Analysis
-
max time kernel
177s -
max time network
188s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
21-05-2024 22:23
Behavioral task
behavioral1
Sample
64fadba52c0fd81244bb48fd4c5018b4_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
64fadba52c0fd81244bb48fd4c5018b4_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
amap_resource1_0_0.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral4
Sample
amap_resource1_0_0.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral5
Sample
amap_resource1_0_0.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
64fadba52c0fd81244bb48fd4c5018b4_JaffaCakes118.apk
-
Size
20.0MB
-
MD5
64fadba52c0fd81244bb48fd4c5018b4
-
SHA1
57a0461b02e60ac65358aa6768747f11bb0d06f3
-
SHA256
97d4c96aa1cdfcb073848b5a60480c1718c28426f586aa9c57382fb7f185f6c2
-
SHA512
ad2ec2864caf83c7457f8d7fa794d73f78c9e5adc201db67fd6b558c446055d61fd005b6446f6b0699dc9abd3863f9d107dc90eac29f470d58c71139b8699e13
-
SSDEEP
393216:bKmqaLJkg6PIXkzvoeCjgChH21GVjlcT5MHlcT5MXLhTAK+LWYIswRV5:bOa9kJ/zwfgCZXC5MFC5MX1TAfWYIP
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/cpuinfo com.juheps.dingding -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo com.juheps.dingding -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.juheps.dingding -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.juheps.dingding -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.juheps.dingding -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.juheps.dingding -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.juheps.dingding Framework service call android.app.IActivityManager.registerReceiver com.juheps.dingding:pushservice -
Checks if the internet connection is available 1 TTPs 2 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.juheps.dingding Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.juheps.dingding:pushservice -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.juheps.dingding Framework API call javax.crypto.Cipher.doFinal com.juheps.dingding:pushservice
Processes
-
com.juheps.dingding1⤵
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5171
-
com.juheps.dingding:pushservice1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:5326
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
32KB
MD56b03b330b25a55de6e48db23c142acab
SHA103f16cc74c06ab583ff71e2047492bd6c56ea4f8
SHA25601c1716f77b376ed8a1bc54d23d06af655478dac863d213a3ca83b75cfed3b32
SHA5126ede8ffa130155b7558daac242eb4eb37ad0d61c50d1bf11c0feeae7d6892c0980fe00d17a3ebcb15655d4631e765de80c3fa8f93e213d9550fd347bfcc6fc4d
-
Filesize
512B
MD55ee85733317c144dd46f9155276eff06
SHA1fcbb78b771fe2b5fcaa9fce269496329453a10ba
SHA256f7fde14174c3250381c41bc7005bc8ce46acb7c1c3038fb553c11395d99fc0e1
SHA5127c01d6077766034efb8edbf25a66e6b0070c2d71ae28aa871700a43c4a03424f077ecca695231295ad1cf6a1ae0e335626910d7f2d485eef99fe03bc1c99eaf7
-
Filesize
8KB
MD53ffa9e0d5cf2284bcca49f0d84043fdf
SHA145c26182d404d9cde7c0ed4c57f9a61b344d7287
