Analysis
-
max time kernel
128s -
max time network
181s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
-
submitted
22-05-2024 02:09
General
-
Target
65a4bf6db943995bacd8558a8594eadb_JaffaCakes118.apk
-
Size
18.1MB
-
MD5
65a4bf6db943995bacd8558a8594eadb
-
SHA1
c1eac4a77daf31bb2316243c9a7e6603c90faab6
-
SHA256
a6f377008152ef02360f15fc0f3c1099d4947bfb0f19d6ba0c900258bdc43789
-
SHA512
ce7725b197809dcee61e88fe82ed7435f1e2e5c6bcf03e7b9300b04f61bc13bf474ea439f7fe99130d8974ef69cdba55666460344d686235ea026da43af29960
-
SSDEEP
393216:fGVbZF3phBgnZYtyPi2txqz86f9S9Y9K81Akig1FqSnkBC:eVH3phBGZYXsdQg9Y0811isqSkE
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 4 IoCs
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks Android system properties for emulator presence. 1 TTPs 3 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks Qemu related system properties. 1 TTPs 1 IoCs
Checks for Android system properties related to Qemu for Emulator detection.
-
Checks known Qemu files. 1 TTPs 3 IoCs
Checks for known Qemu files that exist on Android virtual device images.
-
Checks known Qemu pipes. 1 TTPs 2 IoCs
Checks for known pipes used by the Android emulator to communicate with the host.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Checks if the internet connection is available 1 TTPs 1 IoCs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes
-
com.songwo.pig1⤵
- Checks if the Android device is rooted.
- Checks Android system properties for emulator presence.
- Checks CPU information
- Checks Qemu related system properties.
- Checks known Qemu files.
- Checks known Qemu pipes.
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
-
which su2⤵
- Checks if the Android device is rooted.
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Hide Artifacts
1User Evasion
1Virtualization/Sandbox Evasion
6System Checks
6Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
223B
MD5e2c24813b479b11f74af09b7c9e0f609
SHA1afc67acc9c96d458641cb946ea64d98c7922a842
SHA256c614cc468a9164cae77a395de6c22237742ad8debbac23cca8e4f1762f87c7d7
SHA512bc2e28b3feaa657d8ccf333fc260ec3f02d8ed94b23c6c79b07934a479e010771246b0c7550ca3a4f4e22a0149f6d17a0d3ca0b399b1e50c1a11e507357513ac
-
Filesize
58B
MD50d210bfb2a0e1f1b4c082a6a0f79de07
SHA1bb8ed9e364db79d1d9f2fcde3f15091893222faa
SHA256988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d
SHA512536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1
-
Filesize
108B
MD5ee6aa336aea94b08c3ccf73079bb6a7f
SHA1d06de2b6ce16101e41aae7834e52176e98f3aa72
SHA256dafbbe569cabcfce0900201495182be33e68422ad165eabbde20bb19479e145d
SHA512034479fa0ff49a2164b2534eff729c4355f87a35789185f6c2e3ff723d8c1bd38796cec880af8469aeb6200b4cef5fd30aa5957f5584c67225533e37e8e894bf
-
Filesize
160B
MD5fc31f1702fbe148ef0f7b7ce2ab8572b
SHA1a4cba79803e211fe23c2d33d9d118687e71b9689
SHA256967ab08410a84e436fa2e278bae712d34af254a815fd7f42c3ca505d8f2c96fe
SHA512ed48f2ac2bd20ef64719e0a15af60160d7dc970432e82bb593d507b1c21d39a717c5d9e19766450fc52b080744141fa9e396290f5b8ac66152e77087525126e0
-
Filesize
56B
MD5b07b7ea3f2a276ef6aef9f363f612e1a
SHA16c213f80af32ac434b7871f2e1c946f2a9c8a813
SHA256d0ce5da1bfa31eb8e47f4d6c22d83cdb840dba2e0f5ac6ce05d36c46848f86e4
