Analysis
-
max time kernel
175s -
max time network
187s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
22-05-2024 01:10
Behavioral task
behavioral1
Sample
6578a366c4cfb1d2e9c49da95aebbe31_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
gdtadv2.apk
Resource
android-x86-arm-20240514-en
General
-
Target
6578a366c4cfb1d2e9c49da95aebbe31_JaffaCakes118.apk
-
Size
17.9MB
-
MD5
6578a366c4cfb1d2e9c49da95aebbe31
-
SHA1
8eb6aae6a336c1aec4ae8e60739648884ec3a571
-
SHA256
eccc556f9112b4862fd656e51db1fc5e22692a4bad7444b7c078cf0e4d8da2a0
-
SHA512
b4379cdc33ecf7c508c551cc96ed7b8bea53db4874e2a5d2066f1f4ec044bc1a84536f7ac35283dd591553967a14dbb10e17297a48e05c6dce9ee029d8b2a7d6
-
SSDEEP
393216:eu+tb9cgCkq05dzfxJVcetvhjh7rgnpVC4TZls+FJ+FQ:n+tb9cDC5dzfRhvhVUDRZl5B
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
uni.UNIBFC06D3description ioc Process File opened for read /proc/cpuinfo uni.UNIBFC06D3 -
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
Processes:
uni.UNIBFC06D3description ioc Process File opened for read /proc/meminfo uni.UNIBFC06D3 -
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
uni.UNIBFC06D3:pushserviceuni.UNIBFC06D3description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses uni.UNIBFC06D3:pushservice Framework service call android.app.IActivityManager.getRunningAppProcesses uni.UNIBFC06D3 -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
uni.UNIBFC06D3:pushserviceuni.UNIBFC06D3description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo uni.UNIBFC06D3:pushservice Framework service call android.net.wifi.IWifiManager.getConnectionInfo uni.UNIBFC06D3 -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
uni.UNIBFC06D3:pushservicedescription ioc Process Framework service call android.net.wifi.IWifiManager.getScanResults uni.UNIBFC06D3:pushservice -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
uni.UNIBFC06D3description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone uni.UNIBFC06D3 -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
uni.UNIBFC06D3uni.UNIBFC06D3:pushservicedescription ioc Process Framework service call android.app.IActivityManager.registerReceiver uni.UNIBFC06D3 Framework service call android.app.IActivityManager.registerReceiver uni.UNIBFC06D3:pushservice -
Checks if the internet connection is available 1 TTPs 2 IoCs
Processes:
uni.UNIBFC06D3uni.UNIBFC06D3:pushservicedescription ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo uni.UNIBFC06D3 Framework service call android.net.IConnectivityManager.getActiveNetworkInfo uni.UNIBFC06D3:pushservice -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes:
