Analysis
-
max time kernel
11s -
max time network
182s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
-
submitted
22-05-2024 02:00
General
-
Target
659dfd2c1088a026db6da351a501bbc3_JaffaCakes118.apk
-
Size
1.7MB
-
MD5
659dfd2c1088a026db6da351a501bbc3
-
SHA1
6790a9f7985ce7dd99c47a3541c632c0c904e0d0
-
SHA256
0ab395ee2bffd9b6984d6032663686eec54869238bd336abf7298fe5703d77ce
-
SHA512
2878043faeb21e885cb77f9f7188761b9d1854386c074f398bc3736d6201103652f18467682d8d230a867f5d15bddce9c0276d182c2cfd619f3f3bb756a558bc
-
SSDEEP
24576:if/+0DR/V+CDj54m4Y0xT6hz/6Ev3A4lSCk4fNV7sohkYuqI2GsKv:if/zhDum4TI/6EvQQfNVsomXqUsQ
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Checks Android system properties for emulator presence. 1 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar 1 TTPs 4 IoCs
Runs executable file dropped to the device during analysis.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Reads the content of SMS inbox messages. 1 TTPs 1 IoCs
-
Reads the content of the SMS messages. 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Checks if the internet connection is available 1 TTPs 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Requests dangerous framework permissions 17 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes
-
com.fbs.gqxwlj1⤵
- Requests cell location
- Checks Android system properties for emulator presence.
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Reads the content of SMS inbox messages.
- Reads the content of the SMS messages.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
-
getprop ro.product.cpu.abi2⤵
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Execution Guardrails
1Geofencing
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
30KB
MD5eb6089c1acfa9f12535e533aebee845e
SHA1165e39ee07dcd9ed00fc2dc1ff466bc1d6b813c9
SHA256b825cde84e3dddfc147c71265d2259c422d51a7e56d1dcdba1321e3119b1df07
SHA5125b1bc26bcbcf05fc331865fb4dd572b673a52650d68ab4d9b028ea15219e0d93c1ec17996953436801913388d78e25c67ea33aa93544d65e96a799eb06cc70f5
-
Filesize
512B
MD5fb8235fa6fb970ce9bfe193a59c81ac0
SHA1f8f63a4bad7dc7bade472647d2669c36e3c3eec9
SHA256e39eb454ddcd122a165703f7faf5b9cc43f0db37210de2146ddb762b7afbac40
SHA512c84bc8be1b27965cdac945e3be7ec314c0d6217631be03d1868c922019d2592d3ec7bf8515b2ebfd0b44e8d4f986d46fc7f1add0e19e8b28ab386af239ad34e8
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
140KB
MD57f3eace19a180016a77a18f70b74525f
SHA1b8d0dbf7e84d980b8a39aa7680763a0269bade7c
SHA2568b92667da3bac18e46e8c1eb7075dc0cf84f9989f8f4f6588dde4b08b6859415
SHA5120d2ecd8751efd757c0f2a0cd2a9dc9700c4f12c52316a60fd09e39b5a9b4a5ba64e61c69ebf7a7c3fd1f41304771b889e42aff60b47e29227fa5cb3603a827a6
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5272a376ebc64c805cf81ffc83cdd7ac0
SHA1a267c0d89087bf406078c7e432065ba0682a9c7c
SHA256645afefb1cbb527dc4c5de2d78aea594c3787cbb2ff46d06ec2b9d1ae5d702eb
