Analysis
-
max time kernel
179s -
max time network
186s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
18/05/2024, 18:00
Static task
static1
Behavioral task
behavioral1
Sample
5611fad7482b8df338d6604dac75db9a_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
5611fad7482b8df338d6604dac75db9a_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
5611fad7482b8df338d6604dac75db9a_JaffaCakes118.apk
-
Size
10.4MB
-
MD5
5611fad7482b8df338d6604dac75db9a
-
SHA1
1dd5e91cddbb5dfe2affa786245cbc59ddff0d8f
-
SHA256
ce5e83dbb771050f19c4f04c6c511e3b9fa424d34537c60365ae1e74c90c4488
-
SHA512
11a012c6abf246eb39ff50e99c87d2f70df79e35f8ecd308b97d0e45d64488fe06fbf350a6f148501bc14fdd6fb2d6f98e9679c130cc376be14a8afd921da359
-
SSDEEP
196608:BOikyGLDKYWZkIFiTIFLHVEPG9vTkyX+ebYxRBfKud3KKtOWcQTlgDwdGEIBFh7L:BOiBGLpWOyigveyORBfK7vwrVIBDPf
Malware Config
Signatures
-
Requests cell location 1 TTPs 4 IoCs
Uses Android APIs to to get current cell information.
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getAllCellInfo com.yiqiao.ecarallrun:remote Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.yiqiao.ecarallrun:pushservice Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.yiqiao.ecarallrun Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.yiqiao.ecarallrun:remote -
Queries information about running processes on the device 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.yiqiao.ecarallrun:pushservice Framework service call android.app.IActivityManager.getRunningAppProcesses com.yiqiao.ecarallrun Framework service call android.app.IActivityManager.getRunningAppProcesses com.yiqiao.ecarallrun:remote -
Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yiqiao.ecarallrun Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yiqiao.ecarallrun:remote Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yiqiao.ecarallrun:pushservice -
Queries information about the current nearby Wi-Fi networks 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
description ioc Process Framework service call android.net.wifi.IWifiManager.getScanResults com.yiqiao.ecarallrun Framework service call android.net.wifi.IWifiManager.getScanResults com.yiqiao.ecarallrun:remote Framework service call android.net.wifi.IWifiManager.getScanResults com.yiqiao.ecarallrun:pushservice -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.yiqiao.ecarallrun:remote Framework service call android.app.IActivityManager.registerReceiver com.yiqiao.ecarallrun:pushservice -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.yiqiao.ecarallrun:pushservice -
Checks if the internet connection is available 1 TTPs 3 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yiqiao.ecarallrun Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yiqiao.ecarallrun:remote Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yiqiao.ecarallrun:pushservice -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
Processes
-
com.yiqiao.ecarallrun1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Checks if the internet connection is available