uni.UNIBFC06D3uni.UNIBFC06D3:pushservicedescription ioc Process Framework API call javax.crypto.Cipher.doFinal uni.UNIBFC06D3 Framework API call javax.crypto.Cipher.doFinal uni.UNIBFC06D3:pushservice
Processes
-
uni.UNIBFC06D31⤵
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4282 -
/system/bin/ndk_translation_program_runner_binfmt_misc /data/app/uni.UNIBFC06D3-wcFA06iSjnY0NS_L2MqpMw==/lib/arm//libweexjsb.so /data/app/uni.UNIBFC06D3-wcFA06iSjnY0NS_L2MqpMw==/lib/arm//libweexjsb.so 69 68 1 /data/user/0/uni.UNIBFC06D3/app_crash/crash_dump.log2⤵PID:4364
-
-
uni.UNIBFC06D3:pushservice1⤵
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4500
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
512B
MD5f01b5b4143ca0c7bb894b5f9dae850fb
SHA1c1fc7558c0342335cc6358e744afe6e514b5a682
SHA256bb841fbd539f866acedfc584398f35246c367ce26af95174360160907306d927
SHA5122871af0c577cacef47da8ad2df132b74274340c9c31b8c62bbe6f5ad1e2abcc49aec8da49f9d3bd7e749496ba955cb254b4d7dafed5829e2486f37ea231d57dc
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
52KB
MD5e326c2da0e8e7d286cf46a0bd63076e9
SHA16b7425a81b7dc5af9a5f4e480642f7fc914c36f9
SHA2567c58366b535ddca03fe7560305b9cbad2d34f1f06f398c6da0fbb854e91864ad
SHA512a8929c95e848288ddba63ebfc6cada996cd86a9b2dc654b243c15c8f3eda62cea614820b3c6a8fd54bcab42e8dc45481095ad038a7bae74d02f0c5d0a69d5fdc
-
/data/data/uni.UNIBFC06D3/cache/image_manager_disk_cache/6211e3fc809db2b31cab5de9ed2bb33ffb0b4f1a9275d3556a4c29d6b4980687.0.tmp
Filesize806B
MD557d9a2d35a1a71bfb1cce2b72649eb46
SHA1061955a570834a0419cb7eeab2bd39d50de568cb
SHA256c8c9e41ed35217c5ef4865e92b9febea59e4bf4052947b08474678f4068119d3
SHA5120b9ccfa553c9e574ba920e16ccb9d8468d9e7c5b2950775eef6e1956d44600a3a63b185f7a9dbd56896a34ea130c04c16a49c4e9b40ae0728c77197f40f1d8e7
-
/data/data/uni.UNIBFC06D3/cache/image_manager_disk_cache/de6f6f1a5ff251e9eece267770ebde10e6db4e0804a852e92bfd0e91d93369b0.0.tmp
Filesize613B
MD5567c1cd236155df63be84e01e38cf24c
SHA10915ae102d6ffe5e4950ab200c7eeac6d3e36f6a
SHA256c68692aaa07480ff14b85f079e45f1e6ddf7caa2098ba15fede9f024224a8b1d
SHA51288e756fccecc4ab936f62f325d8ddd3fcbc086ad98420e8ec4c3d55a0c9fd4be1f9550e0427231d7facef59f28b18c8f1ca75d68aa1e8efc4afc3c4cbc78abfa
-
/data/data/uni.UNIBFC06D3/cache/image_manager_disk_cache/e4b86449dec08bcd97632f67da646b7d8c29c5d93489c2cbcb464c3d94d27273.0.tmp
Filesize416B
MD54c7f80d4f17d45cfe39332603a0938a4
SHA1f5ad237716bbc97b39a0ee3a5c13a92ffcd377e9
SHA256b9742c1bf8feb414b02e8f8feeb96c1975df0755320ec88f0a73815c19844ba5
SHA512f4736c779ae3b6621f29afcff20ace7acaff93da34bba22c1587c910012e8ed87cb22d43aa14f65735b2cdced06d95e3b452f606758f0fe1c4942991020de36f
-
