Analysis
-
max time kernel
106s -
max time network
184s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
22-05-2024 14:46
Static task
static1
Behavioral task
behavioral1
Sample
679fbc2f64b3ca5374307e3bf343ed2a_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
679fbc2f64b3ca5374307e3bf343ed2a_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
679fbc2f64b3ca5374307e3bf343ed2a_JaffaCakes118.apk
-
Size
5.2MB
-
MD5
679fbc2f64b3ca5374307e3bf343ed2a
-
SHA1
9d3209a7313019c2b82300bb9e144d2f9b094d71
-
SHA256
b40420a5af7cfe8ba0e5c91fecb404707ce342f6a0362eee441fa734413aa0c4
-
SHA512
1b2c5c4a87a12d6c17db0b1aa034d35b16f7f23fb072681390379860a7a3ffa79023ea6695e4ae86fd0defc9be07b6b77871a5e690744f96fc5690f7d04e9ea3
-
SSDEEP
98304:a3PndjirR4ebFpb9Us0JKUuIk9aSBBPXcajpyi7lvgGcfgL2AP4TIwDUk:a3PUtxeJbUtcaljlvv12APoIwh
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.che123456.appdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.che123456.app -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.che123456.appdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.che123456.app -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.che123456.appdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.che123456.app -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Checks the presence of a debugger
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.che123456.appdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.che123456.app
Processes
-
com.che123456.app1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.che123456.app/databases/bugly_db_leguFilesize
116KB
MD59929856c93b9d9052d712f93eb334eb5
SHA104e05b09dd3ad694026f81bc4641984e34287f0c
SHA2569450d0ed04184fcd56650c61358de961fc8f7f3724ddb3fb917bdb176722402b
SHA5123966b09669e8563d447e7392a0f2210dae5a4c016c12da4175b548c931fc06eb64c89668d61023c9e8440850cefce870522468134e019c5ccd95acb0d0adf73e
-
/data/data/com.che123456.app/databases/bugly_db_legu-journalFilesize
512B
MD58882f9a661950d258ff0c9aba9e1379b
SHA11e68edf5b5fec3d0777e9387cb1adb1ab4c1fe4f
SHA256501087f2145c61349a1b40ba2ca12ee1edb5972ab77859b82c4cebd49fc8d8c6
SHA51267d0f4d2ac237fab149ab920d203cf48b9c2ffa72cb41a563b28fa188b702b460dc8e3f4405521085e92091c55c7cb6ba4bdfd798e2a77364fb2a16b0094cd4d
-
/data/data/com.che123456.app/databases/bugly_db_legu-journalFilesize
8KB
MD5a43e4645afc21a59d8a62df01bad33de
SHA15a22ee293cb866bccfca841d1c6543e81c31fd4b
SHA256323e8fa12ce8bc6a459344fd1a5833e33dd11893f9874b00edd1f5b2d737d129
SHA51255318cb1b2f32f9de44cbd630fe5879368804ab3110055884fd994a5d54ab426c828bbb2d5516a33153b2d39be65f851c49d615bdb08d40e295a52b3cb023a74
-
/data/data/com.che123456.app/databases/bugly_db_legu-journalFilesize
8KB
MD562102a08a28b95ae48e1fdf15d047f6a
SHA1775fed1047e884c62d095728f27c27061053df5c
SHA2569728e276eafb9f78428c1f05aa47a143ed6c39ec31def6e0eb721fb57cb0328a
SHA51223070d7b924369f62b3e3943e70864c1f66bf8be076ef615e6ff5f94852e04d21a871afd3e7fbb68dc42d0f8ad50b6b110142173719ba29d88504b733d9cf839
-
/data/data/com.che123456.app/databases/bugly_db_legu-journalFilesize
8KB
MD594d6aac59a3610785347eaa780c549b8
SHA1dbd353f724e2aa823533713890b61de41d9b5759
SHA256df4a4ce27e39782fc0de92c46c86ac60902e2428583e97fadcf0ca3ad08a594c
SHA512cc520477e4f595c786bb2fa401051f9774aecc754cf9d7439b11cac68285d8555a08a8c62ddf218d50d6ed50d2fe32d33bcec92b87e0c304063d7d43bdf8f4f6
-
/data/data/com.che123456.app/databases/bugly_db_legu-journalFilesize
12KB
MD59b3ee5ec1ffb3fa29942828a4bb7563f
SHA188a28c93e3b5bae955c2b798698154c972b9f016
SHA256e8694fee634c038b9f46761b9dcc507a2fca85d26d17bb37b7f61342b61640f3
SHA512a9fc015e7b0f9978ebb52a85537d117c43358d348cf62cd95cc04975077b892d15bf00e47fcb35ca3d6a01233996c0868477a4a4dfac279bde3f62b4f7c59308
-
/data/data/com.che123456.app/databases/bugly_db_legu-journalFilesize
12KB
MD57e79e27d99e813a57b0c6cec24024385
SHA1b4abb8e38c4dc129cbdeaef56b2167134350e94c
SHA25602b03849a5a661aa82c3ffb9deb0cd0c1773d55e60cea3a681bbe179a8be57a5
SHA512d24cf880e3934e940067bbd0283d24e129cfc2db94c73cd0b0d95822cde59b5b4308faa0ae2b5b646f41ebb15b0d4e36ff09ff9c71dd2bbb33a099f110d9481c