Analysis
-
max time kernel
175s -
max time network
184s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
22-05-2024 07:00
Static task
static1
Behavioral task
behavioral1
Sample
6665b41993b264ca4d28d00d4acc45ca_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6665b41993b264ca4d28d00d4acc45ca_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240514-en
General
-
Target
6665b41993b264ca4d28d00d4acc45ca_JaffaCakes118.apk
-
Size
15.6MB
-
MD5
6665b41993b264ca4d28d00d4acc45ca
-
SHA1
6b9faf74cb6bf9490e3c9475688c84954ffe8a1f
-
SHA256
e347691566126246c64ac6a598ccf90792181ea4b9e7244d6588f62e77c78c82
-
SHA512
343460f4c4ab348e914ac589caa261d80fd7146781f32238be60a8a14d2aca144c279c298f8f7a663ba08f20e9ee3640d464aa62c14717c85e4485a965b55e47
-
SSDEEP
393216:cZKxkTK543lWmTLTXU9VWjTu3ZO3v2bb8ZVTljYwDxg:cZKxXKM2q3E2fa3pVg
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
me.chunyu.ChunyuDoctorme.chunyu.ChunyuDoctor:pushservicedescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses me.chunyu.ChunyuDoctor Framework service call android.app.IActivityManager.getRunningAppProcesses me.chunyu.ChunyuDoctor:pushservice -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
me.chunyu.ChunyuDoctordescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo me.chunyu.ChunyuDoctor -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
me.chunyu.ChunyuDoctordescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults me.chunyu.ChunyuDoctor -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
me.chunyu.ChunyuDoctorme.chunyu.ChunyuDoctor:pushservicedescription ioc process Framework service call android.app.IActivityManager.registerReceiver me.chunyu.ChunyuDoctor Framework service call android.app.IActivityManager.registerReceiver me.chunyu.ChunyuDoctor:pushservice -
Acquires the wake lock 2 IoCs
Processes:
me.chunyu.ChunyuDoctor:pushserviceme.chunyu.ChunyuDoctordescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock me.chunyu.ChunyuDoctor:pushservice Framework service call android.os.IPowerManager.acquireWakeLock me.chunyu.ChunyuDoctor -
Checks if the internet connection is available 1 TTPs 2 IoCs
Processes:
me.chunyu.ChunyuDoctorme.chunyu.ChunyuDoctor:pushservicedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo me.chunyu.ChunyuDoctor Framework service call android.net.IConnectivityManager.getActiveNetworkInfo me.chunyu.ChunyuDoctor:pushservice -
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
me.chunyu.ChunyuDoctordescription ioc process Framework API call android.hardware.SensorManager.registerListener me.chunyu.ChunyuDoctor -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
me.chunyu.ChunyuDoctordescription ioc process Framework API call javax.crypto.Cipher.doFinal me.chunyu.ChunyuDoctor
Processes
-
me.chunyu.ChunyuDoctor1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
-
