Analysis
-
max time kernel
64s -
max time network
152s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
22-05-2024 18:03
Static task
static1
Behavioral task
behavioral1
Sample
68219950da4733e2b4275b81538f193d_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
68219950da4733e2b4275b81538f193d_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
68219950da4733e2b4275b81538f193d_JaffaCakes118.apk
-
Size
4.0MB
-
MD5
68219950da4733e2b4275b81538f193d
-
SHA1
5b062d4d60a9de5a7e1371c313775c6c68201055
-
SHA256
e72806a1842aa2bf7fefdf85ef98424bca3abc462761111b902d408e347ddf1e
-
SHA512
c9132f39025ffe748010e196f0b2536eb672d1d2f431c940850849256b0b5b517121f201528af138d8a3691e8667c19015f4a53918d996bdf7dacf4d4f29d2ef
-
SSDEEP
98304:Uv62m65nrzuvsA2zFcriHPdnvEPYNYndiinySdZDuruc90V9Yf:R2B5nnuR2xQqdvEPYindiZSdZD4izYf
Malware Config
Signatures
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.ttfw.aimeidescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ttfw.aimei -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.ttfw.aimeidescription ioc process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.ttfw.aimei -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.ttfw.aimeidescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.ttfw.aimei -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.ttfw.aimeidescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ttfw.aimei -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.ttfw.aimeidescription ioc process Framework API call android.hardware.SensorManager.registerListener com.ttfw.aimei
Processes
-
com.ttfw.aimei1⤵
- Checks CPU information
- Checks memory information
- Obtains sensitive information copied to the device clipboard
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.ttfw.aimei/files/eventservice.jarFilesize
214KB
MD50596a9ef16c617e44e699bdf5cd85905
SHA1c32911f89a6207b80898408463e46c3e7d6e6c02
SHA25635626d776baa83a6d4624aeaccd13d6ed16ce48e48d3ef6c877f93d07584708e
SHA512a5b7703ac0bc9f44cbb76261298da2b6644cd5c22a3272574d662fc6adc061f7c142dc8c8d3bfdce9b2825b17c8e6054f8788be940b965e7890015179ddb15ae
-
/data/data/com.ttfw.aimei/files/mobclick_agent_cached_com.ttfw.aimeiFilesize
122B
MD503665a06c82f4d8266d621c10dfab8bb
SHA1fc37d1cad486160f5a55d3ea47192b05c0933bf5
SHA256224415ec06ad239301300006f4ee571e36892b05e846fb8579f36b16baac3acf
SHA51299bf9a6084e47dfae98721bfb83c2eaa4318a7695e71ca8114f19f288b3e3ace9b9a6aacfca996b4be3d7027a26a6e3c7f4795679a41f993d377658b8f8e5ca9
-
/data/data/com.ttfw.aimei/files/script.atcFilesize
587B
MD5801efdfc104b170f023e0303293f2c11
SHA18d42f0c50156bbe4dbee0c1482be6e5d7102735d
SHA2565a1d43df4d722a9f316eb84cc55286b8d8b6a3c35edc8a2575789c2fea549460
SHA512386764c1e2bda1f686988db4791f1dfe6fa305a5776f1de0e05e53439fa79f02d4ef8b92c4728fac4bae5ea37187251fd89b22383cbda59c96759753fdc35e2b
-
/data/data/com.ttfw.aimei/files/script.lcFilesize
26KB
MD5e15343de40f554c15a523687a77de5b4
SHA15eb3452d301017d81374e3165018954501668ad2
SHA256d9634980694651eecd793a61abe5d7806f7a9f556b3339e7574fafa00ed3373e
SHA512de81c719eb1fe8e81284069348653393ec45b3df69ca31abdf0f8c77042d90289e408981523af9eb7333f34dd40b671917a5d57289f863ed783c5da219dfed89
-
/data/data/com.ttfw.aimei/files/script.uiFilesize
1KB
MD58f0d25231411585b4f45dddae8f8ed68
SHA1a932dca0f03f782863243e3a9da5ac1c42ccc859
SHA2560c5abb3653bffccede96f8a14dfa3c6966d0db2bbe96708abc0c580a5c943ed2
SHA51270336cd3176fa30d02e9f9b020b1aff9d581f2ef8ff0ad9fff05b19f18002b40e5ac29201310e70b5b2fd98b7d2f7c1a0f9c090b8d77803729ae0e420e659d9b
-
/storage/emulated/0/Android/data/com.ttfw.aimei/cache/uil-images/journal.tmpFilesize
31B
MD58c92de9ce46d41a22f3b20f77404cc1d
SHA18671a6dca00edb72be47363a7071be65cf270373
SHA25668bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274
SHA51230f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56