Analysis
-
max time kernel
62s -
max time network
157s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
18/05/2024, 17:24
Static task
static1
Behavioral task
behavioral1
Sample
55ea72557bd3b6a01d97b701c08bbb74_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
55ea72557bd3b6a01d97b701c08bbb74_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
55ea72557bd3b6a01d97b701c08bbb74_JaffaCakes118.apk
-
Size
11.9MB
-
MD5
55ea72557bd3b6a01d97b701c08bbb74
-
SHA1
8d1dde4c3502fa6f86a2805020eaa69b0fa40699
-
SHA256
1993b9b6fa906449d07eb485a67777db766b5dee4264bb4991d9b5838938f69a
-
SHA512
d660568dcc493660f5aa5e8f9814ae28372ef538f507f64aea3faf44875e61881196604e0666b7f1127536293662452810bc31eff3f65f9cc24e0153e96d0342
-
SSDEEP
196608:8Azrce5qfV8PPliIrWSe+LJw/ht6ijkrcprEUoPky3RrslS2dY5yUVM7ne:8crceofV8P0alwJttjc1NhrPIbK
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 3 IoCs
ioc Process /system/app/Superuser.apk com.estmob.android.sendanywhere /system/xbin/su com.estmob.android.sendanywhere /sbin/su com.estmob.android.sendanywhere -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo com.estmob.android.sendanywhere -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.estmob.android.sendanywhere -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.estmob.android.sendanywhere -
Reads the contacts stored on the device. 1 TTPs 2 IoCs
description ioc Process URI accessed for read content://com.android.contacts/data/phones com.estmob.android.sendanywhere URI accessed for read content://com.android.contacts/contacts com.estmob.android.sendanywhere -
Reads the content of photos stored on the user's device. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://media/external/images/media com.estmob.android.sendanywhere -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.estmob.android.sendanywhere -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.estmob.android.sendanywhere -
Checks if the internet connection is available 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.estmob.android.sendanywhere -
Reads information about phone network operator. 1 TTPs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.estmob.android.sendanywhere -
Checks the presence of a debugger
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.estmob.android.sendanywhere
Processes
-
com.estmob.android.sendanywhere1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Reads the contacts stored on the device.
- Reads the content of photos stored on the user's device.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4319
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Scheduled Task/Job
1Defense Evasion
Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
512B
MD56b95ad4c2c8dca596365b80afadada71
SHA1b79165973309fcd0436583e1f544a6bcbb463382
SHA256f8c5a34847c6d0bd15cad077ed2820baccb3b383bdb7ea2ab2fee8fdd08fb422
SHA5122a2ea937b28e3a6bb50e946a7a58992b17491ceca13ad3d8dc40eb75a485082c43fa07fb098ef25761ebc24ea09d4d1a8a4aabb65648ace1f14ee3cb53093f4f
-
Filesize
32KB
MD5ac6194873e625137d65a440fff7451b5
SHA12588cdabed956616b46864f0d313252a851e8399
SHA256566818aa92338cedd2c3230b4d41c9eaf918ba019fb803217be9f8598b11badd
SHA512b285433612baac6b3a972d992a7b6c1052b285f3f7ec1c0d8eeb9bdc249c91ce70dc45e3f2ff8f97b9bfcaac7a906a8e3c2988ebf9b1b66cf7c9a1e6c1dab3c4