SHA512e8a1d794ef2523c433a8072612f2f7a58ea29b139f422d6f1f5e7a9b9ed7dcc5aca996a7cf1dec266e914e90245ad33236e1bc3287fec60260a5538435dc2888
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
20KB
MD51f455d80ed0dad773dc6c672023924cf
SHA188b807350636353d60885bd1fb26808d8b0b4824
SHA2560469f174e050fbab67ee6284341d1a9881eabfdedc6a9346c3a177cd1836e564
SHA5129c9f9b9631896f4405cff5a7c71b914791199719a8110191486158bf58bd9af1e0f416c9aed13d0593e85ad7e5bf3624a69ac2da65b6ba52a00269646bb815e4
-
Filesize
99KB
MD5e8fbf92c750dbd6fb316be82a6b7b7ae
SHA12a6ae9568698807cacc8cf4349556446c996b136
SHA2562a3cb93d0ca14a1d0b0820c2a26df502a461fb2546ef4587524087c130553f10
SHA5127848191878b5b8ba2d5020c7be953e70ccc4d392d29e400a65a57cd3731604933125de1d81b3732d251b3450fd4766a814ccd01f3975beda2499a9ba585a26e0
-
Filesize
221B
MD5ff9229f8e7c92d44d48e25206d43b021
SHA1be3d75050c16c5b7484652ba292fdd6510f205d3
SHA25677fc3599be409f7e73e643de843c0ebcfa20662964c498fc59e245c7f5e003a2
SHA512be7b3aa8d670a2873c6b7bfd4ca93121fd2450723cbbc36d9d06d152fafa3ce90451f0a60ab56bc96bccb81cf5aae0167b404073db14dc17b9513ac73d455c58
-
Filesize
768KB
MD53f8d85a93f44e36e823ffc9c523df2ca
SHA10586a9115c598550c15da40da43733d09c7192aa
SHA256e3adbc3a97e26ba4717b96e1398e64c94b339253512104d46043fbbac85e0d54
SHA512e86ecf6eb2d3aa8a41c2357b6dd4aac2f7fdb6823aa996cb902f587be1f7ba2c886ff7be9e0738209b5aa6e52c6dd1d9e0a0dd86674336b28096c44d61430a15
-
Filesize
58KB
MD55a4c666b43ee7f2b6995aaf3527e4a4d
SHA1b205bcb022797f3b16635db139c7524c0c388adc
SHA25605eb3e1ca331b8c6a1f60f92abb2bddbac54a7b2c229ac07bf26c756297fe72a
SHA512c84fceddbf9928110fc3b85e0989b9cedd06383007ff99dea5a25096d8f892ab52d30ed9b52b72211449041f1274ead85bb42929ec269b58b6b0e616a8545e17
-
Filesize
67KB
MD55220524411d0bacd600da60814d1ee9f
SHA1fef7210ff44e757328bc0ff7aae7bb2191cbf634
SHA2566286a800597b845785eb664710253ebd20771737dddd5b80067e0e9d37c804b2
SHA512b2d8af5019c176d682634747d83320e609fb6122ef850f4069a0c78c2415d242087099cf60ecb03039a9ab71902a4e3b22e9cf144de89e506991fb93280f6a5f
-
Filesize
201KB
MD5a4237ef36f11c2db307f6d9701da0062
SHA15d11008a4b9275034db8904e538f7115a429ef0d
SHA25632f697f7444c79efe23be55fdcdab52c8e6f5cd43474cd1735602675feb5639e
SHA5126921b3cbb4e6a062eb9408c06e46e6d6cd7554f6e485b8f6275d8df3b7a8d23b26220c0cb979d3fe919fb6622d5d49160769b0567eebe61488cc4c7708f3b34d
-
Filesize
2.8MB
MD55087284b2c59a2df8c2f6c61d24497e3
SHA13805290096bdb822e2d694e264dca90302b79e8d
SHA256df95c902513c3744ad209e102d1f9e0cd2b2d43d482b1bf6446422301ce12743
SHA5126bd901b7764827e9ac3023550a6bf83319b5570323d2af6588b1260b82cb63a7da4b4cd122eb4708046f6dcee20dfa755d182ac9836f44f1cc32140e4195d7f4
-
Filesize
123KB
MD5918890b3fc5a3dc184a57d027ead24da
SHA1c638f375f49bc4731b633bdc001aeeadf9462039
SHA25657d03ac2189851d5069515da6997e12ca307c145aa21679da001477df5f81836
SHA512fd9bfe41ce4041dc8c7db17df2a2164a24ea96372c212399c499f94d1fb7d95d430b8a7eb86041b9b2db88dfca0cf39e53cba2dad1e346aebed29e4ca5deb2ef