PID:5179
-
com.yiqiao.ecarallrun:remote1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5258
-
com.yiqiao.ecarallrun:pushservice1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:5228
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
44KB
MD50808e95af0b478317d0290584590d0ea
SHA165d7b3518eda3c636cbf656716924af614fcb6b4
SHA25679359bc24502f90cc6c999d02026235246e6e4234edfb69bb629e8764ef79d2a
SHA512b4880d1bf1bcf113a3a6f8a5fcd9817d0cb199e06adf078d73258d13432104f31d0825eba08d9a4bf7512edfd39cd0e66608d7f7afcb9dca33756477d7e04e47
-
Filesize
76B
MD58485374136b63f7cc2e0979dd3db3ec7
SHA1179a25cc94ecfbcfebc336fb6d8b1bf6bd830477
SHA2569b2ed5daeee54c38d192cf041b48b34e8a645cbe925bb76ae81131dd5c8587f2
SHA512f2fdea187ee427a7fc641055f4dc9323b01a39baec2ba329c1664bc7ebb2718b4ea407819f9e4e3b190aa191c49ee4275429b39850a96a86adb08bfd8ac769b3
-
Filesize
235B
MD504258903fef500dcc3dac4ff1f750dcf
SHA139b6e74226088bc0633ff19ac3159543f90390f0
SHA2564539114dad6754a5c6325b66cf7c84e84795c7d96531c64d44168ddd5049cb2f
SHA5128b714afdaebf4493c85b086ef331e74b3aad6f606494fb2477805969e9f861e9151ab5f62bd302cc9d80cb7f9f3f51f0ca1390d75ea4418bb07f74dedbcaf14f
-
Filesize
28KB
MD549eefa442e55be8652c7c3c5f28d912e
SHA1941ef7e65d47d38dd5f47084663f4fd7f57fbbc9
SHA25663d7b59dcdc791b5d1380a1d06b9e199f6136965dc21a887efdd0cfac9d0a1b7
SHA512b6c9d8a985a865c43348e34d94f149e4b552359d9afc7f5db660535ea107fbbdcedee542b9bfa018f1881c6c021b1e9bd331debe9562dcdffe2f8b3655d2d3c7
-
Filesize
8KB
MD56e7d3e85a73c38acdc07e760c57df61f
SHA1be186da2b51e2f6c92c75062a5cf8650843f516f
SHA256be11716ac6aa64246e0047f587592a0406862925c0397c67d9e37188f73fc1db
SHA512f91dbd495c8501dd7d1049c0c55191e1a63af9b5ce3243145d3a65c85f4f11ee78521f62c06c14dbad78a51a54bd9c8ba891c86de9140442c941549c52d43b00
-
Filesize
8KB
MD5c6d0c78672114f276d642abb1929bdb8
SHA19d196c2c44f5dda541dce37772eeb370d2b15169
SHA2564d8b01d750b69f4c0510bf85330d15af19623d4066e1bc3daa6d2a6ea279d832
SHA51226331cef6c8085d863074206cd938cb0a71e7b834a941e3ee216dbcc8af0ff4f029891082b42850fde0e813f1b05681220cd60780c3179a0ce0a6defe3a1252d
-
Filesize
8KB
MD5529c45d16bd787af86195de84b73e11a
SHA14acb93b6d3b082ac8b14ce0292269f92795f331c
SHA2560424ac60c430605164c8ce2b7ee908b619e7c0f97d45566dae92e9fa857cbf0d
SHA5126b6b3118edc251a14f796aa63a49a7a8024766c9405ad351ba4666ae79ea2aaa414de42295723c653c374875bb03b7350310733647ddc039cf06fcb592a8fd2f
-
Filesize
512B
MD5467049ef518d249caab56f31e5937809
SHA1f0530661193355190d69ce0a6d88a11880e2354f
SHA2567420940d403fec6e3d5c6e60df1e08efaaba29303376ace224f7b5e45b508a17
SHA5122f3df6d74f0a50faf7a4ebb4eeb655c5553257e05e37b3c6a2c62e4010e3d42898e71410bd7beacf87a9034244e32c14894aa04fca0fccc89c14a70c919aaac6
-
Filesize
80KB
MD5744ba4d6f58e22f8f82d56a50e4b5373
SHA1535e389f9b7f2e0d14e550fdd00011dfc255e0b6
SHA2568b47d5b310d68b6911dbcfd7ecda4d7131351f66365f81db82f2979ae2f53592
SHA512e888ccb7fc6722eaf8fb6bb8370c55f9eaab299be08db7c57038efaf945569b62b7b6b2dde5169044c5d60a4a9a9051ee7a7c2146153aa7d22d8b7c8f3310055
