Overview
overview
8Static
static
66919869580...18.apk
android-9-x86
86919869580...18.apk
android-10-x64
8CommonPlugin-2.6.apk
android-9-x86
1CommonPlugin-2.6.apk
android-10-x64
1CommonPlugin-2.6.apk
android-11-x64
1FeedPlugin-1.2.apk
android-9-x86
1FeedPlugin-1.2.apk
android-10-x64
1FeedPlugin-1.2.apk
android-11-x64
1FrameworkP....3.apk
android-9-x86
1FrameworkP....3.apk
android-10-x64
1FrameworkP....3.apk
android-11-x64
1TAEPlugin-1.3.apk
android-9-x86
1TAEPlugin-1.3.apk
android-11-x64
1Analysis
-
max time kernel
65s -
max time network
134s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
23-05-2024 00:11
Static task
static1
Behavioral task
behavioral1
Sample
6919869580e4ae4023b9f69cef59acf9_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6919869580e4ae4023b9f69cef59acf9_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
CommonPlugin-2.6.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral4
Sample
CommonPlugin-2.6.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral5
Sample
CommonPlugin-2.6.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral6
Sample
FeedPlugin-1.2.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral7
Sample
FeedPlugin-1.2.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral8
Sample
FeedPlugin-1.2.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral9
Sample
FrameworkPlugin-2.3.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral10
Sample
FrameworkPlugin-2.3.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral11
Sample
FrameworkPlugin-2.3.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral12
Sample
TAEPlugin-1.3.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral13
Sample
TAEPlugin-1.3.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
6919869580e4ae4023b9f69cef59acf9_JaffaCakes118.apk
-
Size
11.3MB
-
MD5
6919869580e4ae4023b9f69cef59acf9
-
SHA1
bc8bfa0ae5b3fc2a726e484e6a2abf6b9d4e0034
-
SHA256
304ebc227163b6de2f6c60006340bd588ab1297bd6d642bdde44bb0208a0861c
-
SHA512
dbc4fde68236933469288cec25af22a1d4a3d1b40c5d46d94e03628a45293ed3d76bd2811f6967a5368498f4ea747216300c3cb3ccf0d26489c0ae22469d33c8
-
SSDEEP
196608:ruKkfY2xIbu+VPtbdCqadsNEebsCZsY9PgTGDGjMTG2fL8Eih:lkfjIuIFdCdsCYvRYbeG9Eih
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Requests cell location 2 TTPs 2 IoCs
Uses Android APIs to to get current cell location.
Processes:
com.ss.android.article.news:remotecom.ss.android.article.newsdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.ss.android.article.news:remote Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.ss.android.article.news -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Queries information about running processes on the device 1 TTPs 8 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.ss.android.article.news:pushcom.ss.android.article.news:pushcom.ss.android.article.news:pushcom.ss.android.article.news:pushcom.ss.android.article.news:pushcom.ss.android.article.newscom.ss.android.article.news:pushcom.ss.android.article.news:remotedescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.ss.android.article.news:push Framework service call android.app.IActivityManager.getRunningAppProcesses com.ss.android.article.news:push Framework service call android.app.IActivityManager.getRunningAppProcesses com.ss.android.article.news:push Framework service call android.app.IActivityManager.getRunningAppProcesses com.ss.android.article.news:push Framework service call android.app.IActivityManager.getRunningAppProcesses com.ss.android.article.news:push Framework service call android.app.IActivityManager.getRunningAppProcesses com.ss.android.article.news Framework service call android.app.IActivityManager.getRunningAppProcesses com.ss.android.article.news:push Framework service call android.app.IActivityManager.getRunningAppProcesses com.ss.android.article.news:remote -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.ss.android.article.newscom.ss.android.article.news:remotedescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ss.android.article.news Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ss.android.article.news:remote -
Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.ss.android.article.news:remotecom.ss.android.article.newsdescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.ss.android.article.news:remote Framework service call android.net.wifi.IWifiManager.getScanResults com.ss.android.article.news -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 8 IoCs
Processes:
com.ss.android.article.news:pushcom.ss.android.article.news:remotecom.ss.android.article.news:pushcom.ss.android.article.news:pushcom.ss.android.article.news:pushcom.ss.android.article.news:pushcom.ss.android.article.news:pushcom.ss.android.article.newsdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.ss.android.article.news:push Framework service call android.app.IActivityManager.registerReceiver com.ss.android.article.news:remote Framework service call android.app.IActivityManager.registerReceiver com.ss.android.article.news:push Framework service call android.app.IActivityManager.registerReceiver com.ss.android.article.news:push Framework service call android.app.IActivityManager.registerReceiver com.ss.android.article.news:push Framework service call android.app.IActivityManager.registerReceiver com.ss.android.article.news:push Framework service call android.app.IActivityManager.registerReceiver com.ss.android.article.news:push Framework service call android.app.IActivityManager.registerReceiver com.ss.android.article.news -
Checks if the internet connection is available 1 TTPs 2 IoCs
Processes:
com.ss.android.article.newscom.ss.android.article.news:remotedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ss.android.article.news Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ss.android.article.news:remote -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 2 IoCs
Processes:
com.ss.android.article.newscom.ss.android.article.news:remotedescription ioc process Framework API call javax.crypto.Cipher.doFinal com.ss.android.article.news Framework API call javax.crypto.Cipher.doFinal com.ss.android.article.news:remote
Processes
-
com.ss.android.article.news1⤵
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
-
com.ss.android.article.news:push1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
-
com.ss.android.article.news:remote1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
-
com.ss.android.article.news:push1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
-
com.ss.android.article.news:push1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
-
com.ss.android.article.news:push1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
-
com.ss.android.article.news:push1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
-
com.ss.android.article.news:push1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.ss.android.article.news/databases/ss_app_log.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.ss.android.article.news/databases/ss_app_log.db-journalFilesize
512B
MD5210d5a221974cc078ac379ed798dd3bb
SHA12b81d47319dd95628c1c737d5f9b6724a4d5f491
SHA256e6ebcbfd4ac6dbb537c5813f363d5880f2454e3cbc61038ae64cdad9eda13138
SHA512278f071f7cc8335faec50139a892b95c9da5c60eab26b9efc9330ee3e7fb9c2491c9cc6053282a6cb23aaa1deb722059983750c1f5368faab8ba5455410e035d
-
/data/data/com.ss.android.article.news/databases/ss_app_log.db-shmFilesize
52KB
MD523724ff5169b02ff29439f03f6932dfe
SHA1eab13a27a0ddd275c7b5567b209f6ac9b8f8c4d0
SHA256fd1a814260a954b4e7318eb0dd223c4b5a91b7445b78fa72689185eae9e0c8f6