me.chunyu.ChunyuDoctor:pushservice1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/me.chunyu.ChunyuDoctor/databases/db_default-journalFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/me.chunyu.ChunyuDoctor/databases/db_default-shmFilesize
80KB
MD53b840b85459874d70da3b0c7d3281d7d
SHA16e1022d5164956338d71b592cc05d658b8280651
SHA256fd87095a8cfcc0ecbe6b88d76377d8f51e863785702ac825813923434ac03cf3
SHA512e22b3eaeced2d6c7961159ea1e303bac1fa24143b3ea9fbf087cd90c4c3776c126ffdb461e6e4379d8373b7c80a7723cfe25b5a4fbbee30af9572654030b3165
-
/data/data/me.chunyu.ChunyuDoctor/databases/db_default-walFilesize
108KB
MD5fb4c908cce3c668629ae3daba93f06b9
SHA1e50d5a282adebaacb74630d7af0c8cb0816dbb94
SHA25610032fe7cb28e189bf467f8dbb9a1b9db0c47f54e267227805f6d226ebc32b77
SHA51270e3065055cf549f0013fe42087c2dce675463dae794e53b90676e9e6567080f6f3943e33c597d987b61347ba59a3860de720230a7bd943a0435d0d249cb2108
-
/data/data/me.chunyu.ChunyuDoctor/databases/me.chunyu.message.dbFilesize
24KB
MD5349b58bd98a0e7ca9f1295361862bbaa
SHA18f8941ffcf3ac20ad7bfd53b7ceadaf6b48a3839
SHA256275dce5f56846be08cd6af7485a9bfe159e6980af198001b9e2784324378580b
SHA5125c31572607364d54eb921be48a641933d6e81692795a2b0227405596fb333385b4f49a3fe489297de7b8af81baa9da0ca5efbd08da2c93fc823f4c8534df3cca
-
/data/data/me.chunyu.ChunyuDoctor/databases/me.chunyu.message.db-journalFilesize
512B
MD56b453175f61d2621c9f10a2edfb101ea
SHA1e88cc60810ec0152498ede80422e75cf48596821
SHA25676a95f41431982ebe092e2f11c390b4bb99d97f01b7e4e1c7d6067aca95e1948
SHA512589eba9b41c51365aef9cdcc113aa7f1ab22ac203c6cf3b0e70ab480c67b9ff4264c5f6a8937f7c7f104de3febb042bf74c7664e8630a5639653f4605cbd9bf8
-
/data/data/me.chunyu.ChunyuDoctor/databases/me.chunyu.message.db-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/me.chunyu.ChunyuDoctor/databases/me.chunyu.message.db-walFilesize
36KB
MD55e60247b4e94725e5a26be8691a45446
SHA13ac589e601088c3732c8b4faff72c0ca29e4bef8
SHA2564c8d5715f895920e0a74cbcc3882432c721595a408cfa7c0781c8701b7612954
SHA5121ab550a55f391b1452cdd83c9fe74f9026a54d496557a4482bddddca78137e09406f025c23885a07c844e9536281789ed63aea6c68e64b42220a887ea71888e6
-
/data/data/me.chunyu.ChunyuDoctor/files/.FlurrySenderIndex.info.AnalyticsData_6BTKQ64JXMSQMP697J8G_156Filesize
42B
MD59f986c049d3a1db67e9e9cf1bebfb185
SHA1a11405e34a1cfab0ea180ec99b286c51ce781a09
SHA2567be4c235f896fa110dccf6c0edb045889039592a95837736b917e0b87431c816
SHA5123dc784dff9aab896c3d826fc44ccae9541ef2e015d9f22fc47fbb5de1e8450b4f8093e7a34caf72125c81de9f5853b03180123d8f6df831f1a8ac271b6fc5e82
-
/data/data/me.chunyu.ChunyuDoctor/files/.FlurrySenderIndex.info.AnalyticsMainFilesize
44B
MD5a6c400978781f5ae5d6ef395957ff036
SHA174c21e52f17b59ec528d0fa671832e7d5f942237
SHA25618c656d51836124c76345a2c2a737124981cc3210701523e66d039108b83c341
SHA5122a84c2a7f83bb080d8d160ffa54d71db00b794945815a967874be5bb3ac5a6953277033707e943ceb1a1cf4aa6ed3a512d8d5541371428c98b6e3f442819e106
-
/data/data/me.chunyu.ChunyuDoctor/files/.flurryagent.-248f6de7Filesize
