Analysis
-
max time kernel
34s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
22-05-2024 09:20
Static task
static1
Behavioral task
behavioral1
Sample
66c6dec5beab22c764c33c909f98f047_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
General
-
Target
66c6dec5beab22c764c33c909f98f047_JaffaCakes118.apk
-
Size
13.8MB
-
MD5
66c6dec5beab22c764c33c909f98f047
-
SHA1
e0c589176068b803e9ce29307173354d260968de
-
SHA256
838568de8e6d0a2b08ac5a97b913192d289bd5ee0d5b0bb882f45fe6491bc2d0
-
SHA512
14ab8250ae956ab1786e33db77c14f4c95e2f56c3d7e623e9e3d9bdaa931f03cb436029876c05323dd904d699134206ee991ffd3675f7fd9f3ecf1dd65051bfb
-
SSDEEP
393216:zfKyYcG3E0duS4Vn/IslMXHR8fGb9ddMldzj:zfClESSgslMXeMbOPzj
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
Processes:
com.sybercare.xingyistaffdescription ioc process File opened for read /proc/cpuinfo com.sybercare.xingyistaff -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.sybercare.xingyistaffdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.sybercare.xingyistaff -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.sybercare.xingyistaffdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.sybercare.xingyistaff -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.sybercare.xingyistaffdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.sybercare.xingyistaff -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.sybercare.xingyistaffdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.sybercare.xingyistaff -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.sybercare.xingyistaffdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.sybercare.xingyistaff
Processes
-
com.sybercare.xingyistaff1⤵
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
PID:4348
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.sybercare.xingyistaff/files/.imprintFilesize
915B
MD53d75c2b67c06d20cd4a7b9751b6ede41
SHA1c8bbccb0e30264e670c29c8ba05258cc67d6d58b
SHA256c35cb68af643256d05e40b351a1afb0d160fe6db732a1a0851b45f2704caabd5
SHA512026f1f2f4d48bdc45d80f802b0da15816aa43392b1acb2ab00399b49d2cc99fc84c07e4d9008a9f761d1c169db6afebabac84adb99f3a95bc4e07f2a7e85c8de
-
/data/data/com.sybercare.xingyistaff/files/umeng_it.cacheFilesize
310B
MD50f2c86990d7a2b90cf4f90cb5be8335a
SHA1cc8e1e9f605e7e168f3c5de219f994e72dcb077a
SHA2568253e10fbc0e66e7679283ca9a40378dafe746b8d80a7da64081d5b210d98288
SHA512e350f5788111e4baccd3320edc53d9dee90326b330465ed620e1284cbf6cfe4e65498b6ad91eacdc5a5bcee545356415165dba118b5a05380507e0ba4fcde7fc
-
/data/data/com.sybercare.xingyistaff/files/umeng_it.cacheFilesize
158B
MD52f902ea55794126184a9c458f0660671
SHA11535bd3cf5f8bdf0ecca5f0430d9e700270f589d
SHA25690c8e2de4b553509a33f978c11a3f28591b2414a1c4126cf9ed127546fa855fd
SHA5121225fd8740a088d1cbb80f6d476c740f9642899b246552a11adcc6ab925ab0f0ad9c409125a345e427d393681e3880da452353785d70687d4d4cbbfbfb1bf36c
-
/storage/emulated/0/Android/data/com.sybercare.xingyistaff/sybercare#xingyi/log/20240522/000.htmlFilesize
172B
MD5736fe5738ac7695dbfcb7dbf25ad335e
SHA1940fdb730100793b923deb733ac004152c0f0015
SHA256de3bc7e0a86551d82f569d7d45c5ca5adc1fe16b99c6d5fd9dde1a66264e339a
SHA5122495e5eaa820e12cb8b7ad1a532f66d0f046abd014fcc2a8e83f440abbd84ff80c51edc0280a614a9c2207ea43e047163580783c9e052a16f19dfc22d2b33097
-
/storage/emulated/0/Android/data/com.sybercare.xingyistaff/sybercare#xingyi/log/20240522/000.htmlFilesize
85B
MD5ccd9b112c5db16138b955bee08f2344b
SHA1c55651dc41d03d69d0e39fdff2caa6b14403ea72
SHA25699ececa7d721cf5bb5be93bb885da97fb7acf4e60be054ab3c16df7f4e0e2261
SHA5122feb42cdf347bf828938f846fcc5ac131dbb72571a399113767646136943186df5a3e76791da00c42f116042fa77d1fd7afc1e3be8aafb6283ad09364d3f9b22
-
/storage/emulated/0/Android/data/com.sybercare.xingyistaff/sybercare#xingyi/log/20240522/000.htmlFilesize
82B
MD5b8b9d01e698857235fb14797059dc1c3
SHA1bbb50360086066ce32c1e1710d21344d129c2958
SHA256896fbf6ba201b510970072fb0e00f77368f2efdfea5cfc6e0d061d82570c08b5
SHA5123573bc0031b5699136e3259c9efd671572486ffb8a4bc80a63ea55cff74859ea8ba14cb91d5fb0504069fa86a2c6a4280d212e7666d151fd65c046ccd223a981
-
/storage/emulated/0/Android/data/com.sybercare.xingyistaff/sybercare#xingyi/log/20240522/000.htmlFilesize
113B
MD5bbd82b4b0876210e22466c3c5e6bb098
SHA120d43d4ed5e062c6efa9ec18a1aa12accc274c0b
SHA256ce6de0141b585bc0eace3d2630113292d2baed98fa9c718145853f107c0a2fae
SHA512b80076abebf669e9701a464d4d57bcc5f405de14a517ff1e948f1ba6a4518a59e304f7ac29ea648b5ba1916ca33db5db56df86a7137c40db73959b5e5cfd2318
-
/storage/emulated/0/Android/data/com.sybercare.xingyistaff/sybercare#xingyi/log/20240522/000.htmlFilesize
10KB
MD5152ef33eb419d0a1f25e613b0797463f
SHA1682f53b4cb01980c5b8cb006736cc96bcbbe38a9
SHA25682a377f9db290fd0ff2109f005d8e3ab05e17574f67ae300ca1957bef4b32311
SHA5123cd15de6fc3cea263ccba62213211f065fdd0eeccbb67800071a1724e366103717af5b3b670632e396411359a2edee2fa53c8905406d6ad5301639ae61b04cff