Analysis
-
max time kernel
179s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
22-05-2024 18:03
Static task
static1
Behavioral task
behavioral1
Sample
68219950da4733e2b4275b81538f193d_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
68219950da4733e2b4275b81538f193d_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
68219950da4733e2b4275b81538f193d_JaffaCakes118.apk
-
Size
4.0MB
-
MD5
68219950da4733e2b4275b81538f193d
-
SHA1
5b062d4d60a9de5a7e1371c313775c6c68201055
-
SHA256
e72806a1842aa2bf7fefdf85ef98424bca3abc462761111b902d408e347ddf1e
-
SHA512
c9132f39025ffe748010e196f0b2536eb672d1d2f431c940850849256b0b5b517121f201528af138d8a3691e8667c19015f4a53918d996bdf7dacf4d4f29d2ef
-
SSDEEP
98304:Uv62m65nrzuvsA2zFcriHPdnvEPYNYndiinySdZDuruc90V9Yf:R2B5nnuR2xQqdvEPYindiZSdZD4izYf
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 5 IoCs
Processes:
com.ttfw.aimeils -l /sbin/suls -l /system/xbin/suioc process /sbin/su com.ttfw.aimei /system/bin/su com.ttfw.aimei /system/xbin/su com.ttfw.aimei /sbin/su ls -l /sbin/su /system/xbin/su ls -l /system/xbin/su -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
com.ttfw.aimeidescription ioc process Framework service call android.app.IActivityManager.setServiceForeground com.ttfw.aimei -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.ttfw.aimeidescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ttfw.aimei -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.ttfw.aimeidescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.ttfw.aimei -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.ttfw.aimeidescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.ttfw.aimei -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.ttfw.aimeidescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ttfw.aimei -
Reads information about phone network operator. 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.ttfw.aimeidescription ioc process Framework API call android.hardware.SensorManager.registerListener com.ttfw.aimei
Processes
-
com.ttfw.aimei1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
-
su2⤵
-
/system/bin/sh2⤵
-
ls -l /sbin/su3⤵
- Checks if the Android device is rooted.
-
ls -l /system/xbin/su3⤵
- Checks if the Android device is rooted.
-
su2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.ttfw.aimei/files/UIConfig.configFilesize
80B
MD55b4cad22ef0e9adade2695c6d5a55f8f
SHA1fd58195afbed302751b3798047d53407366fe33a
SHA25653bece7fa2ca989e110900fd76e64414e53fcf99066471aa3bb86109092d2440
SHA5126976d3adfa578df50f339aec7444bd916f36d16b8699feade70ab40514b504a7e5a7ef3e776bd2ce7a49fd346fee61ed97ad84c0b376ebb0681a1b020121e253
-
/data/data/com.ttfw.aimei/files/eventservice.jarFilesize
214KB
MD50596a9ef16c617e44e699bdf5cd85905
SHA1c32911f89a6207b80898408463e46c3e7d6e6c02
SHA25635626d776baa83a6d4624aeaccd13d6ed16ce48e48d3ef6c877f93d07584708e
SHA512a5b7703ac0bc9f44cbb76261298da2b6644cd5c22a3272574d662fc6adc061f7c142dc8c8d3bfdce9b2825b17c8e6054f8788be940b965e7890015179ddb15ae
-
/data/data/com.ttfw.aimei/files/mobclick_agent_cached_com.ttfw.aimeiFilesize
122B
MD5ae0ca7b5176de10d72d8ec3d5cb61821
SHA12fd6c37e052e63d6c3ba7201d7f8236534da7447
SHA256306d9db83c73a3c68bb1ad6cc6f14f946af3b5b15330d552c3eca0305882219f
SHA512d734dc5bec48534b0daaf07e6a789b7901e4e9138f3dd2e247ef3eff49d19dad1bf6b493c898eb8e3bd672b3c83af9db2edd7335620ab91c28124e0a7883b3bc
-
/data/data/com.ttfw.aimei/files/script.atcFilesize
587B
MD5801efdfc104b170f023e0303293f2c11
SHA18d42f0c50156bbe4dbee0c1482be6e5d7102735d
SHA2565a1d43df4d722a9f316eb84cc55286b8d8b6a3c35edc8a2575789c2fea549460
SHA512386764c1e2bda1f686988db4791f1dfe6fa305a5776f1de0e05e53439fa79f02d4ef8b92c4728fac4bae5ea37187251fd89b22383cbda59c96759753fdc35e2b
-
/data/data/com.ttfw.aimei/files/script.lcFilesize
26KB
MD5e15343de40f554c15a523687a77de5b4
SHA15eb3452d301017d81374e3165018954501668ad2
SHA256d9634980694651eecd793a61abe5d7806f7a9f556b3339e7574fafa00ed3373e
SHA512de81c719eb1fe8e81284069348653393ec45b3df69ca31abdf0f8c77042d90289e408981523af9eb7333f34dd40b671917a5d57289f863ed783c5da219dfed89
-
/data/data/com.ttfw.aimei/files/script.uiFilesize
1KB
MD58f0d25231411585b4f45dddae8f8ed68
SHA1a932dca0f03f782863243e3a9da5ac1c42ccc859
SHA2560c5abb3653bffccede96f8a14dfa3c6966d0db2bbe96708abc0c580a5c943ed2
SHA51270336cd3176fa30d02e9f9b020b1aff9d581f2ef8ff0ad9fff05b19f18002b40e5ac29201310e70b5b2fd98b7d2f7c1a0f9c090b8d77803729ae0e420e659d9b
-
/storage/emulated/0/Android/data/com.ttfw.aimei/cache/uil-images/journal.tmpFilesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56