290B
MD5067f5317c7af1f83b137a86f84a4908f
SHA16450b9f6810f6f147e02df9cb4f0fa2db74a10c6
SHA25650ecef4dda8aca0926a4b58bddcc331c44226021c7837804ed54a7e165ffe033
SHA512668753780fa9be2d1501621c689903b3af65a341cd5b598bf22b043b0ae87eaad8a7c1eb3a38a4591dac441a4be17d54930860dd0eebfe8e48e81cc667ec6761
-
/data/data/me.chunyu.ChunyuDoctor/files/.flurryagent.-248f6de7Filesize
290B
MD5a9d54ddd17af216c4fe1a3f4b19cb798
SHA1cd9455342512c69ce2f485f71718194af66eca64
SHA2563f2043adeb5001d1f40683348076f6747cfddba330653172183192431c03c3aa
SHA5121c2d3e820842821e1a65aae28b560c64282a00d8d51ecb160b379429231e626f22e5d774965588a58329646df18b6aad789642fd693d6f96ab7bc502b264c4be
-
/data/data/me.chunyu.ChunyuDoctor/files/.flurryagent.-248f6de7Filesize
290B
MD5e96bede22931e9d94eee97de258217fd
SHA157e786324e956981422f92e61e90da4424bdd237
SHA256cb3f7ae692a40a458af6d45ecd346cfa5d4a780579301815d34ed9d8e7c8806d
SHA512f775991ea7e2742d2a9927470774e0ad404fb3146ec933e1b2e5dc3bf690bda4aa79c72f49ad90cf441114231567a6c3ab19e262fee7d6a4b032558c04ae04c4
-
/data/data/me.chunyu.ChunyuDoctor/files/.flurryagent.-248f6de7Filesize
325B
MD5714350c4f0e85a93bc71b9f3311cd2e5
SHA16b4b1f978387feb94dce6301c71f58fd225f9977
SHA256e7579042c177dc882e5a0c74e432c13d963b9c227ee8b7596571dcb853c64759
SHA5128920669c1373f99b66f5d864ca6cd6dfb74276099e3552fff1496ccc6eda911d33da06f726fba79a05cc873f7f90918b35a0135c1cf2b891ca3c156812541bab
-
/data/data/me.chunyu.ChunyuDoctor/files/.flurryagent.-248f6de7Filesize
325B
MD5ce278935a16c5817f3d5dfd1485ab196
SHA1025d3503120af18986aa7ab92b8ce1c924b5d22c
SHA256105caf1555df34c85f00bb54dca08a42e8048f20719dee59f082d0396676475f
SHA51231de9fb3291f81e8fce242f73cf6fc1ede4a83273f70fc19a8d4800bf7ceca7595341300f358375343a589dba8eeba15b50b48a5965ee11e19392a92dd31d03a
-
/data/data/me.chunyu.ChunyuDoctor/files/.flurryagent.-248f6de7Filesize
58B
MD587d6f88ad73d5f70c0433b6af81c0595
SHA11fb96f82accc63c51e33b38b2dbe31531737dd39
SHA2569e429dfef8bf19afb3837a57fc2b1304783febf5c51ea5706a95d6acaf3e06d7
SHA512bfbb670385c1358f257286e8538c6a82d6eb1582ae036527a00eda1b640033d726e1b6bcb84e7729b3170abc921ff83c22d8716b15ee04bbd5db42d4d7372178
-
/data/data/me.chunyu.ChunyuDoctor/files/.flurrydatasenderblock.0bd5c495-7fc2-4974-8ccf-68891411f0d5Filesize
277B
MD503dca59a16db9ff76d27fb108c0f35b9
SHA1901e89740909179aad6ad5456d289d2b639ad65c
SHA2568d51ab1c96d79470c8f21db455aa3c3fb04d911f5d6c383bf47c0cebb9d8f9a7
SHA5125a161783db2d85f496fddaa9331516001d2d31023cc81586ec0a1f9ffea3dd6bb70ca77580ebcf97a15a8805d1ef15e657f7d7a74dce56e54c22c930662fd8d6
-
/storage/emulated/0/.ChunyuDoctor/.picasso/journal.tmpFilesize
32KB
MD53350993d3acb259fd776de3dac4cb777
SHA1190da179c53d28ff37d254d35f3e22119ed6535d
SHA256f82ecc5bb756e104b5aef2263e8f5c107814e80ff35ec011637bf555e6defe56
SHA5122dd8398730148f49a23b68ef1757d3c1e030de5e494c96ae25a8acb04b4a64b11c7b280a6c48ef407d49ba74c402c68eeac7823586633c5eb02bfb30395829f2