Analysis
-
max time kernel
177s -
max time network
184s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
22-05-2024 23:05
Static task
static1
Behavioral task
behavioral1
Sample
68f1be96b1692cdee6b7da96c3954113_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
General
-
Target
68f1be96b1692cdee6b7da96c3954113_JaffaCakes118.apk
-
Size
14.3MB
-
MD5
68f1be96b1692cdee6b7da96c3954113
-
SHA1
239fa82bda6523f4dca4e1aebbac0530464d4ff9
-
SHA256
68bb1958bd10f14168c92cd3b38765c31ad236961042e92ae2c0c3435bc2a500
-
SHA512
b3329106c1ff7c89a5c3823b039780845ad119e942510166a601b458cde523cd9ea59f2ea7a9ac025913ca85fa3cc36c120090509b7727788025ff52c302686d
-
SSDEEP
393216:KOkhH7Vf7To2kMh+kdwd8JVLa8TpsXzj2tC6o9wJWUxV0OKDKNHY:KOkhH7FE2BhsdiLh9sXzjWJXx25
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.ftoul.myapplicationdescription ioc process File opened for read /proc/cpuinfo com.ftoul.myapplication -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.ftoul.myapplicationdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.ftoul.myapplication -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.ftoul.myapplicationdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.ftoul.myapplication -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.ftoul.myapplicationdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ftoul.myapplication -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.ftoul.myapplicationdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.ftoul.myapplication
Processes
-
com.ftoul.myapplication1⤵
- Checks CPU information
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4305 -
getprop ro.product.cpu.abi2⤵PID:4395
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.ftoul.myapplication/databases/cc/cc.dbFilesize
36KB
MD5ce6135aa1b1fe4f2c2db2a546d2a5558
SHA179b59582154017aadab783dc266fcb158c252940
SHA2567b45f576c08c7f78220168cca4a0e33198b13e9bdc8b1da406ddb6887412000c
SHA5122839075fe374c8567c839ae35ce2d33ec72fdaebf170aa7d224b555e5b0e74d4a43f2f67d17ed806dae841da883e9620d788ea052d06152678afa927307c7ce4
-
/data/data/com.ftoul.myapplication/databases/cc/cc.dbFilesize
36KB
MD55d7ea1a23af19b4340cc8d90f28297d5
SHA14cfe95b23a9e98378d69c4290af81b51fbe76aea
SHA256474c4a54534ed96beacad7cc9a805a3f53ec9c0522fc7bcc59771cf500a6a0da
SHA51233071f4c92da0a3df01c4a61dd165df7c7e0f4f37753cafe02d19fc876a5e7fcbb01c069c804e140ab8bfa0644a55f50fd1373646d1c439f817baa5ffbd47f7b
-
/data/data/com.ftoul.myapplication/databases/cc/cc.db-journalFilesize
512B
MD500ef4353cff342c09f9a0d099bf2f474
SHA1676e03a76990a34c8fc0cbe62255b4f015829a04
SHA256c0aa878b54bd6ae95ce9a650929e6d02ba2dc568a36949d57dcf2f17c2e2281c
SHA5125cb769de4ecce0e3566e282f30bf00d378fe4807a56b38ff2a6b61794e51bba66d965b191fd2c05e604b74cb23e460aa61a36c9cb1cb7107c6cd78c6f7cea341
-
/data/data/com.ftoul.myapplication/databases/cc/cc.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.ftoul.myapplication/databases/cc/cc.db-walFilesize