SHA5128c830be63c8919adf68d467665936e945d145030f4d0e6bda4d4920719bb99a3ac13df7a297a82bc62ef6576de68aab285a82696ea98f1e9f234d0a2ee4e6446
-
/data/data/com.ss.android.article.news/databases/ss_app_log.db-walFilesize
60KB
MD54918b8b2a20749b076078b65fc8199ed
SHA12966945e8102d74d37ad3c315915a05ba9b97ee3
SHA25631eabde2d3c2149e5e422958cf526756c947efffcc42e45756275d2f8eeac884
SHA51250c7891d6e8a9f56f4bf5c61be5ebb061e2d154594c0d264246f455f5e2a18f8b0d9735337726aa954fa22f78393b26ea65392d8c9b6a1b1be3fef973b688c72
-
/data/data/com.ss.android.article.news/files/lldt/firll.datFilesize
550B
MD575180c0e37ace73d7b5f855165e23e84
SHA15ba8ed6787788de4f92870f9241db4d0fae7155b
SHA256c4a87cebc80106d5475def5315d724b59a07864c71d37cc0b9fc2cfd5bf10d25
SHA512b28867dc88e94da652548b988c0fcdabb89d1399c1147395732776f45c0948c6a68b13bca4b2afdd1cedfd861c9315c905adc7283f6dfc89a0661ed813ccbb39
-
/data/data/com.ss.android.article.news/files/lldt/offinfo.datFilesize
44B
MD54ddbc5dd33fb4974390075e721bc74e8
SHA1b068b63288988cc2b25c5d5c07a92494bb6bde7e
SHA25671a190fb80c3462235f2570b3cb3b3bfe71029bf27d3ef018b4b61bcd8a049dd
SHA5128d273ade647b790d90b1d623f09e6630afe7504d72ced709c8551753475aaec4b6a5f0774e3387ea7ab010aef084bc9aaa046272bd39d0a848baa7f9e8f82649
-
/data/data/com.ss.android.article.news/files/umeng_it.cacheFilesize
211B
MD5d5ccbd33f259da171227360f2aa1361b
SHA1037ce5700fe98e2deb6cae5d0c240aa732f3cb11
SHA2569df838a98c5e53ead4aec5329d134f67d7c46ee3897f393580c65dc2f502c925
SHA51267e53821ed6ecf95c1120f01c9ef99bde5a0bad47a899775ac1e3d6c1b30816023021296eeed12ea94436ff84320c8c6db2ecdeca6f1efce10a88ee1ed671dab
-
/storage/emulated/0/Android/data/com.snssdk.api/cache/clientudid.datFilesize
89B
MD505f965f8d1aba5e16fc96e411d054401
SHA12cdc31951cce5488d02a94ceae6f9af4cb187e35
SHA2566052523cd9d83a765aa94f668925614371709d5755420fd0ca1b99f8e6608988
SHA512992ddb54a430be8340df389c6fb4c522f43a14942bccda85644d677b0bcedbdfad9930c7d597827ccb2e164fcb6189d4a91c2853277998e241e0dc229c0cca73
-
/storage/emulated/0/Android/data/com.ss.android.article.news/cache/locationCache/journal.tmpFilesize
28KB
MD55969431000281fad848d63350df4324a
SHA13f937559f4d93fce01b12660d78e40c17bfe4aec
SHA25649822f344bc69f8f210c6b9933090f7465b6c974591c2ac5884f5ad34cd2da38
SHA5129154f209d42e40461fac8ba06e5c5f92c776878b84564cbf1321234977b48de606f85f62d5f18b8ff16ebe496e0f425137a511be16689331b053218a72569716
-
/storage/emulated/0/baidu/tempdata/conlts.datFilesize
12B
MD58d80bc8ea90e9cac010d3ddf97bda5f5
SHA1f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07
SHA256f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93
SHA5129ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7
-
/storage/emulated/0/baidu/tempdata/conlts.datFilesize
164B
MD5814a311e9de0e467007d33c96d5f2bad
SHA10c500d71e8689538c2ae8e7689923b32289c4d72
SHA25657b93a8c78c976e2fe4bf1b13d51503ca32e5fe511cc9fcb160edd1814be8246
SHA5127af19b4b89e20ccfdef7ffca472b9f7c7d54a5e615c1d4753a80ac9da2697964c99ae4b35dc43e36f78514bdfab02d2b6a451c76f4b219679ec688348d73ad1d
-
/storage/emulated/0/baidu/tempdata/lcvif.datFilesize
96B
MD55e27dc08c8dedd65c4cc6b930b60b708
SHA18519ab09732b9e92f2c213461f4527929e880a4f
SHA2569a5ccb49cf0db45ccf171f3dbd63b96a9a71c8cbaeb5c2ca24fc0e3d9a2275f3
SHA51224d6e1acd854a43277cafcc40275c97c8b640d4cb46c542378d557ae5a1adc51891abe63b5a7cd40d58172da25442e1acf0e525e0add9c0400b6538a955009bd
-
/storage/emulated/0/baidu/tempdata/yoh.datFilesize
24B
MD5a936690571e9104e1922dda4a0ba5bd1
SHA165f49c57edde2f96be2a1dbdfc3f7351f1e66554
SHA256f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412
SHA5123be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394
-
/storage/emulated/0/baidu/tempdata/yoh.datFilesize
24B
MD51681ffc6e046c7af98c9e6c232a3fe0a
SHA1d3399b7262fb56cb9ed053d68db9291c410839c4
SHA2569d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0
SHA51211bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5