Analysis
-
max time kernel
179s -
max time network
167s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
-
submitted
23-05-2024 00:32
General
-
Target
6927ace6eefa97350f7ad3077822f2b9_JaffaCakes118.apk
-
Size
5.7MB
-
MD5
6927ace6eefa97350f7ad3077822f2b9
-
SHA1
89ee54a4901e16e447d7525bf1cf6116b762dd7a
-
SHA256
0fdfd21b3274747a73983daa96e96996e8f7bf2bd8a205b80e441bccfecdfd62
-
SHA512
f579c83d910a4083fd796645ee6e272278b2c5c44107896c1f427f01cfe99ee7759fd63c3d1d195b510b5a17a59c43d9401ceb17f022a88f124bc5281f8bbaa7
-
SSDEEP
98304:yoHElAYE8N06nD7QzEl+El3eDi3+W8VmM3/rvkev8uhSbmLqTFSi:yoHEM6nDDwbiOW80MzOuhSbm4ki
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Requests cell location 2 TTPs 1 IoCs
Uses Android APIs to to get current cell location.
-
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar 1 TTPs 4 IoCs
Runs executable file dropped to the device during analysis.
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Checks if the internet connection is available 1 TTPs 1 IoCs
-
Reads information about phone network operator. 1 TTPs
Processes
-
com.cmge.kxxxlgw1⤵
- Requests cell location
- Loads dropped Dex/Jar
-
chmod /data/user/0/com.cmge.kxxxlgw 777&& busybox chmod /data/user/0/com.cmge.kxxxlgw 7772⤵
-
chmod /data/user/0/com.cmge.kxxxlgw 777&& busybox chmod /data/user/0/com.cmge.kxxxlgw 7772⤵
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.cmge.kxxxlgw/files/epay.jar --output-vdex-fd=56 --oat-fd=59 --oat-location=/data/user/0/com.cmge.kxxxlgw/files/oat/x86/epay.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
com.snowfish.a.a.bg1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/storage/emulated/0/Sonnenblume/res.apk --output-vdex-fd=47 --oat-fd=48 --oat-location=/storage/emulated/0/Sonnenblume/oat/x86/res.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.cmge.kxxxlgw/files/epay.jarFilesize
158KB
MD5544b4b6cfde7c5a9f28b765d2bb245ec
SHA17e12d510d4601833ce1fa979ce99325804a8dc09
SHA256f72e9cc8e96b617b7792f1cef27d078a2f1d72b52ebf92774a50a349dc15a21e
SHA51289c3222a6aaf284dcc00ae38177668bbc772e0a694f6dd32420726a30736d80ffbaac72661ee98c60ae3a2bbcdba96a3ecf0e5371bf3414d1453014ebb4c045e
-
/data/user/0/com.cmge.kxxxlgw/files/epay.jarFilesize
290KB
MD5ac2e8a38fd93de41bbb5915928e2819c
SHA17ef2a5c9ce4cbb3cb68e0c140ac196098feabe3c
SHA2564ed57a11968667db63f6fd8e39163cde60e9d4e864241d9fae065d22a8db7556
SHA5123dec9384224407b8525afc244cd291539a8c8633f9a97a177b7c803508f54d155d45dbfb671320f141d1555772357b282c3d2bbbec0e17693182eb4cc3abf7c1
-
/data/user/0/com.cmge.kxxxlgw/files/epay.jarFilesize
290KB
MD567e28a2b7ae4411e42169eaa341b8def
SHA1f18f8038e637af8bc93514599ff7dda5d76e5a26
SHA256ace471968f2c391fd60159bb056375f445dee4934a69bd967d1208d98e369f53
SHA512eaa16e007d72a01e827452e0586dba7812365fbc1fa7c62961c0b464de18f263e0c583dd11f9699fc7a9a56e0422cfc506bc670c78e1bd63f536a872d571fb15
-
/storage/emulated/0/Sonnenblume/4A72F2DFFDBD84EB0C5C797BB76AFC44Filesize
132B
MD5d9a00fff2151a163b64e8f6ea22627ff
SHA1b1cebbaf42ebb1031b06ef41c4b1fd58f7ed83ee
SHA256415d939524d8dd9ea75432ecf0d08cbae556d99259377efb86b60a5def9ae878
SHA5126b569af7330b6bd2345d34ed0a8f525d17dee38b7e69cfcbb19a5abd85431b08ce5b8bb4c22e4cfda5a0c29431278215d5ef3690ebfd5c935db791007e7a76ab
-
/storage/emulated/0/Sonnenblume/EE53AF5B170264468E95E783E26D76C2Filesize
317B
MD558a2e48a47e2340f3dc6643126aee745
SHA15f9eb061e6d1bc79e9bd0047ebf3ea5312dcb999
SHA2568970751a23d2dcc97f981672c6863a8bd0c5746a475e3c7745e39b16ff0121e9
SHA5120a2a3ad27b88f31650b1b6bf7257f343bd43c1975d8a516003f5b5c23fb0147c8f3dace30947ef2a1bf49d3170a996aa89b4b05c89a79aa011ffdfff637b2c75
-
/storage/emulated/0/Sonnenblume/EE53AF5B170264468E95E783E26D76C2Filesize
353B
MD53e0da954b484c12d6d48ef9d1397ddf3
SHA124b209e898631bf41c53adc7b1b40b1d44296759
SHA256db8d4b0c0ad54aa95cba33ea8826717e70ef6d6cc4609915a41edf116594d989
SHA512a60e9f3454ed744632d317e0e6a1c98d50e04a6d7df426e740a1103bc865a56c66c84113361d51010e7858c7cf92683514bdf611ef38003878ff4d65116f3830
-
/storage/emulated/0/Sonnenblume/EE53AF5B170264468E95E783E26D76C2Filesize
353B
MD53f4b124968b3cd03a5d5e152e14f5661
SHA10c1f548effa613d2c3a36783ae73380bcf3f24e0
SHA2569bdcb6a26571c718eb793d3e99d89f4dceb2ef082aca5b24dc173777567d79bf
SHA5129d27bb4607f1ba6e4d07ede6b7bb14875b48d93c350905bba736f2b97a2035114942f26fa76a43ecb9ed3dd93d36a7dd791e6467a8b154605dc586b92d17059b
-
/storage/emulated/0/Sonnenblume/EE53AF5B170264468E95E783E26D76C2Filesize
319B
MD50dfd4411518d5c504e639924848f0998
SHA12510ffb84b2a523c1f87ce574e3934155edf35fa
SHA256a651ac300ed2ca88c44a0414089dd8e709ecac62f1514120314233ed8700b1b1
SHA51265416394a320a7cf8ca850929d8684aeb5b5d58b83a7cb3de0be1115f9b59032fc1bd7c522b73b7c422b972662a9d2f5744a59e897d50110cf76a5d754e3c654
-
/storage/emulated/0/Sonnenblume/res.apkFilesize
335KB
MD57304676ed86ba7302add9c83aa5188e4
SHA19f7bf2ecbba8d9d5ee1bf2cda006aa9910bb422c
SHA2565262c65999ec23a99a3e176dfaf397cfded7323d00c80e0e67c3e48be3f5d38a
SHA512b15a2138f35346da77662f5109b291c33408b77e2c0952cf861c3c486cef05bf17d23366d667eed101716087e38ee5c7e8a8c3b04fd6faaf467994ccc01b83d4
-
/storage/emulated/0/Sonnenblume/res.apkFilesize
335KB
MD52bc5eedfa756ebcdedebdaa3646788e6
SHA199f113c6a451f01babfe7947c762a9072f70c24f
SHA256c90c05c7fde144fb61c4a3bc8f283195e5651f61872b083b3a6f586897726a68
SHA512c26607bae7641638a6df12b8f2d8ac28bdf29b270a58e8b5ff5909a972bb1ad4ebd1edb354c2825b5f9f504288a1a02dcde1ffffd4f815b6030ae12f2bd52b58