SHA2566a6b5fb3ea06dc0b5893ae84d38862d0d2e767d6d24b8baa39616fff508cbf7b
SHA51228f8aaabdad5c7f531825d213097386a0834bdafea7adaea5176c9d3ef5a3c9247aabcca974e9b0bfab1a30988f2dde7faa5663fab1493a3fec0dd70c50a2cd1
-
Filesize
8KB
MD5a075c747328794a18e68ddc537bd05b6
SHA15d1129bb2d06ea136ba467d1b720904603c2a9b6
SHA25615d308b1792be3ab1133115ba351775b1672e5fa7c38bebc1c691e29a679cb69
SHA5127b7748ce1441344b5ce614c3c59813926e43936ed410f766f139632830d0c360528f94a204ff0def8f69dde562f12e26bf7453b105f03586ae5fa56ff6aec697
-
Filesize
8KB
MD5e300c316b137144868cff6bcb45b0fed
SHA1a147f33dd6040918ff988aae264db3ddf89681a4
SHA2566d589436a351dc798a848bdd83a53333d305dd10f07181f829abf29c9710cc02
SHA512229430348cb4f2797c20d3ff61e7eede2be95065d91f1eacc194ca82bacedd65b4c8a530b0d40d0df5ce2fa4e8800c686e63cf042e532160df47b5d3f6d112cd
-
Filesize
8KB
MD5ff340287c3a2c5023346351370f83214
SHA1f7b20519ae653eb77ad240ae3f73c244480acf77
SHA256009add1b46b3d534fff4dc52837dd61da225efc70ed135caf50885f061b2ce89
SHA512807112cdee04c44935213790e281b0b0ead6d823ef759659350055a655cc100abe74bd98f0670e0471b6be48c45b09028db9649cdf0013a7937fc1b4e3a54890
-
Filesize
28KB
MD5630b9eac2537aa3395c6afdaf9f9c942
SHA1449fd8f98bc57b7c99bfe9113e3d4eed4d5b0c10
SHA256d4cda7ea19bbc64c93b8a6bcf96c7bebce4255e778dc56af5320bf8d71095ce9
SHA51265ebdfa0b249714df791db05a57effa6895942a3a24c2515776399e97f63984f61cfc346666687b1e7ee322dc13c89b5d4aa687a99331857b6ef22979602f8af
-
Filesize
512B
MD54f4dd5978cd355425559b23fb2581386
SHA177a3df48b009096d9b6b6dfafcae16bdf4bd483c
SHA256cba7ed45ac4329690b5df9397ed3b22fcb61623845bb9fba2eabf2ce29d04048
SHA5122e20729906506da5d373100da769f7c3aef45b934e49d2ec0edc3c1e131ba71d6a6d91ad09d899d9670f2353264d2972b33b412b8066fc078ce6841ec518d500
-
Filesize
8KB
MD5eab501b1dfde42b978e0674564146836
SHA1ba1deb05408ee874ca65a755af9c373a4f49bf0d
SHA25604ab444ebf0c9149cf9b7292859b7ca12aadcc8d1babd540672ef2374b3e81a1
SHA512f7766a58a66eaeb7f9bbbfaf4c136e10d79120e7ee72c1d7f1dfdef275262fbd65a8d8a17a725ab60da56bc0d806ec370f647f568014425608834532605f3181
-
Filesize
8KB
MD508ab3d3ab53f049b6261d2bf2df7c28a
SHA1db4c276b11e9dbbcdc3b6675f64938775d159a11
SHA25659e4318e9ad42919370ba49a31a984f1ed87dce0122256114e010efce461c102
SHA512bf7ff7567f43400d43392b96b238ce28bf17f899d61627264dbeb0b1f9cc03214a1b9361d8f89f016fa5e08f3eb07668011e3d38df8c1f6e487a18a366406f33
-
Filesize
8KB
MD589016b279482e0561dc25885f877a300
SHA1a1604af2247397b7ced59cdd75c527d41cd07f06
SHA2561e8d2c7cdca686a44c513731f3a6b4fc11108f63497a4eaeff64c8710f51d3f8
SHA5125ff79f0690ffb66cbbb4069e808d48820c895f626ba5448ca31dd1030717f55532bbd9977356d13fd409effc46524854829292f1c83318922f966a65d5c86ce3
-
Filesize
8KB
MD50dd1cceda18b4292f357a323c368c702
SHA12937ab9966351dbe94bb79a7a035c2a430942ba1
SHA2565a458dd6a2b9f1da909a3866bd6a55c06ad3bb166324fb748d4827923ea6a29d
SHA51290b97e3562c04798f5c65f033f28b0240992f5a06da24a9d3f4b7e6d3b400b814e1b90603c5b75f4519c52dde7c8d18f5def74ba1eb9065bea7d109f7a18c0b2
-
Filesize
8KB
MD5a28ac0183ef3c57ff6515c6e2005215a