SHA5128d52938c5dbca551d93898b7f341ec2bd7173fe6d1f05430a6094e15ef89df38d11b4adf8b413ccd0f5b4671d3bf0e35c8d4e8cbcc10657bae314811fe4382d3
-
Filesize
56B
MD5682cac4a5e191ccaeb9c3ad77852094a
SHA15bf37c4025b7e0bfbad778b4328c40be5143c11f
SHA25684db2853ed786425ac10a83aa2bfa1406f1506ee80aa382b34cd7fb35e251718
SHA512f05f633677ab4d8cc177fe05846c4fa2ef09de0152953535304f1aaf9196ac76d8e7b472ceb544b48c1e4c1f4c0015791ff8b739d99ac6f249273808de12c2c3
-
Filesize
84B
MD5e6703c0bd993ef979884ba6147e47430
SHA1619a668cbd843cb93ef79b159693092b95fb8485
SHA256d1acdf9cfb0d6c8e8f408b566fcffa348979fdf504733d5839faadeddbc9caf4
SHA512c940b9f7759fe5e6ffdbc9ccbdadfa8b302552135a8333b872f96db7f98b1320378f1c99ddae1e3af614be0ad3c94d688d1f674b2d143d8a7b69f0d3ec07eb1c
-
Filesize
508B
MD558dcefb53843084a5c7ce04e680e2868
SHA1acf9aa6a84b3726732b71eae8916c453b5a75d7d
SHA256930309cded3d2cfc7014e74382e9d4869b0ef688cab1aa53fa818a60d2aab058
SHA51270789c432dafbfdca2e7d3cb91b0580a2de84809ed33a553473f73984d80df44b87532a892673bbed52cd3bb9a4a4e12a294155abe412a559bf028987afd2506
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5400a395214924322a9216cdaa79184bc
SHA1059b54c5ab7c01685da97df63d93bed0dcae2577
SHA256732710cf60dfcf790d8c9fbef7c65071beb85acb272964c25cad2b00764269ee
SHA512e679b76613adc5994567e77d5708612edb0b72bb15606cc10b3677a1c30ca103ef4dc8028dc133a6a646da88094997b221b3597797dee5615c30281839cf2232
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
309KB
MD5dce08bb3a8a48b5f9422664f8449728d
SHA18d0d6c00372906b3f3ded66bc440117778e105c8
SHA256350a361010445ffbdd0a56cbefd5ff6accdea38ed3ed85560bef46f83500d06d
SHA512068fb4222f951fe8c34b92d80e2d4e147cfa5d97fcad7ca07e53f85c9648506b4419bbccfa49efacc7b3664725bffcf496ba75c72a7864c20680bcc64504894c
-
Filesize
512B
MD5b70095af9e577985f1166a7ca8f55323
SHA1dd91e95a5c636507cbd98fc780dae472bdd4a919
SHA256b69a96aeb59efe495aadd9bde0a658b4333607c341b31a457f69e4a42081335a
SHA5124a6c9300b7792e804715aa26089c9cd8dfa8d48fbe5d001df6ffeab4405cfec12d6d59628d54b35985d89410c050eb2922106901d1b5ab90add99f6a541f642d
-
Filesize
36KB
MD53a0f36416205566a2e2644b480b549ee
SHA11adfa47250f3800994c728d535a87a3141448331
SHA256cccb3544808d8b2e412a57089b601c50f71767479b2dfde677e4da4a6449e3a5
SHA51252f377891d400d83580fae628fb5e0d47a6335de7c9148f7a70ae64abff07488d15cc5737bacea6552ac594bf1e16c58bcad7eef13c01fe5ea5a54cb91f46d16
-
Filesize
188B
MD59322618acdcea50aa0ea0a5e070a5225
SHA172111a1f9a98af1e343b234b2c9dffd0d88d0ff8
SHA25680e26544bc9ccf97169b59581a860602dc55b73084cc4a00c6bb524a9c905863
SHA512ac270ee6dfa299fc712c07ae075fb8780fa4d5b0e8a2c5a344861d9f33445a35a9fb93556893411672ba301bc27ad4f0c976302e448560ec2357ce398d3dfe72
-
Filesize
18KB
MD5ed02d5c290856474f57f60dc98bcc783
SHA12b9687030c33a4bd56ee00825fed7aa17e6e4130
SHA25641f36c296da2629d236af567ccf7532dd3ee5c6cb3c2e044f1c619f8ffb56e54
SHA512e0686f93c32896cb03a7e40bd462ff6d5c069490075da3c0128fee450cb4923535c80d991af4282371d93194dfb7912df5e3c5477a2390ca3334f7f12e0b64c7
-
Filesize
62B
MD58d1c20d091d4b21aca14c6cd8b21cce4
SHA1ca3b9a4a8dbe8eb5193f785691727ae94af915a0
SHA2562b5ad1cea6fc96fc051a799df3e3694cd9f625e7c64a08adfa196084bb503409
SHA5129bcadf8d5f80c2a7d42af2dbe369023cb508dfe271a60323d620ee090e1815672d363746a665039260c5bb85eef798fb311188ab46ddf2ac206dfbf088efb134