Overview
overview
8Static
static
66919869580...18.apk
android-9-x86
86919869580...18.apk
android-10-x64
8CommonPlugin-2.6.apk
android-9-x86
1CommonPlugin-2.6.apk
android-10-x64
1CommonPlugin-2.6.apk
android-11-x64
1FeedPlugin-1.2.apk
android-9-x86
1FeedPlugin-1.2.apk
android-10-x64
1FeedPlugin-1.2.apk
android-11-x64
1FrameworkP....3.apk
android-9-x86
1FrameworkP....3.apk
android-10-x64
1FrameworkP....3.apk
android-11-x64
1TAEPlugin-1.3.apk
android-9-x86
1TAEPlugin-1.3.apk
android-11-x64
1Analysis
-
max time kernel
67s -
max time network
129s -
platform
android_x64 -
resource
android-x64-20240514-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system -
submitted
23-05-2024 00:11
Static task
static1
Behavioral task
behavioral1
Sample
6919869580e4ae4023b9f69cef59acf9_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6919869580e4ae4023b9f69cef59acf9_JaffaCakes118.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
CommonPlugin-2.6.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral4
Sample
CommonPlugin-2.6.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral5
Sample
CommonPlugin-2.6.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral6
Sample
FeedPlugin-1.2.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral7
Sample
FeedPlugin-1.2.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral8
Sample
FeedPlugin-1.2.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral9
Sample
FrameworkPlugin-2.3.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral10
Sample
FrameworkPlugin-2.3.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral11
Sample
FrameworkPlugin-2.3.apk
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral12
Sample
TAEPlugin-1.3.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral13
Sample
TAEPlugin-1.3.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
6919869580e4ae4023b9f69cef59acf9_JaffaCakes118.apk
-
Size
11.3MB
-
MD5
6919869580e4ae4023b9f69cef59acf9
-
SHA1
bc8bfa0ae5b3fc2a726e484e6a2abf6b9d4e0034
-
SHA256
304ebc227163b6de2f6c60006340bd588ab1297bd6d642bdde44bb0208a0861c
-
SHA512
dbc4fde68236933469288cec25af22a1d4a3d1b40c5d46d94e03628a45293ed3d76bd2811f6967a5368498f4ea747216300c3cb3ccf0d26489c0ae22469d33c8
-
SSDEEP
196608:ruKkfY2xIbu+VPtbdCqadsNEebsCZsY9PgTGDGjMTG2fL8Eih:lkfjIuIFdCdsCYvRYbeG9Eih
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Requests cell location 2 TTPs 2 IoCs
Uses Android APIs to to get current cell location.
Processes:
com.ss.android.article.news:remotecom.ss.android.article.newsdescription ioc process Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.ss.android.article.news:remote Framework service call com.android.internal.telephony.ITelephony.getCellLocation com.ss.android.article.news -
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Queries information about running processes on the device 1 TTPs 4 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.ss.android.article.newscom.ss.android.article.news:pushcom.ss.android.article.news:remotecom.ss.android.article.news:pushdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.ss.android.article.news Framework service call android.app.IActivityManager.getRunningAppProcesses com.ss.android.article.news:push Framework service call android.app.IActivityManager.getRunningAppProcesses com.ss.android.article.news:remote Framework service call android.app.IActivityManager.getRunningAppProcesses com.ss.android.article.news:push -
Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.ss.android.article.newscom.ss.android.article.news:remotedescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ss.android.article.news Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.ss.android.article.news:remote -
Queries information about the current nearby Wi-Fi networks 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.ss.android.article.newscom.ss.android.article.news:remotedescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.ss.android.article.news Framework service call android.net.wifi.IWifiManager.getScanResults com.ss.android.article.news:remote -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 4 IoCs
Processes:
com.ss.android.article.news:pushcom.ss.android.article.news:remotecom.ss.android.article.news:pushcom.ss.android.article.newsdescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.ss.android.article.news:push Framework service call android.app.IActivityManager.registerReceiver com.ss.android.article.news:remote Framework service call android.app.IActivityManager.registerReceiver com.ss.android.article.news:push Framework service call android.app.IActivityManager.registerReceiver com.ss.android.article.news -
Checks if the internet connection is available 1 TTPs 2 IoCs
Processes:
com.ss.android.article.newscom.ss.android.article.news:remotedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ss.android.article.news Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.ss.android.article.news:remote -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.ss.android.article.newsdescription ioc process Framework API call javax.crypto.Cipher.doFinal com.ss.android.article.news
Processes
-
com.ss.android.article.news1⤵
- Requests cell location
- Checks CPU information
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
-
com.ss.android.article.news:push1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
-
com.ss.android.article.news:remote1⤵
- Requests cell location
- Queries information about running processes on the device
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
-
com.ss.android.article.news:push1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.ss.android.article.news/databases/ss_app_log.dbFilesize
40KB
MD5844cfdcce29c16b62fef6fa43db7dd81
SHA1143bf6db12c04225bb8648f9e33408279d15b7e3
SHA256cc43fd0e2c533f7c941965f8e977cfe0c351b0cae5df7a95366bb362fff3b2a3
SHA5127d8817e6cc86ee3c13ef7f9f676994c2f1365d79afcb607c008d128ba09639d3544b3cfedf05ae6481a50cef04613c2d7a2e3534b9e7e6fb8bc83c7027eca422
-
/data/data/com.ss.android.article.news/databases/ss_app_log.db-journalFilesize
28KB
MD52cd47ada17ad7a4e3d5e2717cb2762c6
SHA17cb844672cec4a3bce75c8cf81e80e8ad7cc49e5
SHA2565f266f7cf5a44a3cfcc9bfbba94735081851edc224cb071fa6e650227e214279
SHA512c25229cca649bc8ef54c0770a976034801c0a300d181c107c41879d7f6b7056c6282210c98661428078381032dc6fb0872112dde7e8efb1a9f9b333877f18dae
-
/data/data/com.ss.android.article.news/databases/ss_app_log.db-journalFilesize
8KB
MD50ad057f64ccf02ab98cc9cdded917c98
SHA123c85f7aca2f2db964c21a932b60d7a983cabee6
SHA2567153c6e83ef4df6f92d69b0bb4c64fc88603fa1a776d0d75f81fa33900119f92
SHA512b76ada380a7c7460e1c417e0f11fcc305a9a5ab60880ecfd7a9792aa6d061a09c1154b19dc47cece32b9d872f92f8dd32190a8acc403acdd7dde5adc3305de3f
-
/data/data/com.ss.android.article.news/databases/ss_app_log.db-journalFilesize
8KB
MD5fadd4252142a26dde7577d7619ddcbb6
SHA14dbb3d151d1308eef4c07eb8bc2a8bc98bf7cc4a
SHA2569fa83f81cc457d4b442111e3d68b26bd4fc92d98fddee7d595d65464bce42cca
SHA5121a5faaa7e107c6570356be25ad63bc3f433f933d1766b228bc465914c711c10220cd94d0e8f7a66ebe62640e0d866bf1163ff91a9ca94d7f83d300ec34af3e20
-
/data/data/com.ss.android.article.news/databases/ss_app_log.db-journalFilesize
12KB
MD592676dd6c1f8c306961f959123b1e430
SHA1bde8253fdb6a642aab639db0247638b83ceb98e6
SHA256575d59f95bbf6be6911e857f86ff18edf95128ead1beca51dc5056c86eff2dec
SHA5121c6ce53d93356abe684e574fe4ead9e28a564163477aa0adb771ac8b9e9f06c339f0643340c727a5c2c5465e3a7d60ce013f2c2c03658d0147c01510d5892376
-
/data/data/com.ss.android.article.news/files/lldt/firll.datFilesize
527B
MD56e042577e620251ec2dd4aeb5490840f
SHA1aa90c15088b9d09a493b6c1a7e56bf4b79751139
SHA256edcd901c86a3c48faf435c5e6186055f0c13759311f763643a9bf323f3198f8b
SHA512205ed439e01305900d5b7ee091837d1c946b453dbe4caad813687e0f2fe949ad58ebde0a3f63f781b5eba48f45809b2218e33b6defbe6896f08a5744cbdc6e27
-
/data/data/com.ss.android.article.news/files/lldt/offinfo.datFilesize
44B
MD54ddbc5dd33fb4974390075e721bc74e8
SHA1b068b63288988cc2b25c5d5c07a92494bb6bde7e
SHA25671a190fb80c3462235f2570b3cb3b3bfe71029bf27d3ef018b4b61bcd8a049dd
SHA5128d273ade647b790d90b1d623f09e6630afe7504d72ced709c8551753475aaec4b6a5f0774e3387ea7ab010aef084bc9aaa046272bd39d0a848baa7f9e8f82649
-
/data/data/com.ss.android.article.news/files/umeng_it.cacheFilesize
148B
MD57f0ac324bfe849ee6ef815c7aa2fb436
SHA161d86a4a73b0fdd21045ef43a0d3dd627a19a6eb
SHA2561f9d76cd0582a7db8f0e5bc6c57c1f836a5c9a0dc372afd4a0040e8725f018bd
SHA512d617a0fbc6561a30911e3ab80e155092b768b0e0e7e8959b306a6592ea066fc6594cc31525efeafb04af6e9fc0ab95732c77a32a0b5ec475349f20b4dc38def9
-
/storage/emulated/0/Android/data/com.snssdk.api/cache/clientudid.datFilesize
36B
MD5671d72a411dc27ed709c1cf12b9c8f8d
SHA195dfb2e3dc1e02777284612c6a0521b24a1f4d04
SHA25691d882cc7c30a0eb08653bc4a005949b47161e2b94b052888cc2bd1408baca64
SHA512140e81dfa448edcca5157e81a470188d0afdb88d2af4fb5297b74308c93096c4f28b094b5d922e51ff1aa66696dfc7eed26717e77dd6ccb3a68f16e125ee3d9c
-
/storage/emulated/0/Android/data/com.ss.android.article.news/cache/locationCache/journal.tmpFilesize
8KB
MD56ca837eb17f5906368a2848d435d1481
SHA1f52616aa0787ba2ecc800dfacd2cf6060bf04c1b
SHA2560bf29342097d776fcbf6273d36588bfcd0a70992fd9517021abbdd852e02ffe6
SHA512122337af168cf87751d3cc0e688227f1da80da74bd07e9dddd6633987c0d6c05c70791e05b66ce7eaf0301082d6f30369052d211cc70d59805d2cfae078d80da
-
/storage/emulated/0/baidu/tempdata/conlts.datFilesize
12B
MD58d80bc8ea90e9cac010d3ddf97bda5f5
SHA1f063bc0d356e6ba9ab1eb9a851131ffbefd8fa07
SHA256f52db31332534833414abd5e870f78c810b8ebbe5b134bbf599506beecfd1b93
SHA5129ea732dd572a9a4ba91b70891972230a09576687ca1bc19e62d5a98b5b84e0f2ae11985108008bc9fbccf357219b8bd3dbf146bb70752f618f70dc5d0c46a7c7
-
/storage/emulated/0/baidu/tempdata/conlts.datFilesize
164B
MD5814a311e9de0e467007d33c96d5f2bad
SHA10c500d71e8689538c2ae8e7689923b32289c4d72
SHA25657b93a8c78c976e2fe4bf1b13d51503ca32e5fe511cc9fcb160edd1814be8246
SHA5127af19b4b89e20ccfdef7ffca472b9f7c7d54a5e615c1d4753a80ac9da2697964c99ae4b35dc43e36f78514bdfab02d2b6a451c76f4b219679ec688348d73ad1d
-
/storage/emulated/0/baidu/tempdata/lcvif.datFilesize
96B
MD50b1f5c70e97c78db736611c3c81a6bb0
SHA15b09853a69edd356539c63bbdfb7fffb5fab920d
SHA2568bc8a733f1d50037fab2d685691e7b7fe7a2cd16d1b719597048dd58b8d7f940
SHA5125bcf4b570afcd350e86ed08e9d1805c761cac81b86dbb2d07dfc56bc664351e0794219ffc3dbd9d0557f26d54b767372a82e58ac106598792b79202ad6167646
-
/storage/emulated/0/baidu/tempdata/ls.db-journalFilesize
4KB
MD50c6765dfb53c2308eb7eeba4e925ec61
SHA1dc4ea9c0c6924c24d0241c1f278ac0a47dd616cc
SHA2566c3aca4ec29cdb331ac76038720e1f1bd50b8b6c90ffc12d1b56a77afb52371c
SHA5120b96fa85c1c075125285527feadbe71348838f0df44638f90b2fd829f0537db2e4eacac67231e0234d0658d975a567dfb8ed233f87b0e4da9fa701ffd10d77fa
-
/storage/emulated/0/baidu/tempdata/yoh.datFilesize
24B
MD5a936690571e9104e1922dda4a0ba5bd1
SHA165f49c57edde2f96be2a1dbdfc3f7351f1e66554
SHA256f0f5049c51879dd7da0ce4a43349b5b34ce053d072a0ca704f62cf22ba4a8412
SHA5123be1c3693963aebdfc04e86b1c820ee0ec3cf0b200e6a4788ef1141f39fd6c2f77f4227247ae4affa66c0a6c027df8466cc0dcec1e67ebfb953e36bee97de394
-
/storage/emulated/0/baidu/tempdata/yoh.datFilesize
24B
MD51681ffc6e046c7af98c9e6c232a3fe0a
SHA1d3399b7262fb56cb9ed053d68db9291c410839c4
SHA2569d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0
SHA51211bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5