16KB
MD56da0fbfc134e79184b63c4a3c90bb5e5
SHA1bf2972c380aff8de0ebf6d557003063a75a112f3
SHA25659703d8e52119e4d3330c13070126c5485b9edbba9b2e9f1dfa11e713b87ecbe
SHA512101dd6f554124a4f51bf42804b76d45f20bc8cd45d6e8b6478bfda3975945dde98c8c8cd63ead23b72d426cec4e6c7423f894b91cea89de97fffffb21d0e882c
-
/data/data/com.ftoul.myapplication/databases/cc/cc.db-walFilesize
48KB
MD5f055d55f1e953f4ff3f314c9cd776325
SHA1f63fe6d94cebae65375bafd9ff6f2a364aa332d3
SHA256352b32e527d0203d08103104bf517f8e3ce52ba948ed3703fa81d5040e1565c0
SHA5125ccbe41fe8267901e9b17739c66ebfb411d6c6ff1fd3ab8cebe2fed6201937b43286219685404ac9b7203f759d6cc33f905e83bf0b55af6fc13827e165a3e056
-
/data/data/com.ftoul.myapplication/files/.um/um_cache_1716419249977.envFilesize
1KB
MD50d06dc0d2544081d64351b4cdacb35e1
SHA1e5292669da878ec2b771328a79a9fe16031a8aac
SHA25672db05b198a98d938f339d71acb9edc109c5bd86efb1c9896c158bbcb364ce52
SHA512d838384630c8c74be93c369b069b721b556973ec115182c3c18aa51e37324c41bd63797b5720da1b83fcc51a466a9f75538c96c915ee2668970ccb1a2c0568a1
-
/data/data/com.ftoul.myapplication/files/.umeng/exchangeIdentity.jsonFilesize
162B
MD59775aec20b31b8344ce915c78ce5f2d2
SHA14557af48afd741119fd61ce628b47daa82cc6cfa
SHA25669b7a3d7a131b37c9c29013a36513d99a4bbda67b7e67625bdb925d0ea4aa931
SHA512c2c2af31165bec59a8b4bc178d6abb25d9877bc0f08acca018730e59d0280bc547e506f37213ac4eb0c904367daa6fed412932e3aa3f04dde6307b81d72d4589
-
/data/data/com.ftoul.myapplication/files/exid.datFilesize
55B
MD5f44d84cccd7b2244e47c15d0ba7fad62
SHA13bba553e8dc55766ac30547a67dda262843da73a
SHA2568fb6c0ac5873af0a3d5eee6c7f15c7b577b00c679bcfc3e5337bb616a2cea064
SHA5120c1ae14b20b27b838de52e6682b78f2ce00698ba14b1f4b7c0c081f35b025573eb164ba0665bb6ba512a396fe7f1828a938aafc3c02ca9baff86c134f33b31ae
-
/data/data/com.ftoul.myapplication/files/mobclick_agent_cached_com.ftoul.myapplication102Filesize
2KB
MD54832b955a12e85c457548db3fcb790c1
SHA176386486f1b19395fb9409cf616ee2009fa8a600
SHA256775ad2849b28f3100486fc8fd12e07c5df984427927b20a762ec17343c5ac464
SHA512d70146aeef0ee34a80e2219657d8b6167806e8ac7c6eb11bf2c91f352f1f9586a0116f9e64767af5f35a281b127c000f70d32c99568788e02e0d8090e731fd28
-
/data/data/com.ftoul.myapplication/files/umeng_it.cacheFilesize
415B
MD53d3011117b4fdfff355acfeb5ab4e29c
SHA1c9b03c17ab2c4c2e84238ab82ced427c450df4c9
SHA256ef81b85df1d2b549b120a1d7f1389f5e51a20a813b70fe7f69b09386974d090c
SHA51240f9d0a8f580305e779de43585f885f2175822d070b31692459235198802fed038ea373d64dc35905cb8c0ecf911c3639ac705a489273614713ecc4d466a957a
-
/storage/emulated/0/Android/data/com.ftoul.myapplication/files/tbslog/tbslog.txtFilesize
8KB
MD5a4a088a62673502c2e1dd9fcc3266c4f
SHA118a766f9a56bee10022f3d16bfeca02d7cd60761
SHA256be88e86b0534c73620f835ca0d91c12fa47480ee383f7b66694099032454795a
SHA512f5f44b0e2aee93ebd7c575189a3f270e381fd6e06a7d9761db8c17a81ff80da972b922268256ab9500728f779c8af636018c07a3bb7ed13e5f098f5a9b06fd28