Analysis
-
max time kernel
178s -
max time network
184s -
platform
android_x64 -
resource
android-x64-arm64-20240514-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system -
submitted
19-05-2024 17:46
Static task
static1
Behavioral task
behavioral1
Sample
5aa6fb7b8a0b68937e34b1a930a8e627_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
5aa6fb7b8a0b68937e34b1a930a8e627_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
5aa6fb7b8a0b68937e34b1a930a8e627_JaffaCakes118.apk
-
Size
1.3MB
-
MD5
5aa6fb7b8a0b68937e34b1a930a8e627
-
SHA1
70d500bfb01cac01f231d7ef23d938243fd76280
-
SHA256
008f796efe5532aebe2f74e19ee3918a28d880a502e0d59b6dedb3edc14e0b18
-
SHA512
ac4cdd704b92c352147585c3c95b8b94257d43801bd28d1cc485b80fe7907e2d14e4a09771660e9cdf703fe5cf450bc7d9d2e90029fac2d2fa32ad0c4d6e1c23
-
SSDEEP
24576:UcEoL0otaYtXMNSprkM4FqD5Bl0ZHqU+vjDo+cIjE3Iq/13tdHbZKm51Ob83/:HQ7YtzrkruBl0ZHSjPJjE3Iq/1XHNKmn
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.owtv.ffmq.xnbpdescription ioc process File opened for read /proc/cpuinfo com.owtv.ffmq.xnbp -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.owtv.ffmq.xnbpcom.owtv.ffmq.xnbp:daemonioc pid process /data/user/0/com.owtv.ffmq.xnbp/app_mjf/dz.jar 4600 com.owtv.ffmq.xnbp /data/user/0/com.owtv.ffmq.xnbp/app_mjf/dz.jar 4673 com.owtv.ffmq.xnbp:daemon -
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
Processes:
com.owtv.ffmq.xnbpdescription ioc process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.owtv.ffmq.xnbp -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.owtv.ffmq.xnbpdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.owtv.ffmq.xnbp -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.owtv.ffmq.xnbpdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.owtv.ffmq.xnbp -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.owtv.ffmq.xnbpdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.owtv.ffmq.xnbp -
Reads information about phone network operator. 1 TTPs
Processes
-
com.owtv.ffmq.xnbp1⤵
- Removes its main activity from the application launcher
- Checks CPU information
- Loads dropped Dex/Jar
- Queries account information for other applications stored on the device
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
PID:4600
-
com.owtv.ffmq.xnbp:daemon1⤵
- Loads dropped Dex/Jar
PID:4673
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
1Suppress Application Icon
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
105KB
MD523ba0b249042b7ba33e92c0199b0ea4a
SHA199b13ee9f7307316c2337953fceed87e9942b794
SHA2561ed0751a141b17c80a921f5e8ba90c66a56b8e73156f5cbe133b57d550ca4ef2
SHA5120cc88e2b7c2ffa4db274d690e3bf12098ec804b9fcd9e92b57d2fa0c4161031d2e84c91d86ba8e2b6e8b4837852defa099333f76bcd454c67b31632d0cdd4861
-
Filesize
248KB
MD5a54a18b58c6720991c021f433dfb2a46
SHA1d2ffa07919f92b6e04914e39843f08fdb2a75b68
SHA2563dd88e4418bd4271af728fc6436c873a55e6b6f5c8ed241ee2cb0ee24fe3f7f3
SHA512e4a51b2462b247b1e5fbd947d06a2eba334f18398daadacbabcb4185f4255f05c22d656a8837a6088ffbdcaedfbdfbd8281c5dad4880c4e5021571e3fefc88cc
-
Filesize
105KB
MD5293ea5f01e27975bed5179ba79d80eac
SHA1c5b0806a537fd1cb753e11f1a9684933317716b8
SHA2568d86de68978e859c8262c0d0e932d3a1d57457b57ce88940620befab1bcead5b
SHA512c7cd2881367fdf95ec4151449b359decdae1adf136388edbaaa9880c7ebd14fb3579e7a15600a856988c55d207f7ba1fd7d938f4d9168aba8a7ff1c3029d6b53
