Analysis
-
max time kernel
179s -
max time network
184s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
22-05-2024 20:10
Static task
static1
Behavioral task
behavioral1
Sample
687896184707a4d61e86818e5776018d_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
687896184707a4d61e86818e5776018d_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
687896184707a4d61e86818e5776018d_JaffaCakes118.apk
-
Size
3.4MB
-
MD5
687896184707a4d61e86818e5776018d
-
SHA1
2d793e0b1d895ce3ca53f310c231f808314ef6a2
-
SHA256
fe4a0bf6fb18ccca17d3e1b51707e5adefbf2e0d6ff4cc0cb2123a1e58752432
-
SHA512
55f0fd6d68d86d084e51c7e328dd2474924a96555c6c8cc5201e8d215ce78fefcdd7b90964191be8fde9ed04a8e68a47812ca46a6763bbd7a9a272bed177b2cc
-
SSDEEP
98304:WibSOz+wjLneiV2MFzLNASDKeO5MKLwdSzdUo:WCSWh8Fv7SKLMSL
Malware Config
Signatures
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.qiyi.gameloaddescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.qiyi.gameload -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.qiyi.gameload:remotedescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.qiyi.gameload:remote -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.qiyi.gameload:remotedescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.qiyi.gameload:remote -
Checks if the internet connection is available 1 TTPs 2 IoCs
Processes:
com.qiyi.gameloadcom.qiyi.gameload:remotedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.qiyi.gameload Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.qiyi.gameload:remote -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
Processes
-
com.qiyi.gameload1⤵
- Queries information about the current Wi-Fi connection
- Checks if the internet connection is available
-
com.qiyi.gameload:remote1⤵
- Requests cell location
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/storage/emulated/0/baidu/tempdata/ls.dbFilesize
20KB
MD5ada4bb502d28f75c6c5627b82f6b836a
SHA103f6827885f29b782095f475dde67b2a391b4e57
SHA2569a53dd56f32b4abce786e8af6397d9a5b9319f204f03669e4c68016b0ac55f5f
SHA51278daa788a5b8f9111692026f8f4ee57ee3efee61130ec5ebf8a3543090a0a661ef45159f11b9207cac1f04ca0d70f66e9d4ce941ab3facdbfc7afd27314fb477
-
/storage/emulated/0/baidu/tempdata/ls.db-journalFilesize
512B
MD54ba70272a38f3f473695d546785107ae
SHA13d288ea57c2ff77d37a2edaa7b8282190640d854
SHA256c2460ed2aa7e74a42e875393e6c79e6c6c0ac75ed6a1b538d29785367360c69a
SHA512b26af0f9ed212f46e1f7d033428032883a97161dc443a9856b7e7b42debe1cc320202f21044983c5b56db85e8f4eceaa61733f496105da109da6a3f724701138
-
/storage/emulated/0/baidu/tempdata/ls.db-journalFilesize
8KB
MD540f5c652ded3466f3135f974cbc7357f
SHA19e508ce389143d6f83d7f6fa5ac36f4f0f592cd1
SHA256d8d1df461cc133ad319d597bc12dae4c1980a0cbd7a1490114827a13a8871482
SHA512fd415842b24b4732f318696d4abe14e36f8746561014699bf5729311b941d63723415ccdc8b30848d73d363303dea7bdcd6a32889ab0a434bd403c5834e09fc7
-
/storage/emulated/0/baidu/tempdata/ls.db-journalFilesize
8KB
MD53b6a8665d684e4064a784dbbae64f282
SHA11b321848ae1967c589981868221da61e1f9781c6
SHA25674ec2d4d63dd7dccf207d45ec25ff81b95ec9699b6f53c220fc031947931e4db
SHA5127ad12c8342bdba111fddd1c3bddf2cf968b80de2fe24ab4d3467a60551a7e7c7932f751a3d16add1e99f50633b610a5eb18d2275b78bc7de1c9266cfb995d1fb