-
Filesize
512B
MD5c3b6eb3d4f1ff200b361d04eb5668ed8
SHA1e0a5e7e19186cd4eb5b3211cec169613da8a83fd
SHA256ec653bacdcfffb02991ec382e17ced4c5c8212d4820b2fbf421b18b9aafdad8e
SHA5129dff24e53a58151ebe0b69f9f973c9808c025220ab328803cc65003914fbd934e3e4dfab67ad8cd149bc497cccc1ff44823bdadfa3099be9b96560b96560a549
-
Filesize
96KB
MD5241d315ce4ed4140edfb8d6ae1614001
SHA1c16c810013ff4525012d3377fc3040cc0660b53f
SHA25657dd6f199ce98144a332a19e2467b5f316d6557264e74e922cf7046484402623
SHA5125057b54fac95572fdcb27439b422b520ba7edf3b3ed858c79c10b7c8108d64b34b927b88f7905ff0a8d2b21949dfa085f71e00b56716e1c307deb8c2c507609d
-
Filesize
84KB
MD53933241254fa9a61b2dc3fe7eb7ba9a0
SHA1c8b23eab456dba7470a1df60c1629b07b974766d
SHA25661cfa7821cb8d248123e50b956950a0bbc55e5858217a05e07f485b481565fc1
SHA512580707c8a8e0cc6c82905fd23f29163d981fc49aa45baece0a91679f7b2bc1b9d2a84a3e1b7680925ab740314810c15f5d7dae4c47244473e5af273c1664f485
-
Filesize
512B
MD54b68ebd23bca53bf25af79e12f1958c4
SHA16379e4fe16081eff61a20f401fa08399c9dadfd1
SHA256784cd1f6fb78b8bd8191b95e66dde528899c757a92763e804fe4b260485b537c
SHA512e470bfd5dd00b360f6b4eed0ace78c973961cfe938441bd78b00e4aa2a1486076304410fb65d857f3b9dcb5b2d782c697906248a9ef97a5082546ce8ffd3e458
-
Filesize
402KB
MD507d62d3c837b889b2acf5702a9886d75
SHA183643e8ea05c0e58b30c44a336bf203d0d0dcc70
SHA256e78f671c1a95bbb0c5a1e949ac95bf1a1d53f8b4612694ff1a8d449c186a1ed0
SHA51208ea5bd4832c758c6fb4819ab554e0c2faf2fef70ebe1167c08afe8154925bafa35198b841187411b09815a005a1a2965c2c6ae8172e67024a706b83cc7aa395
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD57080b849cd732a9a5ba6043717376d46
SHA11297e3a166601ca1edb9aaa10ef4450cf2d3032b
SHA25669ba4cfdcdbeaea463f3c1a913cea9fc160e8281818d7b87a6aa7ad1d7947277
SHA512fb32a672ebaa93b94a09d784da9e18cd97e3969374ca88c967497142642a27e6fed2f48f57ccbeca229e5275aa5bcca63a41f44bb415ebfb1d7811255bc66d1e
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
76KB
MD5ebec3aa7310b49bf82fff7e27fcc36cc
SHA1b9b5f703ee3a7ca867d83375abf7b97d1b475b45
SHA256efd1ca2ee666b7bc736e33332a46b83f42af549fb939b6813b6e50e317e4bb36
SHA512d40c70a359b0fb4754af2a6181c73df5ad89a23d8eeedc71e4bbd3e897e52aa51eb948120b4742ad3a979769b0a3d4be048d3c016ff758b96c2e4fc4c1402708
-
/data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566BeginSession.cls_temp
Filesize77B
MD577424e5ce056ac4a36e627968fc07d67
SHA19304637f7cf49a41ac92b1048a7e6daaa98d5789
SHA25618ba511877d5d8ac7ef9568c48f95e555e4352ed6ecac34d9326981ad2bec912
SHA5127d939c65d5d17c70172430e00a9927538ad6df9f7f545b12240f89e3dff93c3eea0d3a7afc1250b50660ecbac202b7287e6bfdad72c28f6f1a35e06b5f9ad091
-
/data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566BeginSession.json
Filesize132B
MD5a5372b5cd907e941dc1acd507a6bed76
SHA1d2448c14d4741f78000bdd5bae5b3c34ebe35001
SHA2562ee6c2d0ce3fcf4aa8a1f020a9b8aeade35f84f57012edf0162a569c0ab5f250
SHA51259b6b845fc90cd12a9ef90aca941971e31d95318148cd76d68181cda98a3fb01dda0d5a9da5d5da09105247e062aa2a439b3fa6858d0bf74d4d1e225d7f8cc64
-
/data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566SessionApp.cls_temp
Filesize95B
MD5f9c8609ba15b3f6f417a32e107d593d4
SHA174ccdcae0d2efb7cbfdb359f3faa0366c010dfd1
SHA256481808b1a6659538551d2926b0c9131e9dcc6a928b884fdf1e2ac15399003711