-
Filesize
512B
MD5eb80ef85429b491dfe2b2b131bd2c058
SHA17a92aec8f57361e80ca427c9babbc0a9883b6180
SHA2569ff501db5656f6dd639cd85f4254058f53d06cd7c6cee989224bdd295d814e51
SHA512d0620c730130d09d0b5214895ba7af4b1e3ac17b0fd7100f3d66ed2b009c44f96ad1a0ed02bb1a4a3f798454db08525aaefe5019d96c30ba1294f85c0fccdb58
-
Filesize
8KB
MD5b159e730989dffd111a7de8bd019176b
SHA10c0c644d0f1335ee3953a064ab2e74ba2daa0a13
SHA2562e9e5ced1a36fe40805e64b3391afd27e1b5c315ee32dadec3e5fe4808d3e340
SHA5125e1cd80ec7f0d3bad7e4c907499d688a909e12846b9e47afbeb6cd83749b512599ce33f4249758ade29f82539d098659bc90fdd40b50ee5dcf4d8f917cd41bf4
-
Filesize
8KB
MD5410208c080b9dab7c92159e290813d9e
SHA1141b8f09a29f7ee96d188d77bd1785d5f9ce9540
SHA2564638e9602672765dc338c627ed4bc6ab1ecc11ce219ef1a5ece5268c9e6156c2
SHA5125c264a496c5369c532ca3795074ae2b4c65860ddd16a05afede50962520f6e36e94d55e05bfa80e83bd4e11f8497ad7b5678aaef2fca3da4142452d14ab4dd6d
-
Filesize
8KB
MD5f0d9de030c37b11fa2f45b0b4a07de7d
SHA19810da62bce96b085b08f229d348cd77095daa64
SHA256d74b206f11b4d21776c62a3cb2f3c95330d6a329224f8875673b624b738c2095
SHA512ebb3183efaad83f50ee8181158b69f6f99732c36cb92428767238e30f4583f108ebaaf8254195b2cc229f7cc8785f85dab4cdf3c4e70734e2e9f3e86598294f1
-
Filesize
8KB
MD5d6206699430493dc383a129e4f49d98e
SHA14268d94d6b525db7acd6faa9e22cd9d3f6ea3e37
SHA256cb2686bcd31ffdbd3defb3184feafb8606315d8fcf303ea3d25b7f606034bd5d
SHA5127db48a4d9548a38985dcb91eeab4ebd0987a0119d559673bf425c3651c58fb7ba5ef06e9b537b8ea5bd97d86c302f4670c37e45c9d692ce8945588856f7616f1
-
Filesize
8KB
MD57df64f2eeb775182a032d4f24fd43e5b
SHA1476b60d851c03044786485bfaacac20ab4e514c6
SHA2561a3d234a40a6470388bc31387fbba4f54a7807e00613b78e6df4683fd5cd297e
SHA51272a31920a1052d2e3cc1a53fe98f9ea92aca07e0fb1903ed047c0e71fc371bc4c79d85efb9ff04d61c2e6a346ffc2d6977c0d97f8f572c3f29526a739afb7542
-
Filesize
12B
MD58d80bc8ea90e9cac010d3ddf97bda5f5
SHA1f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07
SHA256f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93
SHA5129ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7
-
Filesize
158B
MD51a8050a6d7b64227b059dc20a07cefcb
SHA10d31e95754ac49a4ea6b8cff60b70978ace5e6b2
SHA256d556330fa5c3e985d1012f4be1adfa855d116469f1b43f93e637f4f77332a57a
SHA51248b96efa7f92944ff1f8eac9cb4bb39e5a43fe5f2a0321ce07da3297f3e4be172c1823576743352da87f9ed1a117f5a55fccdfa9e01e0a78d35746e0c337e720
-
Filesize
24B
MD5161557b06b4a4d3ce095528dea370eb7
SHA18bfe9c4d916fe58d856b5a6ecaf8cd9ea4df2c9f
SHA256f054ef19481234ee5b2db1d1c681839dab235a857ed3a4bc02efa8f785f478d4
SHA51296ce8aedbdbb387438efc86aaabd13a6378628bfae203d2bc25ea1cd7daa6ddbd6dd2c81d631fbdc9b653a93011d3c80f0c085580275b683d5e0bce077e6e449
-
Filesize
426B
MD5b9c9a594e085de96f100885582e6f88d
SHA1cbcf8f70f7dd5cfd616bc9be78c8d78820d2af4d
SHA25662921fb55ffa71d497f7a100d7f43e4aff0c75d742a4607499340739e3e1661d
SHA5122b5d1c6a97c35b5a954dab79a559d2c5b3ccd07019897369820bae95d42f445590979daff7d2e29719bb6a19373b43cf0e88b4a0cfc560800ca003d1fc2f8721
-
Filesize
1KB
