Analysis
-
max time kernel
49s -
max time network
134s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
21-05-2024 01:20
Static task
static1
Behavioral task
behavioral1
Sample
619699bc05aa8c38d67eaf6dde54571b_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
619699bc05aa8c38d67eaf6dde54571b_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
619699bc05aa8c38d67eaf6dde54571b_JaffaCakes118.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
619699bc05aa8c38d67eaf6dde54571b_JaffaCakes118.apk
-
Size
7.3MB
-
MD5
619699bc05aa8c38d67eaf6dde54571b
-
SHA1
4f614036e8c53016a0f8cab8b4043298b7c5f334
-
SHA256
b388990fde8dcfcde731b3188e59975d3c1f51f2f6678a23a4935259681018f4
-
SHA512
f520b30d2a3ca731cf4c69ad68411bd9a49f418482322303e72b05b6f4301f76cfae3098308b9c0ee8a8c5791b12df3026fa4745091626916dcd0885d384cee8
-
SSDEEP
98304:/vu7EUpGuvGuOWqe4gImR7lvDb+i3lyCkori+cGQxaTO:/WQU0Cqe4l+pvDbUCk9+cOi
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
com.nanoinfomatrix.Edu_Pathshalaioc process /system/app/Superuser.apk com.nanoinfomatrix.Edu_Pathshala /system/xbin/su com.nanoinfomatrix.Edu_Pathshala -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Processes:
com.nanoinfomatrix.Edu_Pathshalapid process 5160 com.nanoinfomatrix.Edu_Pathshala -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.nanoinfomatrix.Edu_Pathshaladescription ioc process File opened for read /proc/cpuinfo com.nanoinfomatrix.Edu_Pathshala -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
com.nanoinfomatrix.Edu_Pathshaladescription ioc process File opened for read /proc/meminfo com.nanoinfomatrix.Edu_Pathshala -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.nanoinfomatrix.Edu_Pathshalaioc pid process /data/user/0/com.nanoinfomatrix.Edu_Pathshala/cache/1582435991586.jar 5160 com.nanoinfomatrix.Edu_Pathshala -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.nanoinfomatrix.Edu_Pathshaladescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.nanoinfomatrix.Edu_Pathshala -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.nanoinfomatrix.Edu_Pathshaladescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.nanoinfomatrix.Edu_Pathshala -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.nanoinfomatrix.Edu_Pathshaladescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.nanoinfomatrix.Edu_Pathshala -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.nanoinfomatrix.Edu_Pathshaladescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.nanoinfomatrix.Edu_Pathshala -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.nanoinfomatrix.Edu_Pathshaladescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.nanoinfomatrix.Edu_Pathshala -
Checks the presence of a debugger
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.nanoinfomatrix.Edu_Pathshaladescription ioc process Framework API call android.hardware.SensorManager.registerListener com.nanoinfomatrix.Edu_Pathshala -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.nanoinfomatrix.Edu_Pathshaladescription ioc process Framework API call javax.crypto.Cipher.doFinal com.nanoinfomatrix.Edu_Pathshala
Processes
-
com.nanoinfomatrix.Edu_Pathshala1⤵
- Checks if the Android device is rooted.
- Removes its main activity from the application launcher
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:5160
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
9KB
MD5e8e0527a01aefdb89afd2c508f131da1
SHA1f1103e6b260c657ceb3d95f1b023af3fda8b133a
