Analysis
-
max time kernel
8s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
19/05/2024, 04:59
Static task
static1
Behavioral task
behavioral1
Sample
58a8aba359ac7a49a0dd18797e72120a_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
58a8aba359ac7a49a0dd18797e72120a_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
BaiduNaviSDK_Resource_2.0.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral4
Sample
BaiduNaviSDK_Resource_2.0.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral5
Sample
BaiduNaviSDK_Resource_2.0.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
58a8aba359ac7a49a0dd18797e72120a_JaffaCakes118.apk
-
Size
29.9MB
-
MD5
58a8aba359ac7a49a0dd18797e72120a
-
SHA1
66748cf4c03aafd5a1c82ec21b546864e2044824
-
SHA256
d0f76739fda55a1fd46c625ff7107c24ee8640cb87c62f4355b9e4d2b36d091a
-
SHA512
737e846adf22245a1d83e524ad8a8c3f7f23416d8423ef316a587808bd4de1834aa839028f6302cfa11b0667074728b139bee2310abf01324dab3b3b2411b292
-
SSDEEP
786432:4tVHrOlIwr3HElqEk8rYQhFALkUCBYQwW2JljAs88B9+59sAaaLfKvL:O8xMjk8rYQf+khC1JpAs88Bw59sAaaL6
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.epark -
Loads dropped Dex/Jar 1 TTPs 5 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/data/com.epark/mix.dex 4301 com.epark /data/data/com.epark/mix.dex 4371 /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.epark/mix.dex --output-vdex-fd=54 --oat-fd=55 --oat-location=/data/data/com.epark/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=& /data/data/com.epark/mix.dex 4301 com.epark /data/data/com.epark/mix.dex 4301 com.epark /data/data/com.epark/mix.dex 4301 com.epark -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.epark -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.epark -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.epark -
Checks if the internet connection is available 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.epark -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.epark
Processes
-
com.epark1⤵
- Checks CPU information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4301 -
sh -c getprop ro.yunos.version2⤵PID:4346
-
-
getprop ro.yunos.version2⤵PID:4346
-
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.epark/mix.dex --output-vdex-fd=54 --oat-fd=55 --oat-location=/data/data/com.epark/oat/x86/mix.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
PID:4371
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
512B
MD5bc7337ab07ca8fc440fbebcaa70f23bf
SHA15ee4ef176af3e408bae6b70b56741e92af56bf5d
SHA2565b06929579e8ccc170f1a784b48823e0ea0a67beeae7bbb49f32b7007bc586f2
SHA512950267db7d358f179bb72742b395fc3830a2e63edbafac16ef70aaa0c6e4c7e374a0b76ff6f724c42abaa689c50e921054f29f515fc3a9247392b7afe7f04b3b
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
56KB
MD5ce962671c0c654340deeab21468743d8
SHA10dcc2ab67354bd01f3e9b1253ef65be6a58622f5
SHA256d1c7b85ea6ee688ba8db05e0d57d2932dbc2d4025687ddbd41256afecc85609c
SHA51219d0b32c9e6284436824cbacece0fc9f6aa5a6fdda04b032e1a8be7a4a0aa6940e4d85bda2b5f777ff9930db864a99227a2c5693bbf1d445bf97c81c5842a4bc
-
Filesize
512B
MD53c85946dd44626c99a2731ff18941734
SHA1824d84acd32c842a8ddec12d056227ea77cc4e55
SHA25689bfd83122becc8b55b0f331086f543addb0fa9eb1118aef3c07656f27aeae2a
SHA51255fccb13434cc5f6d76abc7a76b60e4cdb2f96518815f30b024cb52745bd639cd55d279120d0521eb0eea47473d1728bb11e39fa5b7b11c8baa9e188c555a7e0
-
Filesize
68KB
MD57e54ac9e6f53f37e276e38fcd692dcf1
SHA10841356b9dcaff354a7b9595d5ff7c420520f02d
SHA25689d34810ae1267247f15a2f2454b369093fa916557837c4af599447d87399d8e