MD52c844c8c9a3a4a39975422b861076ff1
SHA1ce221eb25c3db0ba5ca8035e9391185c351bf40f
SHA2563319c53df81e9846926dcb0d1212b9aa0ad3df925cb5820f2a7861a8d94aadff
SHA512afda65b17e93c258fbcaa8b30257153feb56a56eb80831907eacf571ee1b9e78b105d0772b9770629076eafd307620ce5f909686fd01e71b88febb7156dbd8fa
-
Filesize
2KB
MD50906b9850ec320a14c2b7a76a3208895
SHA14dfe2f8f828841f80b9e8523469ba0e581e95eb9
SHA2567f9a7b9d57d59c034aaa6e8c9dc775d3395dfb4ef987f8c92e161e3dda85f95c
SHA512f25b3783070492c831415dcccc4754105b386d88aca49cff2d458c265fc1cf1c9340cbaed9538527691c4f5979784a084f0a6c6014f2f49703e49dd99ab8e652
-
Filesize
54KB
MD5be06e36d67ed8f39ea39389c668c777c
SHA1928307603437e3f00fe7b82be7f13360750d4f23
SHA2566fcf7930d866c805e16fcbc853a5430400dcb55be49bc82296e1a5215cbd18d3
SHA512a206839feba8ae37d976d08579c2ffb37a1503699e743346f02a505d06e380172d6e919d5e109981bb6e768aed6270ea28202a24d7aceb90e8ab42d4ee93c5a2
-
Filesize
96B
MD596c4e85d90c5a15f2d587eae59786ad6
SHA1d08bad774be05b501e1388b5019c73cb8d066fd1
SHA2560d188fe11d08abe6ff90bd57e11e436513dbf511f9745946337c879da5083e62
SHA512d5943b20975722c9de8597e18573eebc079eac310034a7ded7ee384ffa818993ec47350c2baf69aaf62e82a346e13de5163f0e28a4ce2dc8419e3de7db30473c
-
Filesize
28KB
MD5c8e78adeb5d02a5bb107419e01fb4c7e
SHA1cde0542d0ee86ff949717c60010c73f202d2ac24
SHA256763987c3d069b7d505010e1acae7539668e7daf5eb5343ca1cf98cdbd4a21ad3
SHA512d5135caf761e43bba7272e3503bbed9b24ade0f1f31a2044d17240a1b51c6d3dfaac98d5d533060152328f23177a4635010f908d47587a0cf08e640a7a805beb
-
Filesize
512B
MD5838d2437799681c0770bd16b6245de5c
SHA10190a98ce014134ee9473e61fbea5ef2371571c7
SHA2563b5b1bf8a7c1cac7279565a47316891399bb958d72cd14db055ce79cc838b065
SHA512f3d1c0190a3a692a124351bd3895a493ea3baf5b1d76cb4a5be88bb93e95e72fd38954b9adfc4b49800277ce8b0267bd8aa98ab8e99a7b91353493e9b95c8bcc
-
Filesize
8KB
MD57e07fbc78d2c96f9de2f0030e2af49de
SHA17cf590ce1979145778d5c11f5b2209e1e6d15a09
SHA256db81ad39cd8885cd368ffe3a9ddf513a4412ce4e1b6cfc7b9c964191e782c1bd
SHA512665664093ecf2ba40b0913f02112926541d5e218e9419b15241f25f0b3cbc6b5ac8d5f909699bf871f355eb5805fadf9f3c4eda47d236d1a6f04ee943ee7b2af
-
Filesize
8KB
MD5f73c18bf1a911a4057ab804031b4fac1
SHA1077357e5a29cf714eab0f985be262c7bb843bfba
SHA256ed46638ca33089d76d342591504638c9f9b83a7c3be4ddd175fe847c02169f33
SHA51224a10f6444fa2a58f885aeae6d96ce69df24c4f707b0b6e4a6e5b6e3d8e372b2dc11128f5c35defc7b596e4901972dde553fe8854600f728db16c7241727722c
-
Filesize
8KB
MD5539f47f91bc93fa6bdb4b2285e502529
SHA150a00b5779cbb5ac0da85dc7f7305efe597f84c2
SHA2562d4f2558460f4019b0d83197c343b683870b836db017ae94ac98659a7603c95e
SHA5126d864ed7a95209889f48b7792f8e66bf7385d5bedfd3610820a3a3ab08acdd5d1a9fe6c0cbc6b9091bd278f23ac302d4f4723926e470e3620254b6e0eb0ecf6d
-
Filesize
12KB
MD53e9baa5e895c24b9caf52347407ea8a7
SHA1237683c316217953f4ccfc1edaf65862efd52d5b
SHA256d1e1b1b49344c796a4e33203b08e9aa789e1b55d9a6a493c3a1e3da89adac98d
SHA51265407d372d6f970c1c8542959f47037b58bfd98d3c22ba59c5be30e7bf9fd5ea76d0543c90af6ff5d558514d168911e7834c8cfa5f0cb3ee6f3deba77b8e1817