e72806a1842aa2bf7fefdf85ef98424bca3abc462761111b902d408e347ddf1e

Analysis

max time kernel
179s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 18:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68219950da4733e2b4275b81538f193d_JaffaCakes118.apk
Size

4.0MB
MD5

68219950da4733e2b4275b81538f193d
SHA1

5b062d4d60a9de5a7e1371c313775c6c68201055
SHA256

e72806a1842aa2bf7fefdf85ef98424bca3abc462761111b902d408e347ddf1e
SHA512

c9132f39025ffe748010e196f0b2536eb672d1d2f431c940850849256b0b5b517121f201528af138d8a3691e8667c19015f4a53918d996bdf7dacf4d4f29d2ef
SSDEEP

98304:Uv62m65nrzuvsA2zFcriHPdnvEPYNYndiinySdZDuruc90V9Yf:R2B5nnuR2xQqdvEPYindiZSdZD4izYf

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 5 IoCs
evasion

T1426

Processes:

com.ttfw.aimeils -l /sbin/suls -l /system/xbin/su

ioc process

/sbin/su com.ttfw.aimei
/system/bin/su com.ttfw.aimei
/system/xbin/su com.ttfw.aimei
/sbin/su ls -l /sbin/su
/system/xbin/su ls -l /system/xbin/su
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.ttfw.aimei

description ioc process

File opened for read /proc/cpuinfo com.ttfw.aimei
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.ttfw.aimei

description ioc process

File opened for read /proc/meminfo com.ttfw.aimei
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

T1541

Processes:

com.ttfw.aimei

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.ttfw.aimei
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

com.ttfw.aimei

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ttfw.aimei
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.ttfw.aimei

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.ttfw.aimei
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

com.ttfw.aimei

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.ttfw.aimei
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.ttfw.aimei

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ttfw.aimei
Reads information about phone network operator. 1 TTPs
discovery

T1422
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

T1628.002

Processes:

com.ttfw.aimei

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.ttfw.aimei

ioc	process
/sbin/su	com.ttfw.aimei
/system/bin/su	com.ttfw.aimei
/system/xbin/su	com.ttfw.aimei
/sbin/su	ls -l /sbin/su
/system/xbin/su	ls -l /system/xbin/su

description	ioc	process
File opened for read	/proc/cpuinfo	com.ttfw.aimei

description	ioc	process
File opened for read	/proc/meminfo	com.ttfw.aimei

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.ttfw.aimei

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.ttfw.aimei

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.ttfw.aimei

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.ttfw.aimei

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ttfw.aimei

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.ttfw.aimei

com.ttfw.aimei
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
PID:4286

su
2⤵
PID:4405

/system/bin/sh
2⤵
PID:4645

ls -l /sbin/su
3⤵
- Checks if the Android device is rooted.
PID:4677

ls -l /system/xbin/su
3⤵
- Checks if the Android device is rooted.
PID:4709

su
2⤵
PID:4738

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ttfw.aimei/files/UIConfig.config
Filesize
80B

MD5
5b4cad22ef0e9adade2695c6d5a55f8f

SHA1
fd58195afbed302751b3798047d53407366fe33a

SHA256
53bece7fa2ca989e110900fd76e64414e53fcf99066471aa3bb86109092d2440

SHA512
6976d3adfa578df50f339aec7444bd916f36d16b8699feade70ab40514b504a7e5a7ef3e776bd2ce7a49fd346fee61ed97ad84c0b376ebb0681a1b020121e253

Download Submit
/data/data/com.ttfw.aimei/files/eventservice.jar
Filesize
214KB

MD5
0596a9ef16c617e44e699bdf5cd85905

SHA1
c32911f89a6207b80898408463e46c3e7d6e6c02

SHA256
35626d776baa83a6d4624aeaccd13d6ed16ce48e48d3ef6c877f93d07584708e

SHA512
a5b7703ac0bc9f44cbb76261298da2b6644cd5c22a3272574d662fc6adc061f7c142dc8c8d3bfdce9b2825b17c8e6054f8788be940b965e7890015179ddb15ae

Download Submit
/data/data/com.ttfw.aimei/files/mobclick_agent_cached_com.ttfw.aimei
Filesize
122B

MD5
ae0ca7b5176de10d72d8ec3d5cb61821

SHA1
2fd6c37e052e63d6c3ba7201d7f8236534da7447

SHA256
306d9db83c73a3c68bb1ad6cc6f14f946af3b5b15330d552c3eca0305882219f

SHA512
d734dc5bec48534b0daaf07e6a789b7901e4e9138f3dd2e247ef3eff49d19dad1bf6b493c898eb8e3bd672b3c83af9db2edd7335620ab91c28124e0a7883b3bc

Download Submit
/data/data/com.ttfw.aimei/files/script.atc
Filesize
587B

MD5
801efdfc104b170f023e0303293f2c11

SHA1
8d42f0c50156bbe4dbee0c1482be6e5d7102735d

SHA256
5a1d43df4d722a9f316eb84cc55286b8d8b6a3c35edc8a2575789c2fea549460

SHA512
386764c1e2bda1f686988db4791f1dfe6fa305a5776f1de0e05e53439fa79f02d4ef8b92c4728fac4bae5ea37187251fd89b22383cbda59c96759753fdc35e2b

Download Submit
/data/data/com.ttfw.aimei/files/script.lc
Filesize
26KB

MD5
e15343de40f554c15a523687a77de5b4

SHA1
5eb3452d301017d81374e3165018954501668ad2

SHA256
d9634980694651eecd793a61abe5d7806f7a9f556b3339e7574fafa00ed3373e

SHA512
de81c719eb1fe8e81284069348653393ec45b3df69ca31abdf0f8c77042d90289e408981523af9eb7333f34dd40b671917a5d57289f863ed783c5da219dfed89

Download Submit
/data/data/com.ttfw.aimei/files/script.ui
Filesize
1KB

MD5
8f0d25231411585b4f45dddae8f8ed68

SHA1
a932dca0f03f782863243e3a9da5ac1c42ccc859

SHA256
0c5abb3653bffccede96f8a14dfa3c6966d0db2bbe96708abc0c580a5c943ed2

SHA512
70336cd3176fa30d02e9f9b020b1aff9d581f2ef8ff0ad9fff05b19f18002b40e5ac29201310e70b5b2fd98b7d2f7c1a0f9c090b8d77803729ae0e420e659d9b

Download Submit
/storage/emulated/0/Android/data/com.ttfw.aimei/cache/uil-images/journal.tmp
Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads