Analysis
-
max time kernel
178s -
max time network
181s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
19-05-2024 17:46
Static task
static1
Behavioral task
behavioral1
Sample
5aa6fb7b8a0b68937e34b1a930a8e627_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
5aa6fb7b8a0b68937e34b1a930a8e627_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
5aa6fb7b8a0b68937e34b1a930a8e627_JaffaCakes118.apk
-
Size
1.3MB
-
MD5
5aa6fb7b8a0b68937e34b1a930a8e627
-
SHA1
70d500bfb01cac01f231d7ef23d938243fd76280
-
SHA256
008f796efe5532aebe2f74e19ee3918a28d880a502e0d59b6dedb3edc14e0b18
-
SHA512
ac4cdd704b92c352147585c3c95b8b94257d43801bd28d1cc485b80fe7907e2d14e4a09771660e9cdf703fe5cf450bc7d9d2e90029fac2d2fa32ad0c4d6e1c23
-
SSDEEP
24576:UcEoL0otaYtXMNSprkM4FqD5Bl0ZHqU+vjDo+cIjE3Iq/13tdHbZKm51Ob83/:HQ7YtzrkruBl0ZHSjPJjE3Iq/1XHNKmn
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.owtv.ffmq.xnbpdescription ioc process File opened for read /proc/cpuinfo com.owtv.ffmq.xnbp -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.owtv.ffmq.xnbpcom.owtv.ffmq.xnbp:daemonioc pid process /data/user/0/com.owtv.ffmq.xnbp/app_mjf/dz.jar 5152 com.owtv.ffmq.xnbp /data/user/0/com.owtv.ffmq.xnbp/app_mjf/dz.jar 5296 com.owtv.ffmq.xnbp:daemon -
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
Processes:
com.owtv.ffmq.xnbpdescription ioc process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.owtv.ffmq.xnbp -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.owtv.ffmq.xnbpdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.owtv.ffmq.xnbp -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.owtv.ffmq.xnbpdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.owtv.ffmq.xnbp -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.owtv.ffmq.xnbpdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.owtv.ffmq.xnbp -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.owtv.ffmq.xnbpdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.owtv.ffmq.xnbp -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
Processes
-
com.owtv.ffmq.xnbp1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5152
-
com.owtv.ffmq.xnbp:daemon1⤵
- Loads dropped Dex/Jar
PID:5296
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
105KB
MD523ba0b249042b7ba33e92c0199b0ea4a
SHA199b13ee9f7307316c2337953fceed87e9942b794
SHA2561ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2
SHA5120cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861
-
Filesize
105KB
MD5293ea5f01e27975bed5179ba79d80eac
SHA1c5b0806a537fd1cb753e11f1a9684933317716b8
SHA2568d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b
SHA512c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53
-
Filesize
28KB
MD5dae68dcffc3d522a79f98ebbc3b6d457
SHA16df5dce9a50f12044a2d20b8d1742ae47b82ee03
SHA25656cf91ca198812e0ef9ba4af0e96c08a32e24c917bcf2250bdebdfd7fd6f5286
SHA51223b76f988399e9c9e4f5a7e8d19ecb765abdb115b0beee35f8ca9d221bbc5ee79f0152fac4261cc91eb9e7f874b5c6e9bff2dbb1812d31412d506cf83c16adcd
-
Filesize
8KB
MD5377b3594684af3c49c6e01800cf54d9a
SHA1a6f5abd2586f666bef42a0c0cca9d007f0c14fa4
SHA25643e4098ae601910386c85d7c819dbd5782c08da750bf29fc975a0bbff78d4a04
SHA5122fc65ca5ca29b95fa5245971dc29f85b620ea190fd3d526aa8d156242cd5ba477fa088312ee5efb27d845b3debac397c19a316187cd712db61004cc88921e789
-
Filesize
512B
MD5672783f749dbcd04cd13c5bd1cf3421b
SHA1decbfc598e7b332d08a6d49fe10799efa0d5cef9
SHA256a635e90f043cf8eb062a72a94e727e12f9addf51341b7ddbbfc1b24c8048e059
SHA5123e9aec4139467423a05ab5522ca5471b8231168eb9b8af02d2fbc0d40e3de0e83c404cfbc66f516120c730fbb9105141d1899bca7f5881e1c6b83c99c680a7d3
-
Filesize
8KB
MD585166578832000a0827499fdc7701c92
SHA1b7a154b23826bf2515f5911d0770b52e260c5cc4
SHA256df1d2a414d03f0f3cf36341d989df828688b9a34b09865b25f817ba04bc19fbc
SHA5120fbe97b00a85f71b10168c5c8b085bcb064c83cdb4e6a0ba19a5938d492a31e97c5503f1426423d94bb0525d81918b16cd138a5731dfbd8520bfeeea91a988e6
-
Filesize
4KB
MD58e6314655be70f3701a793d7148a5ba3
SHA1f4e02992f735f43bd1038f16baaa235c3897644c
SHA2568c835d85d8e2a75e6c7f6e47afde883b9e18ad17ffdb26bfdd2e88ab0b6ed234
SHA512839b1684f46f9e6effc4ec6e809dafaa75c7c833564b17a56d089b5fffcb17451ad9c2e1a1b5d5936b038d5d07a07af91b4df114d2a93f13224b5d38d3277048
-
Filesize
8KB
MD55e2ef8fa229c3b3bbda9c656522bff4b
SHA1dde6ff736d6d0305a1014ba194fda7b5c2492011
SHA256afff6ae4da1175ffa4fdd8d624cf53b38ee459200dad457a85dccd12d09a9795
SHA512db25a7ee6ac986ac92524fced9428d1329c30b9e3ecbd4af1e4e7372e8ff36d24adbc14955ea6ea5ca7b66de86386c4712f7bc63f23d36d2a2a3b5202563598f
-
Filesize
8KB
MD51ea75ab568dfae15ba6c33aeb76156a4
SHA1fa2d9f1a430843c928caa75359d7e4bb44dc5af6
SHA256accf4c0a1b0798f0ebdf14fc6887b74c8b88a4d5576d1a54ca8a8a954e749f31
SHA51257f8fc1d3615158852766fecd23ee83cbd5da9c73ff994ca3a7f41956540b8024abee136b3d0e86a80282f0bdeb15d814850e290d6e7cdf02de0cd077ec68683
-
Filesize
654B
MD53b55b06686da943747a4eff67a5660e6
SHA1383ce1d0a6ecfdc9eda0b353e062ad38845a96ff
SHA25698f106bce533145d6835437a1bbedfa0b97b7e106aa873ed2b8ab7697c3a3eb0
SHA5121f6784de0312ed16e871cfd55360ec668428fefd74d52bfaf12557860401e6dd2b8da03021850b8a1136f040dbbfc09272de7a25316f120d079c1bd48b3f0961
-
Filesize
162B
MD5fe855238274b015ed21fd7eef6b7f0ac
SHA1c13e2375bc76bb494a1ad99af19ce7ae202e3e71
SHA2567835688988975cb4627447ac6aa7fd2c5913be95c02ea97d9bc6fa506e93aea8
SHA512cab2cb89cee35556a6129f407335180e7461b6d65ded74b329b14f9fbec16609d3266a3020758f30f8abc257342f43d33aa3ebf14cca643381c9ba4dc2cb397b
-
Filesize
797B
MD5a6e588faceb235c5690d1967823c2597
SHA166ac73c56a6d79b22f02ebaddd0b8bb974754a37
SHA256ec341f862bbd399aa84bf5edfc7bc543fcaf4cc701d393349c9e2a44ea30adb0
SHA512546ccc8c7676205e9ab607ce16cf6202fa580e8518662dc7cb19f11ec04bb3ec7089369fca03b2ad16c16a7970d729a4fa684734d395f9c6c4021dc042bdcb06
-
Filesize
352B
MD594c204ac11f3b054418b261d11a738eb
SHA106866b715293208f9360c25117413b0a9b2411ec
SHA256a4def8dbb7aadc92723e3c1fea9980e426055abfb1f79f2f39174ed84a46b045
SHA512dbad2ef42125377bdec967f2997bfeaed4f7a86a6c07a896544aeb919151427ccb64b5fdcc8c9ff3dd22fbec8bcb6755ba2f0e4e1444abc5d3395526c8ab5c3c
-
Filesize
248KB
MD5a54a18b58c6720991c021f433dfb2a46
SHA1d2ffa07919f92b6e04914e39843f08fdb2a75b68
SHA2563dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3
SHA512e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc