Analysis
-
max time kernel
179s -
max time network
189s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
23-05-2024 08:27
Static task
static1
Behavioral task
behavioral1
Sample
6a574bd205a965a3dd98c73f298d18c8_JaffaCakes118.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
6a574bd205a965a3dd98c73f298d18c8_JaffaCakes118.apk
Resource
android-x64-20240514-en
General
-
Target
6a574bd205a965a3dd98c73f298d18c8_JaffaCakes118.apk
-
Size
22.7MB
-
MD5
6a574bd205a965a3dd98c73f298d18c8
-
SHA1
6215d46e938a8ed2283670ccd574adec4b663c37
-
SHA256
4f741736c872428c891ee892f9fa4b0ab7a98662b9b73556641a7ead144352c5
-
SHA512
85cee1ccbe351565c6acd818118db25629e113d9deeaee9038d99d347b0dd4bb8e2d48dbcc4cf17b0c08ae867309ea2ae7b0399404ecb4c50a81313bd5e8a669
-
SSDEEP
393216:033IeLpluNKBBj+Jol/XA1imiZa1cmE9dl2uFPV2TTVPEgkbRhM0mDdp7j8wS/4+:OIIXuNKBBj+wdY1cnPjFPQV8gw7LUXS1
Malware Config
Signatures
-
Queries information about running processes on the device 1 TTPs 2 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.songcw.employeecom.songcw.employee:pushcoredescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.songcw.employee Framework service call android.app.IActivityManager.getRunningAppProcesses com.songcw.employee:pushcore -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
com.songcw.employeecom.songcw.employee:pushcoredescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.songcw.employee Framework service call android.app.IActivityManager.registerReceiver com.songcw.employee:pushcore -
Checks if the internet connection is available 1 TTPs 2 IoCs
Processes:
com.songcw.employee:pushcorecom.songcw.employeedescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.songcw.employee:pushcore Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.songcw.employee -
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
Processes:
com.songcw.employee:pushcoredescription ioc process Framework API call javax.crypto.Cipher.doFinal com.songcw.employee:pushcore
Processes
-
com.songcw.employee1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
-
com.songcw.employee:pushcore1⤵
- Queries information about running processes on the device
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.songcw.employee/files/jpush_stat_history_pushcore/normal/nowrap/c0fea652-509d-4e19-8f1e-8d5f9df49f32Filesize
202B
MD5a03e2b01395bd0f36e8891d75e4be393
SHA1a3a3f728ba2d1f62a4f25280933f44ecbcfa0bc2
SHA256b3de89cc6afc1efcfe19c3d9a532be345aa40bb123975356cc7fb42fe43bf483
SHA51202e6c014018d436267e635c8ebc13d9c56097211a73a005a4f3d18a1b611078b459bb7dd0e9463f3c2eafcc43f99b7edf5db446b9ef2f1cf5f2449d9032a6138
-
/storage/emulated/0/data/.push_deviceidFilesize
159B
MD5306b4217c837344b9a44eca7ab94dee1
SHA1128d65404b0c238d2165697ec3c42ae2cde6ec7f
SHA256c737c36445b9673eeab98f882129d007d4bb0d5dbf380a6bf5cffbb79ccfea4b
SHA512f086ca279951bbc80e3ca321af471e238dde1e60b0610bf4aafb5866e0199e3c404a0cd3ee03bc9faf9d17900eb2c26ca2bd858d14a608fd95227b5ddc962812