SHA5125e2d851aad9af0948ceb154810857d16e89fa603124f815f13f409f49c1f3de77327e43abb9769731e231d1f0f5cb90f35fdc5ade42faf9e997b4b98345596a4
-
/data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566SessionApp.json
Filesize209B
MD5eeb9f196e691d2499ff12b1571914b4b
SHA1cec4d207b703382f07d4ecbecdf21ae3d85b2b7a
SHA256edf045a192bf0b855ffab88a599dcbeb037a4edb70b69a9c35b99fa595f85ceb
SHA512b777eaf78c2613e90b31d99044a7a6473ade32007d2a482c4b18fd40733a08f158a03607a734db6eb1990c522f8271e96900185e29dafaf633c2c902901bdd8b
-
/data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566SessionDevice.cls_temp
Filesize48B
MD5cf9cb0612d588a1f71b63084cea67316
SHA13d035bb92fd3f8997160cf8025c40239af74d3ca
SHA2560d37c5a64baf86735501f9044eeb926b3d46548cdcf67c2cd1f773df36624ac9
SHA51270f000233e181e3b7c6fcf07aa04fdb570f970335837f8d1c4680a9f78af9f9e17c73a0a5646770f7a8787e338899edc4a5197b023865a4da894b1aca12bf600
-
/data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566SessionDevice.json
Filesize202B
MD575db92d50c80a89e068550028c62acec
SHA1d78ea55f5dc682e4da456d26383249f608fe894f
SHA2561dfc488309883b61beb3462567a9befeaf36bb475a07a7ecef2be60bedb4b5a2
SHA512dbb81daa5fab357f087dc295e7861444f945eb4c3883a09926b47312ce526bc069266a8a24b2a5b4921fb13e797696c5824195f0a79317e279ccf7855ca2ee13
-
/data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566SessionOS.cls_temp
Filesize14B
MD59b3d4522944ce6396563812bfdb92fa9
SHA16d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727
-
/data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566SessionOS.json
Filesize54B
MD593023624eb8dff5c20050da136aaae0a
SHA1acfd1ffed752c28fb135ba83c0c6345ddf2f6995
SHA256968bcd7c4f1abed89a09cc0e6dadd238a81e8655e64196b39a86be49ceecd39c
SHA512bb25dfa144d3f0e17203936c503c5fedec5f9ca710e177f99e273010ba4a682199d4bda5684151d65f3cb1549f4611b3a645ce39646d3db9a1b2c17d6b160579
-
/data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566keys.meta
Filesize67B
MD5eee135e6127384c3fa980c70bc2c7c5d
SHA17442a68ad294b26046d2edbe9a3e9d6720dc7af3
SHA256164114a7da15c860ea7e20b4d2e4211ea52794e69176860a3627bc4b525448ab
SHA5129cdd6c6c33472525eb705b804cc86ca62930d150032fa101c53e02e9e926ac7b5bef5f2d1d85a219d7a243e9550d6a841143b2dcb8fa4900884e82d996b97a57
-
/data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566keys.meta
Filesize132B
MD589ec907edf0501c6b8a7d9199e76f4a3
SHA1f8cfcb8c37c0f77fdd99165f9e5352318c5baad4
SHA2562495e43174b19d198bdf4b3ce43a0df9edd2dbb23745f2a8509588877bee6f15
SHA5124b0b34865d405e2fdf2d591e92b6bf7271e9c7cf817b765df9404c6b582494f12ce6b3fa1b2297db144df686cd598d44ba049408ba2c6945ad698a047cb68e7b
-
/data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566keys.meta
Filesize131B
MD5ad3e287df2f559df9c1faaf2325e326d
SHA1fe35e22955c5e1541e6f194f0d4ec643a681a6e9
SHA2566a3b5ecee15bca5238b806bf18d9c43c15a36cb50679030a8b5df9cf300bf397
SHA5122e29682a5fd6181ad82287da1dd3e224fd3e6cf85f830a6d2fd0af6fa839c20acc6ead7c08665d0e540ece5305a141eba7e8d5d1b1e0944a19442d4f5f96b08f
-
/data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566keys.meta
Filesize196B
MD5a7c41969167bfdb2999be9b2fb3bc793
SHA1aa78a036874ffff7dde3eeae7d221f21f1bfd132
SHA2567b6d24f2fea64d37f59b3507174932aacb021a3f5069100713ee0c561ed9d308
SHA5122f96b7b2c0ae50232a35fac2f9a8c5eed7a5e8fa7ccc1387e5dffa952645f48ce75efb9ed7244c1f202cffa4fe51a23aa6539f438842dd5325fa1812a1dfc18d
