61d68c05b9149689cd
-
Filesize
8KB
MD5eaa3a0debce1fc1fd6d246178235a437
SHA15c6392aed4465962e504791c4b660dc0f9e664ba
SHA2569892293a6a7e5707cad4433fd1a83034689e6e08912c8b6f498738c0132a0e1f
SHA51253e94c8675b36c4588f68bff18c783ca4bcbe40294d0313dd446b6b99c4a61b98e6ef4764793cc73a6c817f666ed3e23484bbc9b403ac0e8a7fd6d8a96afd6f2
-
Filesize
48KB
MD5761165db17912b6f0a09ac0983becd79
SHA171e4dee56ab4bcfd4f653390cc7b17d60c1df3b2
SHA256f8274c70c6d15209dda4bdff2615aef4c50d28b96a3aa869d616f7c7f0bfcec7
SHA512d8bf7a99cdd49cfebea84feded74fc92bdfc8185f2797dd388e8985c117fa1ee5eedf2b2e6752ed9b2b30b430bcecdc1a8890b1ea43bdb126915e04eb5bbe120
-
Filesize
52KB
MD5e9cd0a7c8985ee0b7ceed68dfec9a9aa
SHA1c091a6d45e703a7bdc25d0183df053ba0a3395c3
SHA256db2fab6e9565b5abd89dfa27c5f1e6ce444f092d7bb871050b1ad75752deaa6b
SHA5120413f46a6681b9463a65ce51bc6c120908b7a194971ea865d27ea7e6744efdd95e04b984120fd905a324165617dde651f712de5f9662aad4fb8e6b82df9e1da2
-
Filesize
8KB
MD5e11871bf900c64ebbdf1bab18023ad80
SHA1faa02bef8903db901d409a27bc16480e8b803c7c
SHA256da3f1ec65e26d2bafb8c833066caca24791d9783b7daeb6a15efcad9e641eeee
SHA512f8662b5bff495e27509dd1d386b21b96324a7cad438cb1c779ede4c69be1541a6583c8124c12de275751d0a307f4bb754ce85dbbc25a340dce7d29bf7e1dbae7
-
Filesize
4KB
MD5b27e7e01e2de565b2cc735fdb5d17f15
SHA177a58a37b9ef14205860762c73c56ad12f0e72fa
SHA2564ba75329a03d23b4136fe268f191856b85a4cf1663b6786c47e5a50ae6a02504
SHA512020bd5e742ff6ade6f4cb6bd6994e7dcca8450218136b52ad961e16d9337a7bc349fb6744ff69d4e6ecf18189039910b43d991e1fd6bdce9f9339c8a6bf41832
-
Filesize
32B
MD5d12330ed7d9face86db202d6ace6c5a8
SHA15d7b9ca1ac03230fa771038bbdf83f03fa8a09ca
SHA2563d99f32075d437839557cc09d2270aaaf0bfe548f2679c5a23875733e3fa63cb
SHA512fdd54fbc5813dd7e34421d14c3157e4cff55b217f256bea4d4748b812ee49f720f238042eafb72f656fc672e5b69f45f21614fe4b86fadc149d0611ac74627fc
-
Filesize
14B
MD50dfe7f2c35d489c4e73553f91105f6df
SHA14ca492f3673d6ea4e0f45fc9f7cf90da042e5670
SHA2560b44ee0369a42f00342046d649523d7d8d19d733734a05acb74f00b52a495c69
SHA512e74a7c47cb3ced59e4cdff68b96a36b85c1d50ab6b3226c92830d26d834e8ca1d15ddbe3b32168e2011e936bdddfc5ddf91784218f0068c1cb79788a7b250a8e
-
Filesize
109B
MD5732478fd49c62fec93b16b72f1630986
SHA131ecafe8b3d12e2e48a25cc5143d1148cedc0857
SHA256522ca9c6873b9cb07d093198efc6633c6bd16561447c2341f806a3efcfcaa668
SHA512c89ca12d9bd5e4334e2c5cc1ee450e45152dbd1b17e6f3b0be4777df857b7fc2785ef65cc94d6e9eb0679e5edaab7ec633d198082dacc6175a8be6c8d218040d
-
Filesize
2KB
MD524b19074f8f0248a4b6606a1b0d6f9f7
SHA1d184326fbc3ed46be95abc35f3420016951a107b
SHA25615a2dafd51f20adc4db52454ebdd8f0a88c3e683daac03a27e989bafc29b1e94
SHA512cda70a6f037f7040d6de6c7f4c7c098871b870af6b6581b8921018dbbd20c80f843d24bc0257c098c680094abe1927300e5d75016bc60898d906ab8f23aa48d8
-
Filesize
16KB
MD50447c11e998de7b9f27b3d3a0ad719a0
SHA16da93274c585c2b555e9a364a59b41bbd92ec936
SHA256eb9e0d50a24fae79fb69ff45fcb2cb347431378cc6badff035a7aef74a0f4bd8
SHA512c8e6f4b0c7f64d235d879e2965c9ac5c748c5b2b21c22e1f3d81e139c3b8e00b547724261259077f1a94aa031b89117bc2e94abe11bba3b2dd0ded378395adf6
-
Filesize
109B
MD5b43b003418bedeb59bcd0a51d98a6827
SHA1459593c8aa94cdc4d1639acaf34f98b59cb2e9bc
SHA2560b4e09165b8249bb651d4c2174e2e7f6d0fed728ec441976b6dfbcf4ee61cd93
SHA512fdb9d720b2b0eea4cb3f79c835530a5f9df50b41f8e3d3f5d7b11e8b8ea74ba10ca36fe405d15c95aa745d50e028d74b6134ad833a7affcfab1356860670c6f8
-
Filesize
32B
MD58417f104a4b97bb6bbd46200480de468
SHA1be4d1041c8ab22af2986a527b057087c1aa33f02
SHA256356ae0f87b6dd9ec858271675f6d34ce5b8b799e5f66c15891f04879f9e7c156
SHA51217ebed3b1d1443998f6dc6ec9be4da6d4f333cfa0f36ab289f77291756eb5d0df99ad301f679cdb29c450a40acb7530ec33c5be0b293f56712f371c05e06b280
-
Filesize
80B
MD5b7fc74088f5b089700607385743ccca3
SHA17925cfe14dfe3bde587ec45ab5edd79c133dbbb4
SHA25653393393e28aee7fdc8a4a883c164446f1e2fcc2b10d04615c5e132abded041b
SHA512775eef26a65725b32ef74e600addf21ead56c71699d9f21a52e3f5b3958686ab78dfd228213d1f574ce831080e33aa44037480686b1a857a063f678c3e517b3f
-
Filesize
80B
MD5eb68dff1b952341715ed725febbea91f
SHA1d8e533b8f1e890ef9c446b42eb3180e88df80e5a
SHA256bcaa9ad3af289a565b5b8fac66524cab32739cdea8b6fe4ba4098dab7a905990
SHA5128a2398e8e49b3c7ce8bbff472906fdac87e109bdcf2ed1e39e82c4277d810eed15d13326d41b0e75090f19e68743e60bb447b41fe9e19e70db71d4cf3c527c49
-
Filesize
83B
MD5dcb424a674532d5c26d3cef22b37c41f
SHA1f3e9582f3296209f7a3114d5f0283b14721f72b0
SHA256400ee00957711ddd1047354520bfb76848f68a75062919dc98013b24e3d3cc08
SHA5128fd53babb29a7f34f4efa6cdf186d2aeb2732d73bea8cfc99a930a5f9daf5b7e194030313765df52f129e811e69981f326587a2fcb16ce33545ba8cc9d791e24
-
Filesize
32B
MD5309d704968169d032789a19e0e579950
SHA1e92cbf09b9083a67a705bf42bdd36a8f19b1d693
SHA256114870effe359432c7c842b2cf1044b59c62c360c8a5fa3cdc386bfc738a5218
SHA51231e147c3974f10eae087e17b21c69a557a5b05e1262fbd15696b1f5fd0ffb176585fe9f4fdd89fee780227b18458c30b20f35faea374b23812d494898be98539