Analysis
-
max time kernel
179s -
max time network
170s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
22-05-2024 14:42
Static task
static1
Behavioral task
behavioral1
Sample
679ca256a909c1fd7018f093a97eec0d_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
Alipay_msp_2.5.2_0426.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral3
Sample
Alipay_msp_2.5.2_0426.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral4
Sample
Alipay_msp_2.5.2_0426.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
679ca256a909c1fd7018f093a97eec0d_JaffaCakes118.apk
-
Size
8.9MB
-
MD5
679ca256a909c1fd7018f093a97eec0d
-
SHA1
effe6a98a2653ee35770247af2fdfe4e75c61e81
-
SHA256
018efbf2ed6517ddf37129c611500c72c61b604b0924e9d53cf4b35d8298db6e
-
SHA512
5b0742a81c6ef3731be462bd415f38e15c2848a61b9134f1538a286d10fafa273dfdab2c9774a1ad7710ce669cc9324d0f68628c1ad4a03d4f9cb853a2ccf996
-
SSDEEP
196608:kC7DOEYdNW24mghAxoYzLvLZRaBH5MwGbu2tO9AX4PP6H:kyJwNB8AxoYzLvL7aB6wGaqOpP6
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.crting.bloomytowndescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.crting.bloomytown -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.crting.bloomytowndescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.crting.bloomytown -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.crting.bloomytowndescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.crting.bloomytown -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.crting.bloomytowndescription ioc process Framework API call javax.crypto.Cipher.doFinal com.crting.bloomytown
Processes
-
com.crting.bloomytown1⤵
- Checks CPU information
- Checks memory information
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.crting.bloomytown/files/mobclick_agent_cached_com.crting.bloomytownFilesize
100B
MD5e9fa7c64498109ce9a4a6a7bf18e493b
SHA13d2558de6000d87b11a3e368875b9a0d9f18fc58
SHA2566e3bcbf9f0f683db4760adcb433da5e1caf2372015ec736b77cbda392c01578e
SHA51254154dc3b5d60dbacb0934dfde0b340ea08cf81d97ca0a1bed34b6c59de1c526a0549771a841f223e5525f9816db111bca2410b76dfc4d22d98352110a692b36