-
Filesize
28KB
MD5fdb8a92e5060ce104e8f0faca55a47ce
SHA1270d7ca30673e18cec1d2b9add71cba96dc426fe
SHA256194b40a3911f23ea75c8f4543a13c1236ae15b02c0228a080615a1012f60e05a
SHA512ad962634ddd027403b5677a9ca979763071ef4a9b6f0127b0c1fd4b3a8bc51f5c4fa71245c301d0dbbf60e18953a94621715ce3ca4addef82b18030e3d718122
-
Filesize
8KB
MD5d76de5739dfef87b8959941342df91ed
SHA1273fd51dafe95b3f57b8240f56280dc5f0c57fa0
SHA256cf4eded6231549c2a402890f4644644b52ba467804f0baf5f83fb558c88ad522
SHA512dae457b526d0f6204670fcf99853fe8e6e545c0faf8930f8dd8f4aa4a08696df6523ccf344e8bca905f4f404bf1bf89c4554f7cd8d65260bb3a744edba0de2f1
-
Filesize
512B
MD5d1243451b65a2d162cd9a89462800b0d
SHA175234107ec76eb003d855e5d25854be37a98efe8
SHA2566d87682997e8578170e6c591fa92e197f3c4de6686ed529f3471c459a6a4c30b
SHA512f6cf3edec4e481b301f82d2f40a4ca8bd0029203c4c92230bc5e67b0cb21feff62cec5cafe584d93eaa49b953fb8aabe6796364681c95bc656a8455551ea549e
-
Filesize
8KB
MD5a6cedfb00305f5c09efe529efdce1d8d
SHA18d673f0ddc1819480724afe995ac85d3ab253314
SHA256adaced138ec677e20aee9143165f4949b2c4844afd4322e37db52b26085ea390
SHA51283654f701d05da28bb6caaba1d7c358340515ac6b5b12b954c221c479123a5d758b16807025449945913d9c33b85c8ac8e10c8ae4667f38a05f83e0a613886d2
-
Filesize
4KB
MD582da917c96bd693218c562d5f11ac97d
SHA176c18d6f283196330dfb838466d49c2ae032573f
SHA2564f48c5ef5bb2e7b8fbfc5be55753dcbd87a94ffeeb643e4686588e463c738639
SHA5128cbb58ddd04fb3a4f65416a61824f14eb7a33f60e46b5c3e625fb195b9951f4edf42a78fca56ebcc43f8bb496f119d4019062543823fac4614bb2d0d95c4609b
-
Filesize
8KB
MD5b1e4ef9ee9737bf4a721a19403e00582
SHA1a76c3b87281904fe38649026a02e93bf8b7d5456
SHA256725eaeff7eb9221537729670063f7efd58351b3b2f30fc3e1b7b0c243bbea5ca
SHA5123f240ab92f2ba8e8830e55d216b2a2c4ac26c594c254fab4252e59a568a4d9210aa74ee28420542c6f7c2c7c74332a6c2d559b6e2ec8ec0d6efa386d6c2fa2e1
-
Filesize
8KB
MD52e113bddbc66323b1c32c14f67e3c2f7
SHA1fbf0820cd355227d9c99f60a01afbde664722a26
SHA2564d1f9235b9f63127e658041822fe45ba99eba88796efc450d068efb461313785
SHA512309d9dad90b6a4e8deff669c4d15eeb77530acc02b1c3d650e217a544352a9c6d804325a1ae6ac3e1795f91efcfa98b0d440d24151baf090beeaf4d331a9c3fa
-
Filesize
650B
MD5d44063cc5bf46ebfb40b9b78d3074d31
SHA13ac353c5e6a02e80ff2d91b9ce1f838dd9992357
SHA2560f7f73c8e126fd403509426a33bff8a38fbd11f25dd3c9aa893a52334502c850
SHA51254a50fce0d4dfeef372fef6760bccde5ad7ac836698343f0b2ba6a8cac5f2a2b769e80122fed208bb39c9dd38f6743d8e8f43f2940e1ed1439da0269592c6357
-
Filesize
162B
MD53247e9ab19e5b9ef96c487151f46b1d5
SHA176438063c36dc8eed417c44586806e735bc6ad9a
SHA2562ec3ab8f9dd96c71b9bbbd5b089c3130267550680bc28450be89ff5fa26b5e29
SHA512a2c2f536e712a1c57ad1084c5b0567accf8fb6a0f3fc7e3d941bfb59b268408e7dbcf6d819812107b142b51a6398c6710dd5c06038cf64edb5df484fee01e990
-
Filesize
794B
MD5064943f4eb66864440368ef528a7229b
SHA1ee94b41c55ead547d3eaf8e5365aeb4c6935f640
SHA2562cdbcae7b29e30e16f54106e9b0c490db40f0ac7f7862772b61a022b955da883
SHA5122d47f6bf81c8348c8da25b6b77dc75cd6cb55c596cabe7b4064489a04e09bcbcf95acbc3d9d73b97dfdce1406dcfb5558b749c050ad6ad54a7e8a722cf3b6d8d
-
Filesize
350B
MD5e0a3cd0a3aa36821e5dffd535214811a
SHA16099e33c5ae26237a304eb49398ef2f2a0c2cf04
SHA25654fbc487887860a92f25674de2a0459e8724ceac5292a9d087e2ac02aec21d14
SHA512f5fc08f818a91ce775aa84a1a869faa3461c18161e9c5cb619b264cc9968596e5dfae3f2408dc79b796f47d78c5da7c06a19a113d0410b00ebdb553673708a6b