/data/data/uni.UNIBFC06D3/cache/image_manager_disk_cache/f380cc0de0e233463686c3048b5e65696184c76d4d14fd6e5f53d26e9964f762.0.tmp
Filesize712B
MD5ea253f5180129d5ed779266f83f3ed70
SHA17bc3d7fbd127234ffc5f041d61b35ddfc18bfb37
SHA256d1b10125701101a06ea611836afb88018487fd2d759e7ffd5f59be7a72d7292f
SHA51259b4dee5a1df9ea5dfe0f5e769974021c2cd50f0d0414f76c5b33632d0e64a2a5f3771f7e53e58863b5d724dcf0ade204efd9165257fe1b7fed834dc1679d7d2
-
Filesize
615B
MD5f482f173da0876910d04b77bea6a44f5
SHA1efcf6be6754b21f72b195177f72a7c411cfc1c5f
SHA256fd98fd425117c95c7c854c90b940b296ed0fd0abc9609c9eb42bc6fb40c6fd69
SHA5124c503b15b112475ef118bcac2a9b0dcd124966e6d2e59f566c87993210a32e0cd978226c8e74b91597a22f3bf971eefc9be80ca8d377863490aac749ba2cc523
-
Filesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56
-
Filesize
6KB
MD55ec4ade7f24b241c3576fd6e1d4f055e
SHA14ae74649639ef01b39acb095acd1a4d43eace185
SHA2568c535785dbd262622806dd06a1d6c43685efc1fb7986095631ba10248fcb8540
SHA512513ffcabcf03f84b614719c252a33204d45d93633c666e6d920edfa84d89276710cff4589d2e0c61fa57d74eca3673a6cae1fa2f8854c00fbf7935fe664816b7
-
Filesize
512B
MD5edb7020e08148d2a794fc29723118e0d
SHA10042b1f084359a440509f4f3166612e8b92bc672
SHA256a8323d43b70f5c18efbaef724985cca808b75424ad48fe8c2c568092107360a0
SHA512041890b4775cedd6ca2c266614aa257fb83d67291abf6cef326aab107f6ba9c00cf70885b884bcaf90641e7cace28361496206bdbc8524454c6fb29efbf1071b
-
Filesize
108KB
MD55b5c94907c4e38a9236898cb444578b2
SHA149f5fb6e5d65f4207c1beb8bab034cbd8afaa9f3
SHA2568ee6c240df2597f836651c7fba01dca050d86f742ec4a246194d1f9f1a3a0eef
SHA51234fe1c1eb3f29b6ee2dce58e1737d1a353e325d7ce192462304e3a4e871ac38377394a3b6bf3bfcf090d2d5927bdcdd33f8db9a728bdf8c35f62d5614541be73
-
Filesize
512B
MD5b066c1685570acd4796ff6817ab049c0
SHA1ed1013f2f576dea973a953277fc513d373d63bfe
SHA2563e593bda8fc84f4af0e305c2a28867d47e253d92c5e27265dd20c83afd14fc9e
SHA512150cd5f6adfb7241c82c2973aee63d81656e11d62226d449757f75cd679321a058f3d478b46be42e78d1a7f500c217d0ba95843e3318e16b225c0aebc504b377
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
974B
MD54a8b485f5ad624215a7f9658a6cb377d
SHA15182caec0054a9011a34e916299d71e66d7b801b
SHA256746084a54167d023dd6c92786f29fd7de7a9005e529b91416a9dbfcff3dc98db
SHA5123ff617b4b73586968cb9f8c7b4b4102bf599b9ec1deb415cb89c7f7917a604187670fe504272832fb3bc7cfb0e8a80afb3383679229cddace64a616bfd5ffa48
-
Filesize
35B
MD5762298b93820a5cd8b6d8ec469078f7f
SHA1d5b02a2ff3b235cd2b61ceff53a1d88b8984477d
SHA256dc3f98a33c26c2796dc294b354831fd5ca9796295f4cb38479c80b145d4807db
SHA51270f864211ce16679d0538abf9b7071d27c2d22ae458e32409d20065032c762dd186307ef33ede90abd9ac794a4ced8b163404e9799c05f0c515337249684311e
-
Filesize
14B
MD5fbb21e499320c5981b04c5ace990f946
SHA1b0848a424ab1ffa2055419a3643165ee944fadc9
SHA25687dcec0712744687c95a95bfab164e1aa6ae28c7e0b8c9843ebacb26df634f68
SHA512c9e9c28f13a13218b3eece8e6482ed9c974702652a5237a6aaa38395087b52f36664a89bb4bc681201adb4e1a99e19dd86808e141712f791c07306f91368c9eb
-
Filesize
272B
MD5cdbd48f2e1daf28279fe1f34bbfccfaa
SHA11b768b3202ef0a35d279d6bf6f40d83efba8f656
SHA256f6cb5e6f1b3b3346341522ab1873ce150c783cca7be28e6f7c160e076a6fe7c4
SHA512d6df32b81e8e1c91582e99d8ac10fee9a733293d0bf6dd0c9353f69c67e1416b463f1986de67a47efcc79bb7cf5906bbe455e3c65e97e1ec0e7ff6a6736816ba
-
Filesize
72KB
MD5305cf66a83f9488a6b18f291633a9b52
SHA1b6250647f9ec387f5d780702b578ac230ff5906f
SHA256d0940cd74d2208bd94d54c85b894c222fb5da20a4a33b1bb69c4ffce89b36203
SHA512aed918a3db82c376e3dd064378eb6a30dfdc989d181dd8d446816a864b97e26c952d95dff0ac4b9c78fda742d3defc6b6051b8368607ecf2a2583a30b3e72a80
-
Filesize
512B
MD50b03b07d728c7d6694bb577d5ddbb794
SHA15803b7e709e862f1751a1794986dc2a1c0e8edc6
SHA2560042e5596b2d7a01d0a16712bea7d74d7317e673f0947c2373d2e5c3de938e7c
SHA5120c22e383374f2d4326afae08f20b9c777bb8db3514e86778af0db551481aeaeb20aba7d3268e14259f3128b7fc686611dab7d8ee972c133909b4b86e5ee4a9a2
-
Filesize
32KB
MD5c4ccb5a2f260702d42176763f736fc83
SHA1a0b2c8c8195b9fe33b04a185577207b742b8c7d5
SHA25653f9c5abec5adaac3372ed6f0cb0f203941edab83bff591fc0e94fccd7070e19
SHA512c6e0863b8ff74b48687cdc329c4db35b81bd091ad81f4437956a8cda733f9190de609f6084f102303bdcf9bb38cb10d9f7bacd0c0cf92bcd8f874b3d999533e4
-
Filesize
29B
MD5f0fcb208fc1b5c500fcc7915a1642e6a
SHA124951bc89e7f451c0a87626f7f61e0555f555a0f
SHA25619d8fa6c408a1d15b24d2447e6924abe2f9f41ac4f9e24745d6ecb6899616a26
SHA5123a41f837459ea76e2480d156d3c728ab272055dfdc1a334601e4957881a96724d4aafb62e8930717d35e67a9eb3ccda6dbab463d426ace6330f84d066084b066
-
Filesize
32B
MD5613da82c39bd8ce317788b4ca3d17571
SHA13080a12328a6d39d6b88839b871a16b1f226343d
SHA256dbb1ff1b1ce607b7ed04c8c3d7d3fa76975ea8378d323fd9f4336efc1c970905
SHA512eabc675a3c9278ae5f98d0006735e86a15a62fdf821e3162a2c0ea6e5dcc3a82d79e9b85dcfb82f9e710497858c63f00012650b0d128da92282a54e5c389a081
-
Filesize
1.1MB
MD5ff146195dd866695cdb4b68d8d7402b3
SHA1622e257f00653c6a471e1af534c5acf9cd601f77
SHA256554e21fb5785ed11d03ac5f0d328a20890cb9e27d64b95c12667f0150bbecb35
SHA512486f3ef82a34a856a6bfac6b9707661f4ab460b996bbf9f334f59c5be9d65e45e5d118ede93f16d66e8ac2b06fd540026c03bec34056ebe0182267830601b690
-
Filesize
189KB
MD50cf02fc8a8f6b2498090b8b71cf3bfb9
SHA1804b72006a2cf834acfcbd0e6aca7907e272d2f9
SHA256a3a3d0e8b21a36b901fe811c36c128ef98919cdf205ca1b5ea0da4f07e45ea19
SHA5122a267ca404d3c1ab5fdbd78ca4c91989230dab01257c178ceded2bff2acea88b0c5f02ce74db7ff5514911d47d5a7f6be59ae04ffc3a4eef374a6b26ff627c78