SHA512c3c3ef691dc82b3c7d20479e727356eea007bf96e43894927467690715d155163b934841fa8938c12224cc80145c01bfe7b67decafa43fa81e0b24531248b529
-
Filesize
512B
MD51f507c35291b109c7c0682d5b994a555
SHA1fe821c8490afd6d7bc05586d78650f12b43869e2
SHA256eb424c014be7703a468657b2418bed21e14e39c4a47d29791b2f50e0203222da
SHA512003f46f92e50491a029ad60665b71d5180c63e18b6f3c957c5425f4a2af635f5fc4bb6f3826c775bfaed88adc12d03470c0159de3cda6da94702b69830e2f5d9
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5553232dd0615c52a567793158f7f9077
SHA101a721d08f5d72574a8cae2c8fb32f30cc9a5f86
SHA256b87efe6d0b7e0826ecbf88c472c76f70ebe3979ba48ec50210ba4e595a172761
SHA512e9a12ad3b29f3138eb8bc0464e55fb6985fb2e7a51e2b147a1c08032b451d6e39aa91039b50e6621dacc2edbb808d59efaca891099f499676f959f42ef269fe7
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
92KB
MD5e7672f47a113e6ed840344a6297ba0b0
SHA16462a7f1c04665a904650a9c90e8d0e23796512b
SHA256355ab59a883b5da23022f79bba4115bd463131286088a1a57bacec76e69baac3
SHA5121040361662b33dc762b9d3733eed145ea2ca377417970fb43b1f1cb9f56ada1f57bfb40a2d6600a3d695f7de1393bad0aa4aa39a54edc86cf381ac8f1714bf62
-
Filesize
512B
MD54b606a8f19f03e2c6452e625f6f8db0f
SHA16ab5aa708e2af536051e59d6cfec7225abbeb893
SHA256172996407e7b1e688444a8764089bb8b4df82897f5acf66017a2021bac2ffab3
SHA5125e4b9708d064e67f91aebbd8fdc664579b3cb16a424dc55c83ca0f0c25f6983635ff085b42fa54e9c3ddf6ae46f6cc827143ebf30a437fa8cb0f583afebcb920
-
Filesize
68KB
MD54e97dfa0075ac14dd9e840f37fe9d632
SHA1daf1ed6cba0826c480b62da3c85cbfa03e448eee
SHA2566655ca881b9981256c0b63d2421844ecf8babc730a2abcac8fb7559958dc1f89
SHA512a27bd8c1cac8e457f374f3052104bcb34fb77178e947801add5a4fc1c0ccd07c4a3a8fcd0edff3f3f2a2e0aa5f7fc031666fc3fdbc32d12862fbcec8784d1f3f
-
Filesize
333KB
MD5873b2a28bc498203051de1cb168d798d
SHA1c6b9f2b527a582ec2abdf18ede117243b0abc137
SHA25671231d32e62565b6aa24c8f40feee0a1e35b0191af63bcf20347df54104f65ef
SHA5128f76b6cde1cbaefeee1ce55e033a88d5412b9440fe0268351b0e1db536f7214854bed0d723b15ddbd07d23a7bf3a4f4c570fb4dc906bb0d0b4198a5a464190f0
-
Filesize
292B
MD563f77f99bd2c2b772a479923bde11974
SHA1c7632e7d301e4463fafce85f84e9c3d7da3fdbbe
SHA2564c76a3af64cdd2f8713ffe2733dea50dbe714d0ca41c17d1847ee5b62a7ca615
SHA5123aae4a89d1ed51fdd911cb367eb10afe3c2264e4222085891b18a60d5412f85d10bf5c8f3c6642db70abb9aa42732bac5c42c42ee32d587100f53c21b5beb16c
-
Filesize
111B
MD513e23a78089c20db2b3ea42dabaf1af2
SHA185b2ffdab792113b69e3752fb78e34e5922aa895
SHA25646327e99eb21a7d9592580ddef3ff89da2d33506f27cdf4795c62403f51a0700
SHA512faf4df9c56bc85e15e82af758d67b09a0d08c5caf3a90be7a5aa395c0d9b7b5b4e4092b94f8c7d1668afa6b115c748c8eb55a5078e0d3a9ea086a13e785a6634
-
Filesize
65B
MD59781ca003f10f8d0c9c1945b63fdca7f
SHA14156cf5dc8d71dbab734d25e5e1598b37a5456f4
SHA2563325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793
SHA51225a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03
-
Filesize
111B
MD5e7115ced63b507fcba26ab17af4e5da7
SHA13aad5efdb594d91bcf2d63b3ff5ea1c54e0f2c29
SHA256bd0412e3a46445af1c2d0d5998a7cf5ea9fd7d1b0787d0afc9f19cac6b4b6bc3
SHA512aec67c075994bb6551e7f896723c6ec73794681e1294286978ff06ae88f942de3d6141c68373b57b5ba757b894d1a7cff04708a4032684a4b3aac66f1bec5c08
-
Filesize
167B
MD566e4639c0d75be6a04e65f72aaef9b40
SHA1ce10f41b96f5c4ad4191175ad093f4edf707db78
SHA256c3075475ebe6e36ff48a1e8b1e12ae158ecb4845e3c777ecfac7cffe3529a613
SHA5121b4963520d420dd794e49afe5716e2a27b56f69ab6237e75c02d0b6324f079d38402f61df11f560cbe427afe7687abcc111cb63e620db39997f5c124779e605b