-
/data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/6648E46701A9-0001-10DF-387714D93566keys.meta
Filesize330B
MD511f707856801b2698d21aa4f56678e68
SHA1a287a83bad3f967ccc9747a9822f61cdd766559c
SHA256c27cb9bd31659e3eede2ef1064190a1a74192452bc276b5470b1c8435cdcfa2a
SHA5123fc5232a38ca4c08f74abd8edadcc1b73161a41815870a0400045fd28628847c687739cb23701ea39ce699f8af78ffb957a2acc831a62e2477026eec6d687a99
-
/data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize448B
MD50db6e550998e2ca5d94274e9041ed452
SHA1020a1f66531f31d417a1cd557ebf42ec99018744
SHA256f02f7a37ec6c0ca3baa4e203c3e6456db413fdb64326bc4dd4e41153b5f2121e
SHA512ef938deb1d96a37fc3dce3078bbb33462d720c420ba3152998f855de1e52827c69ff2072248fddd533070a0d49932ac7e181cbe05c78cec67a3db673d84b1173
-
/data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize2KB
MD5d4e4e868b8ebc05bc6b786585f5e99e3
SHA1d5bcacb6af33c79899c7a4e0361d6f55a55d3b5f
SHA2561855e25871c3a84afa927ba44d296b25a1c6dec17e91be3f72cf26d94ab4d7e3
SHA5120e24a54c034b2ba7dcadb9f300a50296614ed95aea30e404c62dc380940832eb288458da7735c4f3b8ce3273d2cee46a9616f88b1805afb0480f74cc0194578b
-
/data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filesize16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/data/com.estmob.android.sendanywhere/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_8da91df5-5d0b-4fa4-9363-a04908ee3606_1716053100956.tap
Filesize359B
MD57dfb0c2cb3e60b6ff57d23f05482035b
SHA19f735bf7a7af972a1c277f559e3b63f44376d4dc
SHA25698d227271aad9a7a7fd99e0c44ea56e4a7b49130d7d251d9f31f781de206964e
SHA5126334cc1ed0bf97ea51094525b9fe9c9bb3bdb22c4282661d70fbf1f74b2acdedd8928044d095f5b186dbaeae911674284894a463a948ed97eeffa679dec12a39
-
Filesize
1003B
MD5fc07249e6dcd63eca5ac999e3130c57a
SHA121dfdf869160910ebbdf67574dd084e690299789
SHA25637a4a07f6b2674f1eceebdfd776d678b282d09b0721ec2143bfb98bd5bb34436
SHA51223d068cbaffa098a07d3bc39487dc6001908ff5eaf4adf3831885bac8aaa9728074af0cacd20af862f609a1225efa174069cf8a1abf31fbd5c74ae5abe4f12ec
-
Filesize
24KB
MD59064499875414ea66561e11d86808869
SHA1d4d771421baf79f80a9a28ac738b96925542fa43
SHA2565dccc5d942d955711813b66f26dd7f2a8509ef6831618798ebbefa7acb40b2c3
SHA512e3f4bae36182f7a49a5ee5da709a8303eef72c39171156bb0aa8fb0994768e8af2fdbdbf2f046c01cdec3700230e72b7b6d98bf04da705f2937062bd2daecfca
-
Filesize
24KB
MD5808defd560368376178c83310e1e5a5d
SHA145c73589729916bac0c34d3a1561abe5d5f238d1
SHA25639d69d2b511be2f41354d8ac101d3b7bb90871521a1a59ca25027fa518d7d83e
SHA51213b37eb069504aafe1d291cc8e3996f0cd2c22bd2c86aa6e6e6bb7341f60cd1c64e4fced18a406c389b25f9305344e6d7d723ca8921e9cfca7617b8b864ec0f1
-
Filesize
608B
MD5c59e25e4ed91c97001f53b7ae5827a1f
SHA12dc7493688d0569e07e5b7f40fb3ab9e205d31f8
SHA256926bc5d1c8f2cdc869deafc405eb4cb45dbbc932fd189413d69583eae329b8f8
SHA51212b6ec3aef530f73870e0527e44ac92f4565a4edd4fda472e9e7c0403887ee6ba5fa72d89af462318980e9b8f51199d8234c2be1fc0c1cdf712c527d78a83a73
-
Filesize
2KB
MD587243d0c8c31f6fbe8f8538fe8306a78
SHA102a6ca755c8816e23dcc5c6475d6939c9ed88a46
SHA256140e82babfc3f3dfc374510b12253fa616c56ad266707b482c590bd47a5bd1ca
SHA512b9d1a639c7019486cd17181528be044f42a5c80751494532d9af107859d0ac7900b9d45d3d364da7f72cd3e8d51c41b43c6b188f5609f75bce880b0817183e50