SHA256f809447486f89fcaa74f87e06d126d103d37eb2b3157e88f2c06d989b2c284ce
SHA512fb53683a83f1068d0f94567b156e6a8910c45b1b5f33db919f7e0b9c55eab28507a235ef76d44d5b549599ea3b54dbc00496a633339d276a80f395da938d6d34
-
/data/data/com.nanoinfomatrix.Edu_Pathshala/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664BF71F00A4-0001-1428-A1262BF1DDD0BeginSession.cls_temp
Filesize77B
MD5530fc39646cc1b8abe7ed2b05062be10
SHA1ad7ddaa9ffff0e8079cf88e3381567417d91d7a3
SHA2564e2e3b65f08d69282660ea09d6765c4c7d14c1c390158b66762ba343b9b890eb
SHA512b458015df72f938c9abf82ab8c69037dcd7a47a18c269607b52c2e60e077133ba5b0d083caef577a6b6a396925b748480ea1bbe359fe586e37f2c803914235e0
-
/data/data/com.nanoinfomatrix.Edu_Pathshala/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664BF71F00A4-0001-1428-A1262BF1DDD0BeginSession.json
Filesize132B
MD5d998e62e379886cecbdfc8b8aa087863
SHA146c3b29fd1a32d4c65d346a4ad84c1109984b3ad
SHA25612751e3ad2070f9999a52fbc519c8d54c864247384c78371e86b25631a878a26
SHA512969978104bfe44d6ab8c3741b292319522b501c748669a13e257a5cd9e3d3bc2e77dffc412ab751eefaa02001fb272b08ed69d4cd8df5376e1b38836de312289
-
/data/data/com.nanoinfomatrix.Edu_Pathshala/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664BF71F00A4-0001-1428-A1262BF1DDD0SessionApp.cls_temp
Filesize126B
MD538580b9f1b0e0ad09da660a4e3f2e154
SHA1d2dc601cbe445615def3f181073af725093ed2b7
SHA256b833de70e51f084b3f941d3514a7d2254852e35732e5ba36a8a7f182593f3172
SHA5124de24ce1cbf8da92cfe9dbe93dceb6d3fe68ff378c6f930a5eb044193759b85b8ccb117e8266d93a806f50e23ec9281a5787d11a17bc61f6295ce8b369c866e5
-
/data/data/com.nanoinfomatrix.Edu_Pathshala/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664BF71F00A4-0001-1428-A1262BF1DDD0SessionApp.json
Filesize240B
MD5fdbd04809535a6bb206976f9b8aaef38
SHA14514d966b04cf5da922c5420f60a3b89c071b870
SHA25675e6bd2de2c3a101ea95c2cdd41bad981c2e55643a749e874a9867d35a09683e
SHA512e7213fafd04130162bca37ae21869b6c1893f4bd57d72273b341c6846e1d99504fc64a8c5f7a6e9a7a54eb97239fa6a2560a7222106fdb2ac1715d37a752b14c
-
/data/data/com.nanoinfomatrix.Edu_Pathshala/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664BF71F00A4-0001-1428-A1262BF1DDD0SessionDevice.cls_temp
Filesize70B
MD5c4b644f9e4f17e691917c0582e61762f
SHA156fa34f86dfb41c67baf535b1f8931188eae9708
SHA25610a9b3c72e78e15018ae8e999648ad32985a64bb198dc363f3d7d8249aeaa9ad
SHA5123affc5f116cce3b79a2d68687980289562353e26040f7af355979a4497ad8d288df83cb5921f498ab4f31f7a3e032ce00ac278332ee77484a6d9478018353a5c
-
/data/data/com.nanoinfomatrix.Edu_Pathshala/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664BF71F00A4-0001-1428-A1262BF1DDD0SessionDevice.json
Filesize204B
MD518381eb4d32a22c46d8c43ff9cd4a74f
SHA1d071c3ee567c2d6df45a918d867abf04af2fa097
SHA25691e90d5d04a905dbd38f9f0c5a4edd37da724fc8234ff0464811925d98f3ccbe
SHA5124ac69d4163bafe7910bf707f0459faba06863169a9ffb14b03776036757e66251e2f404d7fcb4bc954d51e5da14584111c23a0fcd4b2cae81b60daee7c62b771
-
/data/data/com.nanoinfomatrix.Edu_Pathshala/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664BF71F00A4-0001-1428-A1262BF1DDD0SessionOS.cls_temp
Filesize15B
MD52566d27ce8c28d8961f082c375d7535e
SHA192fe585b1a2c9c523d2fa1f65ab5c1b6a1a6edaf
SHA2565acdb54ddba2e264f6822fbdbc4e9b5158f57d43785c2f01d981956b18f7a90a
SHA5121c70679bbd25a57f9ac02083d5af0fe72b1417cf3070a195497f03d6f492e87b1ed3f570de7ea7c814c995a1530e32610d9570f31a480648f4062e8d3287be8f
-
/data/data/com.nanoinfomatrix.Edu_Pathshala/files/.Fabric/com.crashlytics.sdk.android.crashlytics-core/664BF71F00A4-0001-1428-A1262BF1DDD0SessionOS.json
