Analysis
-
max time kernel
63s -
max time network
130s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
19/05/2024, 04:21
Static task
static1
Behavioral task
behavioral1
Sample
58849c5a9eb5285b444a1f0ea8827d0d_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
General
-
Target
58849c5a9eb5285b444a1f0ea8827d0d_JaffaCakes118.apk
-
Size
4.6MB
-
MD5
58849c5a9eb5285b444a1f0ea8827d0d
-
SHA1
93e9ee07674c2d5e76eaf2f002e4abaf75c6a6d4
-
SHA256
f4192402915d000ca1389cc24c6cb7b7245372a10d1735b3a2b7c3a2479eff18
-
SHA512
946baa86dc14ccfbfd414cad3d07b823cd8eee24e784e6131c4326dd0231227d316fceb350d7e20d1661ac351de13751b7c1847da6e353269ac7e016aa91162d
-
SSDEEP
98304:p+QcKM5ZNYWp9x6sCZs8JnONVQ99itGgBA0/zPokTXmqGQIZvtbAFpTJ:p+QcT5ZiY9x584+wGizPJ7vUeJ
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/app/Superuser.apk com.itianpin.sylvanas /system/xbin/su com.itianpin.sylvanas -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.itianpin.sylvanas -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo com.itianpin.sylvanas -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.itianpin.sylvanas -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.itianpin.sylvanas -
Checks if the internet connection is available 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.itianpin.sylvanas -
Checks the presence of a debugger
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.itianpin.sylvanas
Processes
-
com.itianpin.sylvanas1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4305
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.itianpin.sylvanas/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize3KB
MD5cef792f2ee9f44ac7a9c65a4cd30954e
SHA10da47ee1144b6e178e2946df8efa03095d800316
SHA256250a744c075eadad1a3e5ada45263d6622a9d84288cc1ce5cc3d4ae3a6d47fe5
SHA512c4eb91d22dce64edb17a3cfe6ff6111189da58d4150c02f96eb8d104f256691665b13754de3f3e5327ce5a09a2d40bbb73a5d3fbb8de7496cb7da832c12351be
-
/data/data/com.itianpin.sylvanas/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize481B
MD5d34e086e3e3fe30c99159cfd4be481db
SHA1a41ce678165a0436dd2313b4274cfeb2b4dabdbd
SHA256e968ec7e8099b437562b5359620a4cdcced9a088fe78550526dc349107138a2f
SHA512c529865a5017e861f40aa46669026ac17be26873f86a3784d09acf65dbf44d39deeb0b0bbcd0344e33d803050e28f01f0ae20fa75a9caad1e6102a294d48b0c6
-
/data/data/com.itianpin.sylvanas/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filesize16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/data/com.itianpin.sylvanas/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_37447cb3-46f6-4f88-860b-e9193592b6ec_1716092510705.tap
Filesize376B
MD5493aad8cecdb03774b1b28057843ef48
SHA1416679aa7f266e7a08175412492d6832269b768d
SHA2569289a4a9dda5341f2a334fad42f9d404fd30592de9ea704ca4c7e17fc2a7cefa
SHA51248024bdc44459bb75e7dae8d9ffba0b2159b8d1669f7ef1a7f50f92c6b7b1b3fc2b70da8ef7c4b57147481a4bce5b7588f9568d11c87b7f3d8630fcb665fdf9b
-
/data/data/com.itianpin.sylvanas/files/.Fabric/com.crashlytics.sdk.android:crashlytics/66497E5D03D4-0001-10D1-621B277DFD3BBeginSession.cls_temp
Filesize77B
MD55145201e6865ab6253b8db71ffc82011
SHA15cf8f24004bf14b5f4355db6c258812f4e1e2564
SHA2567b886eab8d23c3acc0a36fc6f41ac32a4ff88ae65013c719836c77c9d0b6d372
SHA512a0fcaf67ae4bc8b4279851b8c75f672a39f85b0f54ee731ae96e5a0574859092d6d5b4bebed257d101364bc3b08795f5f74c7ea0945a7f6d64d7dd44bb549088
-
/data/data/com.itianpin.sylvanas/files/.Fabric/com.crashlytics.sdk.android:crashlytics/66497E5D03D4-0001-10D1-621B277DFD3BSessionApp.cls_temp
Filesize116B
MD59cc4a34328692609d114e93c51c7d664
SHA12ef094fe03ce8079048e111c615cce1fbaae5a7b
SHA2569223b44e3ec0e644f49a9b77ad35b723e56863503cdd743284268f93698193f9
SHA512bc5ddefc9065606f48d901d26316554ce38d94e054049db5a6db0ae1bdaa51b37de5c2f4b86a4012dfc7ad5859644b17c4eb963a694e18a203c493eb31d1e0de
-
/data/data/com.itianpin.sylvanas/files/.Fabric/com.crashlytics.sdk.android:crashlytics/66497E5D03D4-0001-10D1-621B277DFD3BSessionDevice.cls_temp
Filesize144B
MD5f4ea833cc067c7693866b3df990ae52c
SHA182ed754091ba11743d4131fb5547c79d13f95a22
SHA256437d847ae985dac0cc8e96312de1ed323b7907b9222ef717b2e75eb455df9d51
SHA5128cf3f98b4a4724d0b93aa7e76152f6645969edfb121b9bca17c7a21645729520b27ca15a41f9009f574ed7ce667fb4b15e087fc4bd0b5ba536fbd217afba88eb
-
/data/data/com.itianpin.sylvanas/files/.Fabric/com.crashlytics.sdk.android:crashlytics/66497E5D03D4-0001-10D1-621B277DFD3BSessionOS.cls_temp
Filesize14B
MD59b3d4522944ce6396563812bfdb92fa9
SHA16d2a6133c8f01938a48ccc77ef86ad8ca335c020
SHA256d32805d685a3f50caa7f1c0bd7c8804c4d937a866513289f60e3184f7a591ed9
SHA512091d87643712530bf9006135db42a5a50742bb5ca3026bcc5f2c1c17bf4fd984a8938d29263b0abde3d15cac196d2230902534e200b0b79485e3a1bd97d95727
-
Filesize
652B
MD5966b4456a50b44933ff0e8b8c3faac7c
SHA17b253d477237e13dfa138e150c25b700262bb243
SHA256f5e408e2cf4826bc3e28a10e50a73d1164c43fa86504d823596c4d1f49dc4cd5
SHA512b40df35fdf1b39d9e2f2ecf7db622850b3cad302343c57ee5a1b053adaba7d0bbed2272e613f4895660399edda498a127eeb06956ef2c853a19a508b4fb3d334
-
Filesize
310B
MD53844640752d11d2c6ce839b09f67bcb7
SHA17ec69f537543caddda2160b1c1919ba90cbac91c
SHA256c0dba26fdb9ce42c830db4a1ca4173186c5d130244c817f2f04aa66f27f68cc9
SHA512c05b2f43172fcc48d00b6e37a600104a10ef28f3881d6bca8e776bef67254df5faffb5d4d81d63dc5e62c47ecf9838d2d01cbeb8588a56caf5785f7c0f6fd3e2