Analysis
-
max time kernel
34s -
max time network
130s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
23-05-2024 00:00
Static task
static1
Behavioral task
behavioral1
Sample
6913dd93c51906fa437b45a279d97a6a_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6913dd93c51906fa437b45a279d97a6a_JaffaCakes118.apk
Resource
android-33-x64-arm64-20240514-en
General
-
Target
6913dd93c51906fa437b45a279d97a6a_JaffaCakes118.apk
-
Size
17.9MB
-
MD5
6913dd93c51906fa437b45a279d97a6a
-
SHA1
9b8ea701727d28e7bebdb005ef3b6fea0f96ad87
-
SHA256
4a25ad7a92add771ce4d69e797b3ec28be3d251f5accaff68023e06f809f1d75
-
SHA512
8b568eb47757c37a88890ae1733f7b6d13ceb0636694f101b84982a5667535154df44c1452c9a6199b410d36119a0d9114777c6e4be78bf47774ad84cb164fd2
-
SSDEEP
393216:n04p8Owz60so0X0C+ScCR/cK6w9d0e8GOY32sUnojGptaEl:DK6f/Zxb6w30e8GOJ7nojGpYM
Malware Config
Signatures
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.yifang.erpdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.yifang.erp -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.yifang.erpdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.yifang.erp -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.yifang.erpdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.yifang.erp -
Checks if the internet connection is available 1 TTPs 1 IoCs
Processes:
com.yifang.erpdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.yifang.erp -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
Processes:
com.yifang.erpdescription ioc process Framework API call android.hardware.SensorManager.registerListener com.yifang.erp -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.yifang.erpdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.yifang.erp
Processes
-
com.yifang.erp1⤵
- Requests cell location
- Checks CPU information
- Checks memory information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
-
cat /proc/mounts2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.yifang.erp/app_06851326-179e-4f06-8472-d5e78a1ab259/be7b7b05-7ca6-433e-b4b8-e26585aa3a9bFilesize
94B
MD52f615c3148a3d616a4d3c6cc7ffb832a
SHA1da2260e80e5b5d58553405877262a6bf2790352f
SHA2564938e50025b5e6b8ea639daa3c13e706003c22bdde1eb5b0faca99849a1ab987
SHA5128e7709e07bebd2be655be40629f636711d7de67ed5bbac036957387bde9a5966ede6439caee99629c153f302e11e6763e236c25fcf850c0f80570bdf24db6ddb
-
/data/data/com.yifang.erp/files/jpush_stat_history/normal/nowrap/6147595c-d8f5-467f-b135-3817212939e9Filesize
159B
MD5b1cbf7f464a861fe11b9e8a7186f4ce7
SHA1a56876dab4b4531e1c159bf0d4506b01e32667c4
SHA256f72d991fcc964e47069100c861d0153bca028ceb63f56aa1db43c46377535cf3
SHA512c7f465e3cdc77840626cbe96b121d2f50762e139297cc27cb0bc4cb5f5df7db60bc4ad73b342b0202bb1d59231be91f095c3652b42798e2498c655f5abdac96a
-
/data/data/com.yifang.erp/files/jpush_stat_history/normal/nowrap/eece9be2-1a96-4f09-9d64-79dd413b5141Filesize
202B
MD59ed4b22265c49b8b832c44145d5be0e9
SHA1c79f99caaf95828880bfa874e3d81b840ad1af9e
SHA256cc9815704e984c9f7e54349a5a77b58287cd2475d3aa62814f504b96071f53f5
SHA51203ede3f61d35f53a016c5205d536f79ffbabb0ca818a77701946a474132046136f5e8f16782d20ae6321c0587dce25e2d1c65da596a54e023ce357b8c3bf447b
-
/storage/emulated/0/data/.push_deviceidFilesize
32B
MD557d81cb2231daad2321d7f707e71848c
SHA1d1ff3aeb1cc4a4c82b558f77c73581d899ad9e23
SHA256ba15c049bf9ab8dd82dca2a5d98cdd5e96e8c40c3a3a2745a3693412a2516cd3
SHA512d96e513f313d5ee722bdd1e2cda7f0fb018cbc384195cdeb524bbfe3be1eb422bf6b3bf4f313dc93ef8a4432dbc4776826587805d77be5efda85f573b62dffc3