Filesize55B
MD55caea4b68c57072f7f52a5a41720566c
SHA14d9712f1702c7238949da43f7d8ae6efb233a666
SHA2563223857b618b924c2b0fbc7bfb373a1aacf300a7b5ab585e18fffcf19039f363
SHA512fe1455d21c521aeae3292bdcc386f6d2005dc253930c03e44dbcb972f96b849670d2aba039ea59e1a5ebc0350e6315151d17bcda55c161a62987d4bb01e91f9f
-
/data/data/com.nanoinfomatrix.Edu_Pathshala/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize1KB
MD5fff5eaf47a409fc33eedae8cdec5a81a
SHA1f42486e3cd26f6a83ffb9e35d14905282e3adbcd
SHA25637eca132a181d55a5fa41b5b00369d51afb0e1bb190ec13d6a07a630b42a9620
SHA512cc0c31d9a572ac30b811a630f3e786f88447351e870453c36649d252c6354cd69b339d86ec94179bdd223ad545e38d227e1a02d3602d951abd40f0525d082801
-
/data/data/com.nanoinfomatrix.Edu_Pathshala/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap
Filesize475B
MD5a0ed73afd7e9e411408409f61cdf7532
SHA19ecec0c232cf43a98d01c447e2251529cf52b0d1
SHA2560b52a65b95bbd544863a332d8422544d068cef015c0ce82d956533a84252f0fd
SHA512e39aaaf620bb161097960a97d18f35c17449889e87393eae38ff425565316283a4ec3c5eee49ef19d8c2ddc2c08ed46ecae86a54060f44794b99f01f806b8e37
-
/data/data/com.nanoinfomatrix.Edu_Pathshala/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics.tap.tmp
Filesize16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/data/com.nanoinfomatrix.Edu_Pathshala/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_07ff4427-9d2a-4324-9f62-969039d42911_1716254495691.tap
Filesize376B
MD512ee31c8e8399b8f38a034de0c46062f
SHA1dd02d3c25a1fe66a846f150cb665b59b02550025
SHA25697c026b64cf045d93708b9f9b8fefda1be92f92151ce63f3f88c4bd6df64cef7
SHA512baf1aa997e7c2a6c9981ec1d9f1d000a599cbf9610a4b7629a954dc5c8eb0a9ca237b595cf402718b162aef80a8cd965ec249b8ceb8ed0c733607cc47c90b427
-
/data/data/com.nanoinfomatrix.Edu_Pathshala/files/.Fabric/com.crashlytics.sdk.android:answers/session_analytics_to_send/sa_756a191e-65cb-493c-a2c4-ab667e23c7d2_1716254508540.tap
Filesize447B
MD5f3c18a2f93d11a6447dc70a97eef3933
SHA14c1c69a0c103a2295a5554fcd591e40d89eba0db
SHA25640b6d29413702e7a416e7cadc7b1250d958dd8d0942bc187a156546bd5376d63
SHA512275f0976bcf84962154ed6d9d7c0c7c0d56bdb9ca58b28da500cd5e12be6c7fac928db8a82503a7bfede5404b8ec20f105bf3ea1ad6080aa7afbf22b3e4ef624
-
Filesize
36B
MD51cee4ca83a5b8773864674c7674c25e7
SHA109ee929a41c0d29c8b4647d234d3f4db95092614
SHA256354f9593aa87078eb173f0c112dbc5e3006d83df76c1dd2c88dfe16388078a7a
SHA51210c6451e8d9aba0eb08f79573a07f5eb2300fa70ab5ef47a77855c0938a06837f7d88f71d443a63a1f8a27455d7d6653551b77cf51c6618981a99efffa702c85
-
Filesize
358KB
MD5823346d9cf7ad857698594efa439d03d
SHA1c4b3ed17fbaf5baaaa7cadd606490261a59ec6a2
SHA25661f2361d12d6e00f21b4f1a3b3da88e3a83be0377e65c114db8933aa4e8b7dd7
SHA512f1fa3b49932b7c8728d22980b8909b80fc7f74f1d235941c7fe335dd7d0b47b64b92cefedcdb1e68100b3c53f090916a0098bee13408b99778b77013e9962d78
-
Filesize
631KB
MD5e14aa374a3098d17bb1f2c224edf4939
SHA163020b5cf238c66265a673c402d5cd814e987da6
SHA25653233f371734357aaccb6c2648f61df974891430d0fb4c4289fbf02f05546660
SHA512599d9b2f4f23c2cf879fb29c89b5aa25e83fe749faf5f01933019d0f50974992da3c4dbf8180be4c194ed4b5cc5fdade273fe5f02290e13d50fe57877b777fe6
-
Filesize
20KB
MD5fde2ee00cbd121cfab5290b078aa3ceb
SHA1e2b77d5320e155e413d040a8c20020962065b2f8
SHA2562897b0812077c654a9b3fbb0b6303d5cde681eeba7ad9981de65716c7810d685
SHA512a9326aff8e454a2b4ac09984ef2a65fddd4dc146b4c44d839035549bff8c9fdaae490326d0b018f76c1ca2e4fb25426d74f550ca0950982fba632a023af99a56