Analysis
-
max time kernel
3s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
18/05/2024, 09:09
Static task
static1
Behavioral task
behavioral1
Sample
53fc2c64e3765111d7c625393cc9f12d_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
General
-
Target
53fc2c64e3765111d7c625393cc9f12d_JaffaCakes118.apk
-
Size
11.3MB
-
MD5
53fc2c64e3765111d7c625393cc9f12d
-
SHA1
e5c940af900446c4f8f80058fd7307b081bd5ab4
-
SHA256
6d2153eb47d2d681579af1d4ba8ba7a9222710a696e96ff43fc9f7a1f82bbda7
-
SHA512
2da69d70128575e4cb338389daa0e465dcfde43b279f690b2117c955b2f255d544e84af0180d74e16cb10f4cbaaf47760c2eafc337530fc9ee6d4b3eb4653dd9
-
SSDEEP
196608:KnZAMfymlpwfg1YYlC03xPoOxBFj4q8l1NkaaLpUcAifL3Xp+FeVoqHVw7k1kqe:KKQ4fg1xC036sIvIUcbfj8erwA1o
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo ai.tick.www.etfzhb -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses ai.tick.www.etfzhb -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo ai.tick.www.etfzhb -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver ai.tick.www.etfzhb -
Checks if the internet connection is available 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo ai.tick.www.etfzhb -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal ai.tick.www.etfzhb
Processes
-
ai.tick.www.etfzhb1⤵
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4310 -
ls /sys/class/thermal2⤵PID:4374
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5df2f1a199727e43aec33a71cd4e73a15
SHA11d4c9bcfa0d12ea1cf2ffcd3737a0e29bf71e83d
SHA256f51d9f145588721a4c5b3bfaa1d16f3cc307dae433d5177cdac747b00ad0fd04
SHA512963ed2492e45a394aabad5801380fb6feae7957378a9fd77c8604b9fae2fa77d3e864e315c82c7bb8be18fdbc36133b3892e2a78430ab9911a023840569384ab
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
48KB
MD5323c548221bd44db58166c1f2991fa85
SHA15187216a07b00777655413eb63daecad51fa3f6f
SHA2566fc1da7c8e64a54fc3cff612d58be2fa44d001c953e3cecf822fb91a6c3b7669
SHA512180d53212360fd65e0d98ea28fd9031f494d531178ba0e19ecbd6dba031ebb11ec33f27929b8e6675adf1480264b4473044b0d5167732460f2c94139124a9d19
-
Filesize
512B
MD51208a7281f22f61d243379e6933f0df3
SHA10244ada7dd75ea24f67283603764409e5f081538
SHA2568174c9d8153f9337db0ce630744f7bc5db1088aa05dcdb43ae0b959ae11570bd
SHA51202cca0972beb984e988888d238f40c4762e1d0535b2cde1d22758cbbd4ff53bd7b39bc250e789cecaa3b7083dbd5b98e570127e28f2e40e264a59fee17818521
-
Filesize
68KB
MD56558dc2e2362d37223a2e3c956644383
SHA1770ff8c469d08df27a16bf952f8e10e056d115a8
SHA256d8712b7ee4fb3d5550757d48dc936e6119624c97e8512e4e6d58e7ac89c53c4d
SHA512ecdc13c0de00ad494cb84997f17111deb3d1ff1b32f8e827c52e42b10ce00700b7a4e02839d18a0e522f41e3153e120724e55b59abea49502d9762ef8175da6b
-
Filesize
512B
MD52057acff31deb522db69a75569733605
SHA1150f3fa347e93b986d17e894e0db9d2ce0194962
SHA2566e9b05e1c08833bf6c4f13004ae21d46ae694c28f0438d1bc113ae047e496595
SHA5124b0ef741bda4f8c0aaecc1704ef7d61ed5512bfc41bc8f0fed5e8c3ff8d12f0061e3feca987610e40a4c7167c3bad1c3a8a1b78c974389ad515e2747655c45ad
-
Filesize
16KB
MD54e10263cdb38d819ba88ddef94df3b55
SHA1fd072793af2aee3353bd6d09283e2bf1c1dc1916
SHA2564990c3943d44e9a21c2004f79f8f2dd4e43c2e334e0c3a29b7ff8a4fb28dc20d
SHA512b1a865308c07d82845b65ceba484726ede2ba013282ee35ff6196e58f13ffd2031e84c44ee040a9d417a71be071820bb8bb9a68c0b48c43eb9b55eca1fdf52f4
-
Filesize
111B
MD51749f6d5138ec3056f0f53bb0919afed
SHA10be4cbecad98a3cce6cdb69d869c7e2502decc03
SHA256914e752a72ab0d60880aaef0a79f6c3199abd692f305ce04c3444ceb6de2d7c0
SHA512f91198f763078b28e5f76ee609ca75a75ecc78e1975d5a23f23b41f159a4d32c4da5366b914be1cd5617cca6477910c0ea367ebb66b2547a3c4bc1f79ad5363c
-
Filesize
111B
MD57af6dee4b96e9f87844e7628bd4583c6
SHA12089fbf3ee645a5a13d2b3322a3fc24e4dde494b
SHA25608c21e77abce9ba25adf1b120b037443d3e767d9b1cb83e1258b159b5a831c78
SHA5121e1755690a68a580c95f9e86784a50f6ee979710e389efafdb70b1b447439aff0b2b46f833326a5cb79e265a3c2de062ed43ff54b8769c1ccb20fd0d9c26295f
-
Filesize
167B
MD5635a6e68a6ccf47c40914d7832c27c1f
SHA1e1096dcdc90becddad8dd805332d469d7ad01034
SHA256dfffd499b2e03cafda85e5315fccc389a1dbe9671539def78a16f12b006ec160
SHA51293b583248004e9a19004f34c148d9974029f26f0e9bce2ee28f3a840f6aa9ba7249c00de3ff7aa828331f6b72225bea67f69cb6a432415b12d3251578d5e6ec8
-
Filesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
Filesize
1KB
MD5a1d0d72ac1065fb8c559bedbc99049ee
SHA1e1d62a10ee19713b64552259a6c0cf8531cb80c9
SHA2567e68d9c7eb409d06dfa3bdaa20d0dd1bc85f204a8dda0311b3e0b526b4232771
SHA5121363a56173be71c66c1ec5f80f556c372f523204e5fb8d63a9e29da78ac406f25fc65f96acb10fb08e976196ac988b73a298a2a5c5968d4cdb8f62c3be9833cf