SHA11140b0b3a875ff645c0a4ee0b438058b6b55a155
SHA25660189e25bfc34af21ae88a079d2826628ec3155fec93eabdc56cda28d8f1694e
SHA5121364ba0924aeef7371c48dec61c4c87428bbd237dc0a87a3c24f63f6ed5a128581d0a6c5d60729599b28a6c514f2bfe94dfe27fb7a8dc637f4687b9938b0629f
-
Filesize
48KB
MD5f6311a6757cf07caf745709773f0bbaf
SHA1519f550ec804848c8ffcf6764676a9dfc8587371
SHA25638eb7dfd3cc501ae7890ea178e96846475c9e36206f42488b5ebf41fc899d607
SHA512fdb89c425605a669ee3815c8d3b13b8982a1214e01f18c7fc2a8519a7e92a2fe85d744a14c88bea861c6f885b533e4e7510575d6f954f9d7c5ea811382242b0c
-
Filesize
8KB
MD5309a94dfb63e092301808914599db2d6
SHA1ee579fb3105dc8fe241473311955c76f520cf6c8
SHA25612d6b7c81410cda81645527bef7b45765305ba1ea19fecb1abb3cd16b9eacd53
SHA512d6e4324de8cc31495270296f8f94ae51021a7a7660143c437902adbbdaee75c94f0a02e3d6248d3299111908e99e7464ded4b441379515b42eea6e177e24a81f
-
Filesize
8KB
MD5c6972c62997ff6c49a2be26717ba275e
SHA10044014bd90a72697a842a4da947b7127468eefa
SHA25670bc7185c4b92dba95c14e452bf7d8dbc42f4050fb06beae8a4459485e01e380
SHA5125ff690b4acacbe5a42f48b532edf1219606d317c1ba3b79d4f2dd44f9433ba1573c6374b7717e77db8118ef8e335a3a434eaa2c2a9914954751ed17d3bc92369
-
Filesize
8KB
MD535e0791293d8cac7e5f65c8747550d3e
SHA1660b7f74e28089e85b6296f1ee3c6c19e1573df2
SHA2565de447912043e74e766c39bce5b40d51f001492e3697989a27fd6d7640ee657b
SHA512b57267896a461f04c3c9d74b3652278da43842e344b23d958fb91f24bef9c64f7dd1b615df95a9f89c68e75d11bc7cef2712a7c5c7f73a5351a0ce99e845f147
-
Filesize
512B
MD55c31d02cfc69a481e4e3b109efbd46ec
SHA110db4ed117c51bc25f348f802f538a3214a89bfa
SHA256efb93315c1f3aa03a8b9cf61553e8d48382674c04a3d1277408f03f7b0cfc971
SHA512b7a6524458946934ddc906eff92432e2a5cacb48b51a8dde6759117b1da385cb3e8bf7f319659605f3383ed9cfbfa820d3e1210807e03e406b800ae33c5cee2b
-
Filesize
4KB
MD5480da342613b8b2ef3d21861ab4d60ae
SHA1a03a809a735b88e0a65fa3d6ade4f96be2aeaf95
SHA256bf69b6786c3fd203c3433e0952803f2a4beb9198a92cb589c8bca70dda2f223a
SHA51251cd5be90e8193937828e70fb3ab060319474b7e235d21463c403921ff59f51a6ef923f15c97754c480be8d537c524bd37dfa74a07b7832e02fc68bc72a6a540
-
Filesize
8KB
MD5110ae100f3ca9f3b3a2cf3b0a528930e
SHA1d4cd96604d7fb6d303efa29c7cedf2cea19ac781
SHA256da3f778303d7252e43e1d376a17f9ed077cc024a4a8fd99cde6c142c7c85680c
SHA512c5ba021eb3ceaad903fbac1ea44114691fb199e42157f735d9c54f1269731e0429a9105e731e790e64e7d3c796c6389b1689f2fd4f54cc9dbf60223d912872fe
-
Filesize
32B
MD536f21815c9331f6b76e3cd7a44a6dfc8
SHA11cbbc3345d221936684d1391313c829e994af16e
SHA256e01aba132aed1d6ea18ac4e9a3031d6c191192504f247c2a2ad9afa7aded0971
SHA512b5df71faf9a4c8dca0987310216b2db0f301c31c7e250c4a416320c5a7d311fa8bbd5851b86aef9fc7c5d16b3e2e62a6f8654ee05c57af6898b6db669132b552
-
Filesize
79B
MD5b523908665e2746cb79dec2d4816c3ef
SHA1c1df37b130086e8c28bb970ee372e19129838ec4
SHA256ac1063f2770095a7d3ebe9d23a84a9c940590e23287384da04d5e3d959bfa784
SHA512f16b28919b8ccfa2e415a933a2ddf4a9f1efa6d6534d75f2b9d8c0a4ca9bb9a1652bfd576da900755dae89519121a9c14de0f6adef7b7b178b0acd20119610b1